----- Original Message -----
From: "André Warnier" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Saturday, August 16, 2008 12:56 AM
Subject: Re: Using tabbed browsers causes session sharing
Hi guys,
shouldn't someone *explain* to the OP why this is happening ?
I mean, the different bits and pieces are there in different answers, but
maybe the "big picture" is missing to understand what and why it is
happening ?
Not knowing myself the hows and whys of Tomcat's session management, I
don't feel confident enough to attempt such an explanation on my own.
Or is it mentioned clearly somewhere in a doc that I missed ?
I just went through items 1 to 26 of the list in
http://tomcat.apache.org/tomcat-6.0-doc/index.html
and, at first sight, I don't see anything that obviously points to session
management.
Browsers are stateless, so they have no memory, they cant remember
anything...
So if you playing a game and you click refresh the browser will start
again... it would forget the score in a game, they stupid ;)
So servers give a browser a cookie... just some unique number, like
123456789
Then everytime the browser talks to the server it sends that back... then
the server stores state against that number...
So it stores say game score in a map addressed by 123456789...
So now the server knows and can remember stuff... but note that its the
server remembering, the browser just has this number...
They call this the session... and they hooked up in the browser by the
domain name... so if that is the same... the number is the same... the stuff
the server looks up is the same... so it does not change between tabs...
When security happens... it also uses the cookie... to remember that the
user has logged on... so the same process is at work.
Change domain names, use 2 browsers... or turn off cookies... so you can see
now why the other guys said all those things...
In old browsers... those invented just after the steam engine, they couldnt
do cookies, so the memory was done via urls...
If you look at how your google works... they still use that... eg:
http://www.google.com/search?hl=en&q=Sessions+in+Tomcat&btnG=Google+Search&meta=
So thats another way to remember state... but it can get quite hectic to
code compared to the nice easy TC session stuff.
Also can you see why cookies/sessions have to be set when you send that page
to a browser, and not when you just want the answer....
Its sending that unique number.... in TC if you look at the headers coming
in you will see JSessionID = huge number... thats the thing..
More or less ;)
Interesting hey.... clever people these TC dudes ;)
I hang out in many mailing lists... this is the best one ;)
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
