Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 69721 invoked from network); 19 Dec 2008 13:26:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Dec 2008 13:26:48 -0000 Received: (qmail 33658 invoked by uid 500); 19 Dec 2008 13:26:49 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 33640 invoked by uid 500); 19 Dec 2008 13:26:49 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 33629 invoked by uid 99); 19 Dec 2008 13:26:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Dec 2008 05:26:49 -0800 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [83.236.232.74] (HELO mail.asci-systemhaus.de) (83.236.232.74) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Dec 2008 13:26:27 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.asci-systemhaus.de (Postfix) with ESMTP id 283EC407C3 for ; Fri, 19 Dec 2008 14:26:06 +0100 (CET) Received: from mail.asci-systemhaus.de ([127.0.0.1]) by localhost (mail.asci-systemhaus.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04080-08 for ; Fri, 19 Dec 2008 14:26:05 +0100 (CET) Received: from [192.168.200.147] (unknown [192.168.200.147]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.asci-systemhaus.de (Postfix) with ESMTP id 00EF53E26A for ; Fri, 19 Dec 2008 14:26:04 +0100 (CET) Message-ID: <494BA113.2020604@asci-systemhaus.de> Date: Fri, 19 Dec 2008 14:26:43 +0100 From: =?ISO-8859-1?Q?Ingmar_L=F6tzsch?= User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: how to invalidate old sessions when new user access appl on same machine References: <21090090.post@talk.nabble.com> <002801c961d8$e95d3600$bc17a200$@com> In-Reply-To: <002801c961d8$e95d3600$bc17a200$@com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at asci-systemhaus.de X-Virus-Checked: Checked by ClamAV on apache.org Hello, you can use the Sevlet API. First call invalidate() on the actual HttpSession instance and then getSession(true) on the request object (HttpServletRequest) to start a new session. Nicolas Romantzoff schrieb: > Thats a problem in your server code... > > Session is binded to a connection (browser session) basically, not a > machine. > If you open a second browser (or a second tab) you should get a different > session-id. That's dependent on the browser and maybe the user settings. I'am using Firefox and I'am happy, that Firefox uses the same session in all windows for the same host. > Don't use JSESSIONID in url parameters, but in session cookie (unless you > need to cross protocols like http <-> https) Shouldn't this be transparent to the developper? > For security, you will have to bind an 'ending' date to the session's > authentication. Isn't the session timeout enough? > Nicolas Romantzoff > General Manager > T�l.: (+33) 478 53 65 17 > > > -----Original Message----- > From: Vishnu Vardhana Reddy [mailto:vishnu490@gmail.com] > Sent: Friday, 19 December, 2008 12:55 > To: users@tomcat.apache.org > Subject: how to invalidate old sessions when new user access appl on same > machine > > > hi all, > > I am using Mozilla browser to access my web application.User one access my > application using his credentials .but i left that browser open.after that I > am opening the another Mozilla window and accessing my application using > different credentials ex:user2 credentials .user 2 also can access my > application.but when i open the first browser ..am automatically getting > second user session.how can we avoid this problem. > > Application is using session identifier(jSessionID) as the URL parameter for > session management. > > is it possible to invalidate the old session when new user access on same > machine. > > thanks, > Vishnu > -- > View this message in context: > http://www.nabble.com/how-to-invalidate-old-sessions-when-new-user-access-ap > pl-on-same-machine-tp21090090p21090090.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > > > > _____ > > avast! Antivirus : Outbound message clean. > > > Virus Database (VPS): 081218-0, 2008-12-18 > Tested on: 2008-12-19 13:54:20 > avast! - copyright (c) 1988-2008 ALWIL Software. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org