What about creating a session identifier (SID) and sending it as the realm? That
would separate browser instances. Also, if a session is invalidated, just reject
requests with an invalid Realm. Is it legal HTTP to send a new realm in response to
an invalid one?
The rest of session management would remain the same, the only necessary thing would
be to be able to get SIDs from Realm headers, besides from Cookies and from URL
rewriting.
This is an idea, I've never tried it before.
Regards,
Rog�rio Gatto
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
