-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nicolas,
Nicolas Romantzoff wrote:
> Session is binded to a connection (browser session) basically, not a
> machine.
> If you open a second browser (or a second tab) you should get a different
> session-id.
That's debatable, and depends on applicatio
André Warnier wrote:
Well, user1 should not leave his window open when he goes off to drink
a coffee.
Unless he locks workstation when not in use.
No, not in the closet, e.g. with password protected screensaver ;-)
--
Mikolaj Rydzewski
Hello,
you can use the Sevlet API. First call invalidate() on the actual
HttpSession instance and then getSession(true) on the request object
(HttpServletRequest) to start a new session.
Nicolas Romantzoff schrieb:
> Thats a problem in your server code...
>
> Session is binded to a connection (b
Thats a problem in your server code...
Session is binded to a connection (browser session) basically, not a
machine.
If you open a second browser (or a second tab) you should get a different
session-id.
Don't use JSESSIONID in url parameters, but in session cookie (unless you
need to cross protoco
well .that true but we cant say it to customer ..they do how they like .but
we have to restrict it ..
thats is i want ..if user forgot to logout ..that case ..
awarnier wrote:
>
> Vishnu Vardhana Reddy wrote:
>> hi all,
>>
>> I am using Mozilla browser to access my web application.User one acce
Vishnu Vardhana Reddy wrote:
hi all,
I am using Mozilla browser to access my web application.User one access my
application using his credentials .but i left that browser open.after that I
am opening the another Mozilla window and accessing my application using
different credentials ex:user2 cre
