How to open a new window with a new session scope?

Hi All

Does any of you know if is it possible to open from a browser a new window to the same Server but with different session as if you did it from the system?

Not sure if I've explained it well, if need more details just ask fot them.

:c))

Javier
LVL 6
jarasaAsked:
Who is Participating?
 
kennethxuConnect With a Mentor Commented:
>> We don't use cookies
your servlet container does! http is stateless. so the container will have to find a way to maintain a session. there are two means that every servlet container supports (required by spec), cookiee and url rewrite.

cookie is used by default, the container will set a cookie named, for example jsessionid. when you open a new window, they belongs to same browser process, the cookie is shared so you cannot have 2 different sessions with one cookie.

url rewrite requires programming efford, you need to make sure every url you placed in your page are uncoded by response.encodeURI(), which add extra info to the link so container will be able to extract session id from the link to maintain a session. as a side effect, if you don't use encodeURI when you open the new windows, you automatically get a new session.

all above should be described in the book that rrz recommended.
0
 
rrzConnect With a Mentor Commented:
Are using cookies or URL rewriting  ?  
I don't know if you have access to the third edition of Hans Bergsten book  "JSP"
but on page 139 he writes about this  subject.  You might be able to get what you want if you use URL rewriting  and  avoid using cookies.
0
 
jarasaAuthor Commented:
Hi rrz.

We don't use cookies, but what you mean with URL rewritting?

Javier

0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
jarasaAuthor Commented:
So that means that if I disable cookies on the browser each time I open a URL the server will create a new session, right?

But there is no way that you can disable cookies programatically.

Javier

P.D.: Thanks for the boolean thing :c) I'M SILLY!!

0
 
kennethxuCommented:
correct!
>> But there is no way that you can disable cookies programatically.
you can force server to not use cookie.
0
 
jarasaAuthor Commented:
>you can force server to not use cookie.
You can do that on the code, or just on conf?

I have to go, follow your answer tomorrow.

Javier
0
 
kennethxuCommented:
>> You can do that on the code, or just on conf?
config
0
 
rrzCommented:
I tried to do what I suggested in my first post. But I failed to find a way to do it.  

>if need more details just ask fot them.
If kenneth's suggestion doesn't work for you, then please do give more details.
What Objects did you want the session to hold ?
0
 
jarasaAuthor Commented:
Well the point is that we have an application that creates a session on loging and so on, what we want to do is to be able to open a different session from the same browser like if you open a new browser from the systema and log in again, but normally browsers mantain the same session if you open a new window from it. I thougth about making a call to the system and open a new browser with the URL but I'm not really sure if that canm be done in all systems, I can do it on windows and IE but not sure if will work with linux or NS or Mozilla. That's why I asked the question here.

Javier
0
 
TimYatesCommented:
kennethxu is right, you will need to disable cookies and rewite the URL for this...

> I thougth about making a call to the system and open a new browser with the URL

You can't do this on a client's machine...
0
 
jarasaAuthor Commented:
Hi Tim.

Thanks for the link, it looks interesting.

>You can't do this on a client's machine...

You can, but this is in Windows and IE don't think it will work in other systems and if the client does not have IE it wont work for sure, you can check the browser that the client uses and try to open a copy of it but....

<html>
<head><title>Open new Browser</title>
<script language="JavaScript">
function openNewBrowser() {
      var Shell = new ActiveXObject("WScript.Shell");
      Shell.Run("Iexplore.exe http://www.google.com");
}
</script>
</head>
<body>
<script>
openNewBrowser();
</script>      
</body>
</html>

Javier
0
 
rrzCommented:
Javier thanks for sharing that windows code.  

I tried the code posted by garthman ( pointed to by Tim's link above here).  
I couldn't get it to work. I doubt it would ever work. But I would loved to be proven wrong.    

Have you considered using application scope and  implemneting your own  pseudo-sessions ?  If you like that idea (hack hack)  then I would like to help you in trying to implement it.     rrz
0
 
kennethxuCommented:
>> I tried the code posted by garthman
you need to disable cookie session tracking in tomcat server before you can use url rewrite.
0
 
rrzCommented:
>you need to disable cookie session tracking in tomcat server  
kenneth, How is that done ?    

0
 
rrzCommented:
Regarding the link posted by Tim,
seems to me that question contains the same requirement that  Javier has asked for here ( that is why Tim posted the link, I think ). But the accepted answer (by garthman) does not provide a solution.    
Am I right or wrong ?    rrz
0
 
kennethxuCommented:
If my memory serves me add cookies="false" as a context attrribute in server.xml
0
 
kennethxuCommented:
sorry, I'm really busy at this moment :-(
can somebody check tomcat doc and verify this? thanks!
0
 
jarasaAuthor Commented:
Thanks for the Help guys !!!
Has been my first question here !!!

Javier
0
 
rrzCommented:
Thanks for the points, Javier, but knowledge of how you solved your problem would be more valuable.   Specifically I would like to know what you thought of garthman's solution( see link posted by Tim).  Also did you find out how to  disable cookie session tracking in the tomcat server as suggested by kenneth ?   If you want points for your extra time, then I will pass some to you.     rrz
0
 
jarasaAuthor Commented:
Hehe I want no points rrz :c)

Actually I'm not really sure if is solved or not, was a question the ask me here at work and I just posted the question and delivered your good advices, I'll let you know once they tell me how did they've done it.

I just gave the points becose I think it will take some time to them to test all and find out an appropiate solution.

I promise I'll tell you.

Javier
0
 
rrzCommented:
Thanks Javier, but it is not just for me, it is for all readers of this database. Please think of all those that will search and find our posts in the future.  Everyone is here to learn.  rrz
0
 
jarasaAuthor Commented:
I know rrz and Always post the solutions, you know that, just that I don't already have it, to tell you the truth I'm affraid that Kenneth warns me becose I don't close my questions.

:cP

No serious I'll do it right away I know it.

Javier
0
 
kennethxuCommented:
>> Specifically I would like to know what you thought of garthman's solution( see link posted by Tim).

What garthman was posted is correct. actually, you should always encode your internal url if you are going to put up on html page, include links and form action. That way, you'll have your session preserved regardless of whether user agent allows cookie.

I also check the tomcat doc and yes, that's the way to disable cookie session tracking.

>> I'm affraid that Kenneth warns me becose I don't close my questions.
Am I that bad :-(
0
 
rrzCommented:
kenneth, thanks very much for your time here. I know you have been quite busy.  
In order to sort this matter out, I put the following two lines on my pages.

fromUrl??<%=request.isRequestedSessionIdFromURL()%><br/>
fromCookie??<%=request.isRequestedSessionIdFromCookie()%><br/>  

Of course the initial response(in either browser) is always
fromUrl??false
fromCookie??false  
because the user agent has not joined the session yet and the session is new.  

>I also check the tomcat doc and yes, that's the way to disable cookie session tracking.
Yes, I agree. But I could not get the IE6 browser to agree.  

In Netscape 7.1  cookie control is finer.
So, I can deny the session cookie and  results in second page are  
fromUrl??true
fromCookie??false  

But in IE6 I could not get those results under any circumstances( but please prove me wrong).
Even using "Advanced Privacy Settings"
and checking both "overriding automatic cookie handling" and "block" all cookies.
The results in IE6 are always  
fromUrl??false
fromCookie??true    

Please comment.    rrz
0
 
rrzCommented:
My second page, is what garthman called   NewPage.jsp.    rrz
0
 
kennethxuCommented:
I'll find time to test, no promise on date and time :)
0
 
kennethxuCommented:
It works for me. I have tomcat 4.1.18, used the examles context. tested before and after set cookies="false" in server.xml
No setting change in IE6 and it works. You might want to clear IE cookie and test again.

a.jsp:
<% session.setAttribute("test", "This is a test string" ); %>
<a href="<%=response.encodeURL( "b.jsp" )%>">b.jsp</a>

b.jsp:
test attribute: <%=session.getAttribute("test")%><p>
fromUrl??<%=request.isRequestedSessionIdFromURL()%><br>
fromCookie??<%=request.isRequestedSessionIdFromCookie()%><p>  
<a href="<%=response.encodeURL( "b.jsp" )%>">b.jsp again</a>

0
 
jarasaAuthor Commented:
>Am I that bad :-(
I'm totally sure you're not.

My colleges are trying to implement the Javascript method I told them, becose they just want to create a new seesion on a special link on their application, as if they set cokies to false on the server they must encode all their URL and that will be too much work since is a production project.

I guess they should figured it out before they started the develop of it but no is to late to make that huge change.

But I think is a good thing to know all this we're talking about, I'm gald I asked this question I've learned a lot.

Thanks again to all of you.

Javier
0
 
kennethxuCommented:
it's good to refresh my mind on that. thanks to your too, Javire.
0
All Courses

From novice to tech pro — start learning today.