0

I use JSF and I want to avoid a same session sharing 2 tabs in my browser. I think an easy way is to force url rewriting instead of using cookies.

Can anyone tell me how I can force the url rewriting with JSF?

Thanks.

Stéphane

Stéphane
  • 514
  • 5
  • 16

1 Answers1

2

I want to avoid a same session sharing 2 tabs in my browser

Sorry, but this makes no sense. This is not something which you can control from the server side on. All browsers use the same session in all opened tabs/windows (expect of anonymized tabs/windows like Chrome Ingognito via Ctrl+Shift+N). That's just how all browsers work and completely beyond your control.

If you're having a problem with it, then you should absolutely solve it differently than attempting to disable session sharing in multiple browser tabs/windows (which simply isn't possible). It sounds much like as if you're incorrectly storing request or view scoped data in a session scoped bean. You should not do that. You should store request scoped data in a request scoped bean and view scoped data in a view scoped bean. The session scope should only be used for session scoped data, such as the logged-in user and its preferences like language settings.

I think the view scope is actually what you're looking for; it lives as long as you're interacting with the very same view (read: the very same browser window/tab) by postbacks and it it not shared in other browser windows/tabs.

See also:

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Thanks for answer. In fact, my app is a wizard... And I store user data until the final submit in the session scope after multiple view (conversation scope is not available in my config). And I don't want 2 differents tabs (with 2 differents wizards) mixing each other. How can I do without using session scoped bean? – Stéphane Feb 06 '13 at 12:52
  • Use a single view with conditionally rendered content. See also e.g. http://stackoverflow.com/questions/9741778/how-and-when-to-remove-a-session-scoped-bean-in-jsf-2-0/9742891#9742891 – BalusC Feb 06 '13 at 12:54
  • Yep, it is indeed a good idea for a simple wizard.. But mine is quite a complexe one. With multiple branchings, etc... – Stéphane Feb 06 '13 at 13:07
  • Then use CDI's `@ConversationScoped` or CODI's `@ViewAccessScoped`. At least, your concrete problem boils down to that you're simply using the wrong scope for the purpose, exactly as answered. – BalusC Feb 06 '13 at 13:41
  • It is indeed the scope I had choosen at first but Conversion scope is not available (as said in my first response). But you're right : the concrete problem is that I use SessionScope instead of conversation scope. – Stéphane Feb 06 '13 at 14:09
  • @BalusC can't you use URL rewriting to stop session sharing between tabs? I'm not saying this is the appropriate approach for JSF, but it's really a cookie that is shared so using an approach to store the session ID in something besides a cookie would work wouldn't it? – TigerBear Oct 02 '15 at 19:36
  • @punchingInAPepper ALL tabs (in fact all windows) of the same browser instance share the same sessions, and thus the same cookies. – jwenting Oct 05 '15 at 13:56
  • @jwenting I think you have it backwards- all tabs share the same cookies and thus the same session. This is why URL rewriting would work since you are storing the session id in the url not in the cookie. – TigerBear Oct 05 '15 at 17:22