Help with sessions in jsp and servlets

I seem to have a problem that im overwriting my sessions i have a shopping cart system.

When i log on to my web application from 2 different browser windows i seem to be getting the seconds information in the first window e.g one is user id 30 and when i get the user id in the second window im also gettin 30.

Not very familiar with sessions and how they work!

Need help with this as i thought theywould be unique for each user. .... but dont seem to be .  Any one any ideas?
Who is Participating?
You are right in saying that sessions are unique to each user. Your problem is because the although you have 2 windows open, it's still just the one browser that is running them so that when you make a request, the same session identification is still being sent, so the server regards you as one user.

A good example is EE, if you login to EE in one window and then open a new blank window and cut and paste the url of the logged in page, you will see that you are logged-in in the second window even though you only logged in the first! This is because your computer is running the one web-browser that is running 2 windows (or tabs if you've seen the light and use Firefox!)

If you want to test the application, you either need to do it with different computers or different browsers on the the same computer, I recommend having a bunch of different browsers, IE, FF and Opera for a start and using them.
climbingjaffaAuthor Commented:
I also have a shopping cart item in a session would this ave anything to do with it.

Can you have more than one session e.g. a user session and a cart session.

Hi climbingjaffa,

If you are using 2 different windows but the same browser, then you will get the same session as the session information is shared across the program. But if you use 2 different browsers, e.g. Internet Explorer and Firefox, at the same time you will see that they have different sessions and session Ids.
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

>>Can you have more than one session e.g. a user session and a cart session.

Nope, you get one HttpSession object. But your session can be as large as you like so you can put both the users information into the session as well as the shopping cart.


UserInfo userBean = new UserInfo("brs" , "expert") ;//imaginary user javabean
ShoppingCart cartBean = new ShoppingCart();//imaginary shopping cart bean
cartBean.add("pair of socks") ;
session.setAttribute( "user" , userBean) ;//add to session
session.setAttribute( "cart" , cartBean ) ;

then in another page,  to get our user and cart beans back

UserInfo userBean = (UserBean)session.getAttribute("user") ;
ShoppingCart cartBean = (ShoppingCart )session.getAttribute("cart") ;

This use of session means that the information is stored in the session of that user (which is on the server) so no one else can see it, only the person with the correct session id (typically specified by a cookie that your server automatically sets, but you don't need to worry about that).
climbingjaffaAuthor Commented:
Ok that gives me a better understanding of what going on.  What happens with regards to when the session looses the info e.g. is it after 3o mins of inactivity .

Or should you clear the sessions yourself?  
you can set the session to timeout at a specified interval ( usually its set at the app server level). most of the time it is set as 30 mins...
so if there is no activity for 30 mins in a particular session then it will expire automatically..
>>What happens with regards to when the session looses the info e.g. is it after 3o mins of inactivity .

Then the server deletes the information stored in the session and the session itself  and frees up that memory. This happens when the either you call session.invalidate(); or the server does when the period of inactivity reaches the duration you set, which is as you mention typically 30 minutes.

>>Or should you clear the sessions yourself?  
Depends. It's up to you really. Unless you have a website experiencing a lot of hits and you use the session intensely, you can leave it to the server to destroy the session. Just bring down the session duration to about 10-15 minutes to be safe. The only time I would destroy the session myself is when there is important information in there such as credit card details. Then once the purchase has been made, I would remove the information and kill the sessiOn to make sure.

Cheers ClimbingJaffa, and good luck
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.