tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sica...@WellsFargo.COM
Subject Session persistence question
Date Tue, 22 Aug 2000 20:31:05 GMT
> All:
> We have observed the following behavior:
>  
> 1. login.html accepts user information and passes if to a servlet called
> LoginHandler
> 2.  LoginHandler servlet creates a session and puts a String loginDone in
> the session object.
> 
> 	HttpSession session = request.getSession(true);
> 	session.putValue("loginDone", userName); 
> 
> 3. for every jsp and servlet we check out if the user is logged on or not,
>     If s/he is not logged on we redirect the user to login screen
> 
> 	if (loginDone == null){
> 		response.sendRedirect("/login.html");
> 	}
> 
> It works fine but the problem is when the user has already logged in and
> s/he creates a new browser instance s/he is not redirected the login
> screen because the loginDone is not null for the new browser screen. I
> want to force her to login in this case. I tried this with both IE5 and NS
> web browers.
> "session.isNew()" is false, loginDone contains the user name and
> session.getId() contains the same session id.
>       A new session is created only if we launch a different browser or
> restart the web server.
> 
>      We are using iPlanet web server 4.1 running on HP/UX. 
>      
>      So... the question is:
>     is the expected behavior for the servlet engine to encompass all
> instances of the *same* browser in the same session? Does the browser
> cache        previously hit URLs (with the embedded sessionid). We though
> that every instance of the browser would start cleanly and that it would
> know nothing about previous sessions.
>     Any assistance would be appreciated...
> 

Mime
View raw message