Re: Same session for one IP
Actually the product is an industrial automation tool. It is supposed to run in control rooms of industrial plants. The requirement for a single user for a machine is important because the client is very heavy. It requires a lot of memory and other resources (which makes it important that we restrict more than one client for a machine). The product can also run in office environments where the configuration etc for running it on plants are to be set etc.. So, its something like that. And yes, you can rule out the possibility of its running over the internet but in workshops or other office environments we can have those IP scenarios. On 3/18/07, Peter Crowther [EMAIL PROTECTED] wrote: From: kz [mailto:[EMAIL PROTECTED] Im working on a product which requires that only a single client instance can be connected through a machine. There is no way, to my knowledge, to implement this in the general case. It's always possible for a power user to assign two IP addresses to the machine and run two browser processes, each bound to one of the IP addresses. You have no way of distinguishing that case from the case of two separate machines. And what about the other case: that of multiple users of (say) a Windows terminal server through thin clients where there is a machine with one IP address but several legitimate users? Are there some features of your network that make this problem more tractable, for example assumptions that there are no proxies that might confuse IP addresses, that machines will only ever have single IP addresses and that machines will only ever have single users? If you're writing an Internet webapp, then answer to the above is almost certainly no. If you're writing for a corporate environment with tight control over the clients, you might be able to get somewhere. I have to ask: why is this a requirement? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Same session for one IP
From: kz [mailto:[EMAIL PROTECTED] Im working on a product which requires that only a single client instance can be connected through a machine. There is no way, to my knowledge, to implement this in the general case. It's always possible for a power user to assign two IP addresses to the machine and run two browser processes, each bound to one of the IP addresses. You have no way of distinguishing that case from the case of two separate machines. And what about the other case: that of multiple users of (say) a Windows terminal server through thin clients where there is a machine with one IP address but several legitimate users? Are there some features of your network that make this problem more tractable, for example assumptions that there are no proxies that might confuse IP addresses, that machines will only ever have single IP addresses and that machines will only ever have single users? If you're writing an Internet webapp, then answer to the above is almost certainly no. If you're writing for a corporate environment with tight control over the clients, you might be able to get somewhere. I have to ask: why is this a requirement? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Same session for one IP
None that I no of. More to the point, it's a security issue to have all the browsers behind one IP share a common session. Witness how cable routers can share one IP with an entire apartment building. Would you really want your neighbor with the super loud metal rock to see your credit card statements? All browser windows spawned from a single process can share (and often do to the frustration of some web developers). So, if you use New Window or Ctrl-N from within IE you'll get the same session as the window that started the session. Firefox does the same thing regardless of whether you open from Explorer or New Window in the File menu. Is there a reason you need to guarantee all the browsers from a given user have the exact same session? --David kz wrote: Hi, Is there any option in Tomcat which can assign a new session ID only if the IP address is changed and not a browser window? Actually right now a new session ID comes in request for every new browser window (even if the IP address is same). Is there any option to make Tomcat assign new session ID only if IP address is changed and the session remains the same even if there are multiple browser windows hitting the server? Thank you so much. Khurram. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Same session for one IP
Actually yeah. Im working on a product which requires that only a single client instance can be connected through a machine. Actually I thought if there would be anything in Tomcat which supports this then it wouldve considered the problem you mentioned and would be solving it somehow (using mac address or something). I cannot use the IP address coming in request because of this proxy problem. I have to bind something with the session. Even if tomcat gives me the actual IP address (whic considers the fact that the client machine can be sitting behind proxy) then it would be great. What other options do I have to implement this thing? Regards, Khurram. On 3/16/07, David Smith [EMAIL PROTECTED] wrote: None that I no of. More to the point, it's a security issue to have all the browsers behind one IP share a common session. Witness how cable routers can share one IP with an entire apartment building. Would you really want your neighbor with the super loud metal rock to see your credit card statements? All browser windows spawned from a single process can share (and often do to the frustration of some web developers). So, if you use New Window or Ctrl-N from within IE you'll get the same session as the window that started the session. Firefox does the same thing regardless of whether you open from Explorer or New Window in the File menu. Is there a reason you need to guarantee all the browsers from a given user have the exact same session? --David kz wrote: Hi, Is there any option in Tomcat which can assign a new session ID only if the IP address is changed and not a browser window? Actually right now a new session ID comes in request for every new browser window (even if the IP address is same). Is there any option to make Tomcat assign new session ID only if IP address is changed and the session remains the same even if there are multiple browser windows hitting the server? Thank you so much. Khurram. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]