Summary: Any known bugs and workarounds with Multiple Windows in IE5,
Servlet Sessions and Struts 1.0b1?
Detailed Version:
We are using Struts 1.0b1 and Tomcat J2EE form-based login security on our
website. The user requests a protected page and is automatically redirected
by Tomcat to the login page from which they login and enter the site. The
password and username gets stored in a session automatically by Tomcat for
use in further protected pages. No problem there - it works perfectly.
However when we open a new window using the javascript functions
window.open(url), window.showModelessDialog(url) or
window.showModalDialog(url), things go badly wrong. The moment the new
window is opened the user has to log in again in the main window before they
can do anything else. Had a look at the HttpServletRequest and the the
j_username and j_password variables appear to be deleted from the session
attributes the moment you open the new window, but the cookie with the
session id still appears to be present.
After considerable effort we have narrowed the problem down to Struts
itself. If we open the new window with a url that is just a static file
(html,gif etc) the session doesn't get lost. If we open the new window with
a url that is a jsp file that doesn't involve struts once again everything
continues working fine. But the moment we open the new window with a struts
url (ie *.do) the session gets lost in the main window.
Has anyone else had this problem? Any known bugs in Struts 1.0b1 that we
should be aware of? Any known solutions/workarounds? Help!
Thanks,
Graeme.
