Session for Login Module
Hi,
I have created Login module for my J2EE Web Application. It prohibits the multiple login. It means that if you have been logged in to the system from PC 1, you can log in from PC 2 but with warning. If you log in from PC 2, the session is granted to you and the PC 1 session is invalidated. it works well :).
Now, my problem is this....
I simulate the situation in one PC. I open two browsers. It works perfect, only one browser can connect to my system. However, problem comes if after I log in, I choose File->New in IE. It seems that the session is duplicated and both valid.
Any Idea?
Regards
Dave
I have created Login module for my J2EE Web Application. It prohibits the multiple login. It means that if you have been logged in to the system from PC 1, you can log in from PC 2 but with warning. If you log in from PC 2, the session is granted to you and the PC 1 session is invalidated. it works well :).
Now, my problem is this....
I simulate the situation in one PC. I open two browsers. It works perfect, only one browser can connect to my system. However, problem comes if after I log in, I choose File->New in IE. It seems that the session is duplicated and both valid.
Any Idea?
Regards
Dave
Mick Barry
Yes each instance of IE (containing possibly multiple windows) will share the same session when using cookies to manage sessions.
If you use URL rewriting it is the other way round, and each window has its own session.
ASKER
Hi objects,
So do you mean that for each PC, the session is only one and shared by many IE instances? Is this the behavior for all browsers (Mozilla, Netscape and etc)?
Regards
Dave
So do you mean that for each PC, the session is only one and shared by many IE instances? Is this the behavior for all browsers (Mozilla, Netscape and etc)?
Regards
Dave
ASKER
Hi,
ohhhh.....I get you objects...thx :)
So if you use File->New, the session will be shared but if you open a new IE from iexplore.exe, it will have its own session.
Thus,
" I choose File->New in IE. It seems that the session is duplicated and both valid."
has no solution to invalidate the session, correct?
Regards
Dave
ohhhh.....I get you objects...thx :)
So if you use File->New, the session will be shared but if you open a new IE from iexplore.exe, it will have its own session.
Thus,
" I choose File->New in IE. It seems that the session is duplicated and both valid."
has no solution to invalidate the session, correct?
Regards
Dave
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>So do you mean that for each PC, the session is only one and shared by many IE instances? Is this the behavior for all browsers (Mozilla, Netscape and etc)?
Yes. All instances of a browser will share the same directory for storing cookies. This means that if a sesssion cookie has been assigned to you, all instances of THAT browser will share the same sesssion. Another browser would have a different session as it would have a different cookie, but again, all instances for that browser will share the same session cookie.
Not forgetting, of course, that if you use Url-rewriting, it's different ;-)
Yes. All instances of a browser will share the same directory for storing cookies. This means that if a sesssion cookie has been assigned to you, all instances of THAT browser will share the same sesssion. Another browser would have a different session as it would have a different cookie, but again, all instances for that browser will share the same session cookie.
Not forgetting, of course, that if you use Url-rewriting, it's different ;-)
ASKER
Hi,
Thx bloodredsun....but now I am confused. Let me try to find some materials to be read on :). I will ask questions again if I am in doubt.
Regards
Dave
Thx bloodredsun....but now I am confused. Let me try to find some materials to be read on :). I will ask questions again if I am in doubt.
Regards
Dave
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi All,
Thanks for your message :). I read some materials and would like to confirm with you all several things.
1. For session tracking, there are two different behavior, one is using cookie-enabled browser and another one is using URL rewriting (response.encodeURL). Am I on the right track?
2. Now, for the cookie-enabled browser, the session will be shared by all IE.
>> "if you/your browser is using cookie based session tracking, then the sesison will be shared between all instances of the browser" (bloodredsun)
But if you use URL rewriting, the session will not be shared but only specific to one IE (one session -> one IE), am I right? What happen if I am opening a new browser by File->New, will the session be specific to each browser using IE.
Thanks.
Regards
Dave
Thanks for your message :). I read some materials and would like to confirm with you all several things.
1. For session tracking, there are two different behavior, one is using cookie-enabled browser and another one is using URL rewriting (response.encodeURL). Am I on the right track?
2. Now, for the cookie-enabled browser, the session will be shared by all IE.
>> "if you/your browser is using cookie based session tracking, then the sesison will be shared between all instances of the browser" (bloodredsun)
But if you use URL rewriting, the session will not be shared but only specific to one IE (one session -> one IE), am I right? What happen if I am opening a new browser by File->New, will the session be specific to each browser using IE.
Thanks.
Regards
Dave
ASKER
Hi,
After all my experiences, now I know that I am not good in session concepts :).
Regards
Dave
After all my experiences, now I know that I am not good in session concepts :).
Regards
Dave
1. correct
2. with url rewriting the session id is passed in the url, so if a browser window sends a request including the session id of another window then it will share that session. On the other hand if it sends a request with no session id in the url then a new session will get created.
2. with url rewriting the session id is passed in the url, so if a browser window sends a request including the session id of another window then it will share that session. On the other hand if it sends a request with no session id in the url then a new session will get created.
ASKER
Okay,
I read additional materials. Well there are three techniques you can do to store your session info i.e. URL Rewriting, Cookies and Hidden Form.
URL Rewriting is excellent if user disabled cookie and bad if you use bookmark in your IE.
Cookie is good but limited to only 4K in size.
Hidden Form is the least famous method to be used.
Okay, I can understand that :). Thx to you all.
Now, I just do not understand the concept of session in the browser. I am sorry if I am repeating the question that you all have answered but I can't understand it.
1. In one PC, there is one cookie directory to be shared by all browsers. The cookie directory may contain several session uniquely identified by its session ID (Not sure about it).
2. If the cookie is disabled, we can use URL rewriting to identify the session ID in the URL itself.
Are my statements right?
Question
----------
1. What happen if you use File->New in IE, will the new instance of IE have the same session ID with the previous one where the user execute File->New?
2. If I am opening the new IE NOT from File->New, will it create the new instance of session ID (if necessary)?
Thanks
Regards
Dave
I read additional materials. Well there are three techniques you can do to store your session info i.e. URL Rewriting, Cookies and Hidden Form.
URL Rewriting is excellent if user disabled cookie and bad if you use bookmark in your IE.
Cookie is good but limited to only 4K in size.
Hidden Form is the least famous method to be used.
Okay, I can understand that :). Thx to you all.
Now, I just do not understand the concept of session in the browser. I am sorry if I am repeating the question that you all have answered but I can't understand it.
1. In one PC, there is one cookie directory to be shared by all browsers. The cookie directory may contain several session uniquely identified by its session ID (Not sure about it).
2. If the cookie is disabled, we can use URL rewriting to identify the session ID in the URL itself.
Are my statements right?
Question
----------
1. What happen if you use File->New in IE, will the new instance of IE have the same session ID with the previous one where the user execute File->New?
2. If I am opening the new IE NOT from File->New, will it create the new instance of session ID (if necessary)?
Thanks
Regards
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thx objects.
Things are better for me. I will accept the answer in the next few hours....lunch time :)
Regards
Dave
Things are better for me. I will accept the answer in the next few hours....lunch time :)
Regards
Dave
> lunch time :)
u must be close, what part of the world?
u must be close, what part of the world?
ASKER
Hi objects,
I am in Singapore :). However, today I am going to have lunch quite early haha :).
Regards
Dave
I am in Singapore :). However, today I am going to have lunch quite early haha :).
Regards
Dave
ASKER
Hi,
Thanks object...I decided to split the points :). Anyway, which part of Australia you are from?
Regards
Dave
Thanks object...I decided to split the points :). Anyway, which part of Australia you are from?
Regards
Dave
ASKER
Anyone is feeling unfair :) ? Just let me know
Regards
Dave
Regards
Dave
I'm in Sydney :)