Hello, you can use the Sevlet API. First call invalidate() on the actual HttpSession instance and then getSession(true) on the request object (HttpServletRequest) to start a new session.
Nicolas Romantzoff schrieb: > Thats a problem in your server code... > > Session is binded to a connection (browser session) basically, not a > machine. > If you open a second browser (or a second tab) you should get a different > session-id. That's dependent on the browser and maybe the user settings. I'am using Firefox and I'am happy, that Firefox uses the same session in all windows for the same host. > Don't use JSESSIONID in url parameters, but in session cookie (unless you > need to cross protocols like http <-> https) Shouldn't this be transparent to the developper? > For security, you will have to bind an 'ending' date to the session's > authentication. Isn't the session timeout enough? > Nicolas Romantzoff > General Manager > Tél.: (+33) 478 53 65 17 > > > -----Original Message----- > From: Vishnu Vardhana Reddy [mailto:vishnu...@gmail.com] > Sent: Friday, 19 December, 2008 12:55 > To: users@tomcat.apache.org > Subject: how to invalidate old sessions when new user access appl on same > machine > > > hi all, > > I am using Mozilla browser to access my web application.User one access my > application using his credentials .but i left that browser open.after that I > am opening the another Mozilla window and accessing my application using > different credentials ex:user2 credentials .user 2 also can access my > application.but when i open the first browser ..am automatically getting > second user session.how can we avoid this problem. > > Application is using session identifier(jSessionID) as the URL parameter for > session management. > > is it possible to invalidate the old session when new user access on same > machine. > > thanks, > Vishnu > -- > View this message in context: > http://www.nabble.com/how-to-invalidate-old-sessions-when-new-user-access-ap > pl-on-same-machine-tp21090090p21090090.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > _____ > > avast! Antivirus <http://www.avast.com> : Outbound message clean. > > > Virus Database (VPS): 081218-0, 2008-12-18 > Tested on: 2008-12-19 13:54:20 > avast! - copyright (c) 1988-2008 ALWIL Software. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
