Solved

How to open a new window with a new session scope?

Posted on 2004-03-25
30
2,400 Views
Last Modified: 2008-07-02
Hi All

Does any of you know if is it possible to open from a browser a new window to the same Server but with different session as if you did it from the system?

Not sure if I've explained it well, if need more details just ask fot them.

:c))

Javier
0
Comment
Question by:jarasa
  • 10
  • 9
  • 9
  • +1
30 Comments
 
LVL 27

Assisted Solution

by:rrz
rrz earned 100 total points
Comment Utility
Are using cookies or URL rewriting  ?  
I don't know if you have access to the third edition of Hans Bergsten book  "JSP"
but on page 139 he writes about this  subject.  You might be able to get what you want if you use URL rewriting  and  avoid using cookies.
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
Hi rrz.

We don't use cookies, but what you mean with URL rewritting?

Javier

0
 
LVL 14

Accepted Solution

by:
kennethxu earned 300 total points
Comment Utility
>> We don't use cookies
your servlet container does! http is stateless. so the container will have to find a way to maintain a session. there are two means that every servlet container supports (required by spec), cookiee and url rewrite.

cookie is used by default, the container will set a cookie named, for example jsessionid. when you open a new window, they belongs to same browser process, the cookie is shared so you cannot have 2 different sessions with one cookie.

url rewrite requires programming efford, you need to make sure every url you placed in your page are uncoded by response.encodeURI(), which add extra info to the link so container will be able to extract session id from the link to maintain a session. as a side effect, if you don't use encodeURI when you open the new windows, you automatically get a new session.

all above should be described in the book that rrz recommended.
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
So that means that if I disable cookies on the browser each time I open a URL the server will create a new session, right?

But there is no way that you can disable cookies programatically.

Javier

P.D.: Thanks for the boolean thing :c) I'M SILLY!!

0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
correct!
>> But there is no way that you can disable cookies programatically.
you can force server to not use cookie.
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
>you can force server to not use cookie.
You can do that on the code, or just on conf?

I have to go, follow your answer tomorrow.

Javier
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
>> You can do that on the code, or just on conf?
config
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
I tried to do what I suggested in my first post. But I failed to find a way to do it.  

>if need more details just ask fot them.
If kenneth's suggestion doesn't work for you, then please do give more details.
What Objects did you want the session to hold ?
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
Well the point is that we have an application that creates a session on loging and so on, what we want to do is to be able to open a different session from the same browser like if you open a new browser from the systema and log in again, but normally browsers mantain the same session if you open a new window from it. I thougth about making a call to the system and open a new browser with the URL but I'm not really sure if that canm be done in all systems, I can do it on windows and IE but not sure if will work with linux or NS or Mozilla. That's why I asked the question here.

Javier
0
 
LVL 35

Expert Comment

by:TimYates
Comment Utility
kennethxu is right, you will need to disable cookies and rewite the URL for this...

> I thougth about making a call to the system and open a new browser with the URL

You can't do this on a client's machine...
0
 
LVL 35

Assisted Solution

by:TimYates
TimYates earned 100 total points
Comment Utility
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
Hi Tim.

Thanks for the link, it looks interesting.

>You can't do this on a client's machine...

You can, but this is in Windows and IE don't think it will work in other systems and if the client does not have IE it wont work for sure, you can check the browser that the client uses and try to open a copy of it but....

<html>
<head><title>Open new Browser</title>
<script language="JavaScript">
function openNewBrowser() {
      var Shell = new ActiveXObject("WScript.Shell");
      Shell.Run("Iexplore.exe http://www.google.com");
}
</script>
</head>
<body>
<script>
openNewBrowser();
</script>      
</body>
</html>

Javier
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
Javier thanks for sharing that windows code.  

I tried the code posted by garthman ( pointed to by Tim's link above here).  
I couldn't get it to work. I doubt it would ever work. But I would loved to be proven wrong.    

Have you considered using application scope and  implemneting your own  pseudo-sessions ?  If you like that idea (hack hack)  then I would like to help you in trying to implement it.     rrz
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
>> I tried the code posted by garthman
you need to disable cookie session tracking in tomcat server before you can use url rewrite.
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
>you need to disable cookie session tracking in tomcat server  
kenneth, How is that done ?    

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 27

Expert Comment

by:rrz
Comment Utility
Regarding the link posted by Tim,
seems to me that question contains the same requirement that  Javier has asked for here ( that is why Tim posted the link, I think ). But the accepted answer (by garthman) does not provide a solution.    
Am I right or wrong ?    rrz
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
If my memory serves me add cookies="false" as a context attrribute in server.xml
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
sorry, I'm really busy at this moment :-(
can somebody check tomcat doc and verify this? thanks!
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
Thanks for the Help guys !!!
Has been my first question here !!!

Javier
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
Thanks for the points, Javier, but knowledge of how you solved your problem would be more valuable.   Specifically I would like to know what you thought of garthman's solution( see link posted by Tim).  Also did you find out how to  disable cookie session tracking in the tomcat server as suggested by kenneth ?   If you want points for your extra time, then I will pass some to you.     rrz
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
Hehe I want no points rrz :c)

Actually I'm not really sure if is solved or not, was a question the ask me here at work and I just posted the question and delivered your good advices, I'll let you know once they tell me how did they've done it.

I just gave the points becose I think it will take some time to them to test all and find out an appropiate solution.

I promise I'll tell you.

Javier
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
Thanks Javier, but it is not just for me, it is for all readers of this database. Please think of all those that will search and find our posts in the future.  Everyone is here to learn.  rrz
0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
I know rrz and Always post the solutions, you know that, just that I don't already have it, to tell you the truth I'm affraid that Kenneth warns me becose I don't close my questions.

:cP

No serious I'll do it right away I know it.

Javier
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
>> Specifically I would like to know what you thought of garthman's solution( see link posted by Tim).

What garthman was posted is correct. actually, you should always encode your internal url if you are going to put up on html page, include links and form action. That way, you'll have your session preserved regardless of whether user agent allows cookie.

I also check the tomcat doc and yes, that's the way to disable cookie session tracking.

>> I'm affraid that Kenneth warns me becose I don't close my questions.
Am I that bad :-(
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
kenneth, thanks very much for your time here. I know you have been quite busy.  
In order to sort this matter out, I put the following two lines on my pages.

fromUrl??<%=request.isRequestedSessionIdFromURL()%><br/>
fromCookie??<%=request.isRequestedSessionIdFromCookie()%><br/>  

Of course the initial response(in either browser) is always
fromUrl??false
fromCookie??false  
because the user agent has not joined the session yet and the session is new.  

>I also check the tomcat doc and yes, that's the way to disable cookie session tracking.
Yes, I agree. But I could not get the IE6 browser to agree.  

In Netscape 7.1  cookie control is finer.
So, I can deny the session cookie and  results in second page are  
fromUrl??true
fromCookie??false  

But in IE6 I could not get those results under any circumstances( but please prove me wrong).
Even using "Advanced Privacy Settings"
and checking both "overriding automatic cookie handling" and "block" all cookies.
The results in IE6 are always  
fromUrl??false
fromCookie??true    

Please comment.    rrz
0
 
LVL 27

Expert Comment

by:rrz
Comment Utility
My second page, is what garthman called   NewPage.jsp.    rrz
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
I'll find time to test, no promise on date and time :)
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
It works for me. I have tomcat 4.1.18, used the examles context. tested before and after set cookies="false" in server.xml
No setting change in IE6 and it works. You might want to clear IE cookie and test again.

a.jsp:
<% session.setAttribute("test", "This is a test string" ); %>
<a href="<%=response.encodeURL( "b.jsp" )%>">b.jsp</a>

b.jsp:
test attribute: <%=session.getAttribute("test")%><p>
fromUrl??<%=request.isRequestedSessionIdFromURL()%><br>
fromCookie??<%=request.isRequestedSessionIdFromCookie()%><p>  
<a href="<%=response.encodeURL( "b.jsp" )%>">b.jsp again</a>

0
 
LVL 6

Author Comment

by:jarasa
Comment Utility
>Am I that bad :-(
I'm totally sure you're not.

My colleges are trying to implement the Javascript method I told them, becose they just want to create a new seesion on a special link on their application, as if they set cokies to false on the server they must encode all their URL and that will be too much work since is a production project.

I guess they should figured it out before they started the develop of it but no is to late to make that huge change.

But I think is a good thing to know all this we're talking about, I'm gald I asked this question I've learned a lot.

Thanks again to all of you.

Javier
0
 
LVL 14

Expert Comment

by:kennethxu
Comment Utility
it's good to refresh my mind on that. thanks to your too, Javire.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now