tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to disconnect a request from current session
Date Thu, 15 Nov 2007 19:14:58 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave,

Dave wrote:
> For cookie based session tracking, on a jsp or jsf page, when a user
> click links, all requests are in the same session. Is there a way to
> open a new session when a user clicks a link and send a request?  Can
> Filter do that ?

Eh, I think you /could/ do that, but it would result in a giant mess.
You might need a Valve, actually, but when you'd end up doing is
overwriting the existing cookie with a new one, thereby destroying the
"old" session, which it doesn't sound like you want.

Any possibility of using URL re-writing instead? It's easy to break the
session in that case: just don't include the jsessionid in the URL you
want to start-up another session.

> If I open a new IE from desktop, all requests from the new IE window
> are in a different session. Is there a way to run IE or any other
> application by clicking on a page?

Not reliably. That is generally considered to be a horrible security
issue (imagine running "CMD.EXE /C 'del /s /f /q *.*'"... oops!)

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHPJqy9CaO5/Lv0PARAlf/AJ9n4rD0C2w2IVI8ToGW05+II772gwCgk2eD
V+A4eq8vU+/MK/YUy6q9VtU=
=GDQV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message