0

My problem is not my application. It is working fine if I am logging in with one user, but when I am logging in by multiple users through different user from different instances of IE8 browser my later session data are overriding the former one. This is because both of the IE browsers are using same session id. It is happening because of session sharing of IE8. There is only one session is maintained for one application by how many user I am logging in does not matter. In fact I want to maintain one session for each user.

Like when I am logging in gmail in one browser. If type gmail on another browser, it is logging in automatically. I do not want this in my application. I should get a login by another user at the time I perform an independent operation.

My application is uses Struts, Spring, Hibernate & JBoss application server.

Now tell me how I should proceed ?

michaelok
  • 1,124
  • 1
  • 13
  • 20
Idiot
  • 83
  • 1
  • 2
  • 7

1 Answers1

0

The default behavior for IE is to share session data between your tabs.

Imagine it didn't: Your user logs into your site, see two pages he want's to view and opens them in new tabs. If the session data for the UserId no lobger existed he would see an error or be redirected to you login page again (depends on your configuration though).

If you're just testing things yourself: 1. Try File > New Session 2. Try multiple InPrivate windows (doubt this though).

If you need this is functionality for you users, you might want to have a look at : http://javapapers.com/servlet/explain-the-methods-used-for-session-tracking/

Ruaan
  • 180
  • 1
  • 7
  • But thing is dat IE8 shares session across window also... I shares session not only tabs but also acoss new instances also... I just want 2 avoid dat one. – Idiot Jun 04 '10 at 09:31
  • And i cant say my user to use new session to use the application ? They are not going to understand dat one. so m in a dialema. – Idiot Jun 04 '10 at 09:34
  • Firstly, read the Servlet Specification (specially SRV.7.7.3) Client Semantics SRV.7.7.3 Client Semantics Due to the fact that cookies or SSL certificates are typically controlled by the Web browser process and are not associated with any particular window of the browser, requests from all windows of a client application to a servlet container might be part of the same session. For maximum portability, the Developer should always assume that all windows of a client are participating in the same session. – Ruaan Jun 04 '10 at 12:32
  • Secondly, you'd probably be able to do this using URL rewriting. Have a look at this post, I think the guy had the same problem : http://stackoverflow.com/questions/368653/how-to-differ-sessions-in-browser-tabs – Ruaan Jun 04 '10 at 12:34