?
Solved

Session for Login Module

Posted on 2005-05-04
20
Medium Priority
?
435 Views
Last Modified: 2008-02-28
Hi,

I have created Login module for my J2EE Web Application. It prohibits the multiple login. It means that if you have been logged in to the system from PC 1, you can log in from PC 2 but with warning. If you log in from PC 2, the session is granted to you and the PC 1 session is invalidated. it works well :).

Now, my problem is this....

I simulate the situation in one PC. I open two browsers. It works perfect, only one browser can connect to my system. However, problem comes if after I log in, I choose File->New in IE. It seems that the session is duplicated and both valid.

Any Idea?

Regards
Dave
0
Comment
Question by:suprapto45
  • 10
  • 6
  • 2
  • +2
20 Comments
 
LVL 92

Expert Comment

by:objects
ID: 13924801
Yes each instance of IE (containing possibly multiple windows) will share the same session when using cookies to manage sessions.
0
 
LVL 92

Expert Comment

by:objects
ID: 13924810
If you use URL rewriting it is the other way round, and each window has its own session.
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13924815
Hi objects,

So do you mean that for each PC, the session is only one and shared by many IE instances? Is this the behavior for all browsers (Mozilla, Netscape and etc)?

Regards
Dave
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 16

Author Comment

by:suprapto45
ID: 13924823
Hi,

ohhhh.....I get you objects...thx :)

So if you use File->New, the session will be shared but if you open a new IE from iexplore.exe, it will have its own session.


Thus,
" I choose File->New in IE. It seems that the session is duplicated and both valid."
has no solution to invalidate the session, correct?

Regards
Dave
0
 
LVL 29

Assisted Solution

by:bloodredsun
bloodredsun earned 800 total points
ID: 13924873
>>So if you use File->New, the session will be shared but if you open a new IE from iexplore.exe, it will have its own session.

No.

What objects meant was that if you/your browser is using cookie based session tracking, then the sesison will be shared between all instances of the browser (whether they are tabs/new windows or what ever) as the browser instances share the cookie.

BUT, if you are using url-rewriting, where the session id id stored in the url, e.g. http://mysite.com/here/hello.jsp;jsessionid=123456789, this means that you can have multiple sessions in your browser as you might have one wondow that says:
http://mysite.com/here/hello.jsp;jsessionid=123456789
and another that says:
http://mysite.com/here/hello.jsp;jsessionid=987654321

which is two separate sessions.
0
 
LVL 29

Expert Comment

by:bloodredsun
ID: 13924888
>>So do you mean that for each PC, the session is only one and shared by many IE instances? Is this the behavior for all browsers (Mozilla, Netscape and etc)?

Yes. All instances of a browser will share the same directory for storing cookies. This means that if a sesssion cookie has been assigned to you, all instances of THAT browser will share the same sesssion. Another browser would have a different session as it would have a different cookie, but again, all instances for that browser will share the same session cookie.

Not forgetting, of course, that if you use Url-rewriting, it's different ;-)
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13924897
Hi,

Thx bloodredsun....but now I am confused. Let me try to find some materials to be read on :). I will ask questions again if I am in doubt.

Regards
Dave
0
 
LVL 30

Assisted Solution

by:Mayank S
Mayank S earned 120 total points
ID: 13925048
>> Is this the behavior for all browsers (Mozilla, Netscape and etc)?

Man, if that were not the case, I would go mad ;-) if that were not there, then opening a link in a new window would also not work with the same session. And in that case, I wonder how I would manage to retain the same session if I open 10 EE questions in 10 new windows and ten yahoo mails in ten new Yahoo windows.... :-)
0
 
LVL 15

Assisted Solution

by:aozarov
aozarov earned 280 total points
ID: 13930696
Hi bloodredsun :-)
I might be wrong here (as I didn't deal with it for a while) but I think the statement "Yes. All instances of a browser will share the same directory for storing cookies” doesn’t always apply in the case of Http sessions. If the session was created using a transient cookie (which is stored only in the memory of the browser) then that session will be visible only to that instance (and in the case of IE any other instances that were created using File->New as they share the same memory space). Such configuration is a vendor specific (e.g. for Weblogic -> http://e-docs.bea.com/wls/docs81/webapp/sessions.html [see Configuring WebLogic Server Session Cookies]).
Not sure what is the default for Tomcat or where you can configure it, anyone knows?
Do you think otherwise?
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13932369
Hi All,

Thanks for your message :). I read some materials and would like to confirm with you all several things.

1. For session tracking, there are two different behavior, one is using cookie-enabled browser and another one is using URL rewriting (response.encodeURL). Am I on the right track?

2. Now, for the cookie-enabled browser, the session will be shared by all IE.
>> "if you/your browser is using cookie based session tracking, then the sesison will be shared between all instances of the browser" (bloodredsun)
But if you use URL rewriting, the session will not be shared but only specific to one IE (one session -> one IE), am I right? What happen if I am opening a new browser by File->New, will the session be specific to each browser using IE.

Thanks.

Regards
Dave
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13932372
Hi,

After all my experiences, now I know that I am not good in session concepts :).

Regards
Dave
0
 
LVL 92

Expert Comment

by:objects
ID: 13932388
1. correct

2. with url rewriting the session id is passed in the url, so if a browser window sends a request including the session id of another window then it will share that session. On the other hand if it sends a request with no session id in the url then a new session will get created.
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13932458
Okay,

I read additional materials. Well there are three techniques you can do to store your session info i.e. URL Rewriting, Cookies and Hidden Form.

URL Rewriting is excellent if user disabled cookie and bad if you use bookmark in your IE.
Cookie is good but limited to only 4K in size.
Hidden Form is the least famous method to be used.

Okay, I can understand that :). Thx to you all.
Now, I just do not understand the concept of session in the browser. I am sorry if I am repeating the question that you all have answered but I can't understand it.

1. In one PC, there is one cookie directory to be shared by all browsers. The cookie directory may contain several session uniquely identified by its session ID (Not sure about it).
2. If the cookie is disabled, we can use URL rewriting to identify the session ID in the URL itself.

Are my statements right?

Question
----------
1. What happen if you use File->New in IE, will the new instance of IE have the same session ID with the previous one where the user execute File->New?
2. If I am opening the new IE NOT from File->New, will it create the new instance of session ID (if necessary)?

Thanks

Regards
Dave
0
 
LVL 92

Accepted Solution

by:
objects earned 800 total points
ID: 13932599
1. y
2. y (the session actually gets created on the server)

The session is a server side concept, the above techniques are used so the session id associated with a request is included in the request. The browser itself doesn't specially treat anything related to the session.
Without the session id somewhere in the request the server does not know what session it is related to (and typicically would start a new session)
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13932708
Thx objects.

Things are better for me. I will accept the answer in the next few hours....lunch time :)

Regards
Dave
0
 
LVL 92

Expert Comment

by:objects
ID: 13932821
> lunch time :)

u must be close, what part of the world?
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13932879
Hi objects,

I am in Singapore :). However, today I am going to have lunch quite early haha :).

Regards
Dave
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13933329
Hi,

Thanks object...I decided to split the points :). Anyway, which part of Australia you are from?

Regards
Dave
0
 
LVL 16

Author Comment

by:suprapto45
ID: 13933334
Anyone is feeling unfair :) ? Just let me know
Regards
Dave
0
 
LVL 92

Expert Comment

by:objects
ID: 13933342
I'm in Sydney :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Suggested Courses
Course of the Month15 days, 5 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question