-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vasu,
[EMAIL PROTECTED] wrote: > Since we are using Session Attributes to keep track of User > Information - this gets mangled when we try to login to application > from the same browser (in FireFox) and Ctrl-N from IE (in other words > the person who gets logged in will overwrite the current user's > attribute thus losing first user information). Just to be sure I understand: You have an application that uses sessions. When the user logs-in in one window, then opens another window and logs-in again, the first user's session appears to go away, and both windows now point to the new login? If that's what you are describing, then it is expected behavior if you are using cookies for session management. When cookies are used, the browser sends a cookie with each request. The cookie chosen by the browser is based on the hostname and path being used for the request (say, www.mysite.com/mypath). When you login from the second window, your browser deletes the ole JSESSIONID cookie and replaces it with the new one (from the new login). Both windows will send the same cookie from then on, essentially cutting-off the first user. > So, I am wondering whether you all have any recommendations/inputs to > avoid this scenario. Thanks in advance. I did check the google and > other search tools, but could not locate anything useful. One way to get around this is to turn off the use of cookies for session tracking. Search the web or the archives of this list (or read the Tomcat docs) to see how to do this. REMEMBER that if you aren't using cookies, /every single URL to emit must be sent through HttpServletRequest.encodeURL/, otherwise clicking on a (non-encoded) link will appear to lose the session. My last question would be: why do you need to have multiple windows with separate logins? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgmSX9CaO5/Lv0PARAlh+AKCTibYLgZR9+T6DjXDNrEwMAWawpACdHfLi RNrnxDmhylsMfU/bbqWYCRo= =mlah -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
