Charles,
Does that mean I will have to do my own session management using URL
rewritting? Right now I was using Servlet default session management. How do
you find out which method servlets is using i.e. Cockie or URL rewriting?
-Ankur
>From: Charles Forsythe <[EMAIL PROTECTED]>
>Reply-To: "A mailing list for discussion about Sun Microsystem's Java
> Servlet API Technology." <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: *** MULTIPLE SESSIONS ON SAME PC *** Posible???
>Date: Tue, 1 Feb 2000 12:47:50 -0600
>
> > But It returns the same session. The session created by N1. I want to
>have
> > multiple sessions running simultaneusly working independent of each
>other.
> > Is it possible to do so?
>
>If the sessions are managed with cookies, you will only have one session
>per user. This
>is because the cookie is associated with the client in general, not a
>specific browser
>window. Another, more difficult, way to manage sessions is "URL
>re-writing."
>
>With URL re-writing, a parameter is attached to each link (for GET methods)
>or a hidden
>variable is added to every form (for POST methods). This variable controls
>the session.
>Because the value is embedded in the HTML, different browser windows
>(showing different
>sets of HTML) can have different sessions. This method is straightforward,
>but tricky.
>
> 1. If your code "misses" a place where a URL needs to be re-written,
> or a hidden variable needs to be added, the session is lost.
>
> 2. If your user leaves the application, the session is lost (unlike
>cookies,
> which stick around for a while)
>
> 3. If a user bookmarks a page, they will end up freezing that session
> id in their bookmark, making the bookmark useless (assuming you
> expire sessions!)
>
> 4. If a user bookmarks a page, it puts their session ID in the
>bookmark
> list, which can be a security hole, particularly because some
>JavaScript
> attacks can read the bookmarks.
>
>I hope this helps.
>
>-- Charles
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
