Hi Christopher, > Look into using URL rewriting instead of cookies for session > tracking. If the user pops open a new window based on a link > with an encoded session, the session will still be shared, > but if they reenter the site from a new window, it will not.
Good point! However when I call the 'getSessionId()' method on the request object, won't it calculate the same session id as the old window? ... I've just done a quick check, and it looks like getSessionId() will generate different ids for netscape browsers with cookies turned off, but generates the same id for IE windows (where one is spawned using new->window from the other). (it was a quick test, so don't hold me to it!) Also, if URL rewriting is used, but the client has cookies turned on, won't the JSESSIONID cookie be used by the servlet container in preference to the over-written URL? Later, Dan. ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
