struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kramer, Gary" <>
Subject RE: session ids cont...
Date Thu, 01 Feb 2001 22:27:24 GMT
When I try Netscape4.7, it gives me different sessions IDs.  As I understand it, the session
id is assigned by Tomcat (i.e. jsessionid=asdkfjl), not by the browsers.   If you disable
cookie use in Tomcat and there is no jsessionid parameter in the URL, then Tomcat cannot link
your request to any session and therefore has no choice but to create a new session.

Your explanation of using <html:link> and rewriting within a session is exactly what
I'm doing (or trying to do).  I also put in some defensive code to determine if the user messed
with the URL or created a new browser with the same URL.  I put code in my Form bean's reset
method to double check that the request that is coming in actually applies to the object the
user was last working on.  This also defends against some of the problems caused by hitting
the back and forward buttons.  Still, very annoying.

-----Original Message-----
From: Peter Alfors
Sent: 2/1/01 5:11 PM
Subject: Re: session ids cont...

I added the "noCookies" attribute and set it to "true".  However, the
instances of Netscape 4.7 still show that they are using the same
I.E. 5.0 does display different session ID still.

see notes below...

"Craig R. McClanahan" wrote:

> Peter Alfors wrote:
> > "Kramer, Gary" wrote:
> >
> > >
> > >
> > >
> > > I had similiar problems.  You need to turn off the use of Cookies
> > > your server (in Tomcat this setting is in server.xml).   When the
> > > opens 2 browsers, they will always have different session ids in
> > > IE and Netscape since the first URL they will use will not have a
> > > session id included.
> > >
> >
> > How do I turn off the use of cookies in the server.xml?  I only see
> > location where cookies are mentioned.
> >         <!-- Request processing -->
> >         <!-- Session interceptor will extract the session id from
> > cookies and
> >              deal with URL rewriting ( by fixing the URL )
> >           -->
> >         <RequestInterceptor
> >             className="org.apache.tomcat.request.SessionInterceptor"
> >
> > Do I comment out this section?
> >
> For Tomcat 3.2.1 there is a noCookies attribute on this entry that
> to "false".  You need to set it to "true":
>     <RequestInterceptor
>         className="org.apache.tomcat.request.SessionInterceptor"
>         noCookies="true"/>
> NOTE:  Using URL rewriting does *not* catch every case of multiple
> sharing session ids.  Consider that the user can right-click on a
> (containing the session id) and select "Open in New Window".  Because
> hyperlink being clicked had a session id in it already, the new window
> still be part of the old session -- so your app logic needs to be
ready to
> deal with this.

So it sounds like what I am looking for is to get the browser instances
(IE and
Netscape) to generate unique session ids. Then, I need to perform
for all of my links within the webapp.  This will solve my problem if
the user
has opened up multiple browser instances (from the desktop, not through
--> new--> Window).
I can use the <html:link> tag to accomplish this throughout the site.

However, I will also need to add some sort of "smarts" to the app to
handle the
possibility that the user opened a new browser instance from the (file
--> new
--> Window) option.

Am I on the right track?  (sorry if I sound so confused, but I am)  :)

> Craig McClanahan
 <<Card for Peter Alfors>> 

View raw message