Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 67124 invoked from network); 14 Aug 2002 09:28:41 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 14 Aug 2002 09:28:41 -0000 Received: (qmail 23123 invoked by uid 97); 14 Aug 2002 09:28:52 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 23107 invoked by uid 97); 14 Aug 2002 09:28:52 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 23095 invoked by uid 98); 14 Aug 2002 09:28:51 -0000 X-Antivirus: nagoya (v4198 created Apr 24 2002) Message-ID: <70DD0724686ED611ACC70050228A1ECA06DBE8@SRV_1> From: Andreas Mohrig To: 'Tomcat Users List' Subject: RE: Session and IP Date: Wed, 14 Aug 2002 11:31:24 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Afaik tomcat uses either cookies or url-encoding to get the session-id from the users requesting a resource, which has nothing to do with the ip address. The only circumstances I could imagine therefore are two differente browsers having installed the same session-cookie (which is quite unlikely and would require the users to actively copy those cookie from one machine to the other) or (which is much more likely) two users using the same encoded urls. This might happen if one user sends another the complete(!) link containing the session id by copying it out of the address-field of his browser, e.g.: http://www.yourserver.com/yourcontext/someresource.jsp;jsessionid=C21CC5E4A5 890818B3E56426925E86F9 This would let the other user share the same session as long as it has not timed out. best regards Andreas Mohrig -----Original Message----- From: Roland Carlsson [mailto:roland.c@swetravel.se] Sent: Wednesday, August 14, 2002 11:20 AM To: Tomcat Users List Subject: Session and IP Hi! I'm trying to trace a strange behavior from a couple of error reports from the users of a system. The problem is that they seems to share the same session on our server. Different computers, on different location, sharing a public ip-number (corporate intranet through VPN to a single internet-node). The company has IE4 as their default browser. My questions are: Is it possible that tomcat let those users share the same session since they share the same public IP-number? Under what circumstances would that behavior occur? Thanks in advance Roland Carlsson -- To unsubscribe, e-mail: For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: