Thanks for the response. From the messages below, it appears that problem is not client-side. It sounds like if a 'jsessionid' is not passed with the request, then Tomcat will create a new session. Is this correct? Pete Jim Crossley wrote: > Hi Peter, > > Unfortunately, there's no foolproof way to do what you're trying to do. > The limitation is imposed on the client-side. Your success depends on > how much control you have over your users, i.e. it becomes a training > issue. > > A good description of the issues involved is on page 134 of Hans > Bergsten's book, _JavaServer_Pages_. > > Your best bet is to force tomcat to always use session rewriting instead > of cookies (assuming that's possible), but even that's not entirely > foolproof. > > Good luck. > > Peter Alfors wrote: > > > > Hello all, > > > > I originally posted a question about session ids on the struts-user > > list, but then realized that this is a better question for this list. > > Thanks for all the info about session ids (craig, gary, steven, > > etc). I hate to beat a dead horse, but I have ANOTHER question on > > session ids. > > > > I have changed to the tomcat server.xml to turn off cookies. > > <RequestInterceptor > > className="org.apache.tomcat.request.SessionInterceptor" > > noCookies="true"/> > > > > This is my complete jsp page: > > > > <HTML> > > <BODY> > > Session Id: <%= session.getId() %> > > </BODY> > > </HTML> > > > > I am using Tomcat 3.2.1 stand-alone. > > > > When I run this, the session id's are still the same for two separate > > instances of netscape 4.7. (both instances started from the desktop). > > What am I missing to force the session id's to be different? > > > > Any help would be immensely appreciated, > > Pete > > > > "Kramer, Gary" wrote: > > > > > > > > > > > > > > When I try Netscape4.7, it gives me different sessions IDs. As I > > > understand it, the session id is assigned by Tomcat (i.e. > > > jsessionid=asdkfjl), not by the browsers. If you disable cookie use > > > in Tomcat and there is no jsessionid parameter in the URL, then Tomcat > > > cannot link your request to any session and therefore has no choice > > > but to create a new session. > > > > > > Your explanation of using <html:link> and rewriting within a session > > > is exactly what I'm doing (or trying to do). I also put in some > > > defensive code to determine if the user messed with the URL or created > > > a new browser with the same URL. I put code in my Form bean's reset > > > method to double check that the request that is coming in actually > > > applies to the object the user was last working on. This also defends > > > against some of the problems caused by hitting the back and forward > > > buttons. Still, very annoying. > > > > > > -----Original Message----- > > > From: Peter Alfors > > > To: [EMAIL PROTECTED] > > > Sent: 2/1/01 5:11 PM > > > Subject: Re: session ids cont... > > > > > > I added the "noCookies" attribute and set it to "true". However, the > > > two > > > instances of Netscape 4.7 still show that they are using the same > > > session. > > > I.E. 5.0 does display different session ID still. > > > > > > see notes below... > > > > > > "Craig R. McClanahan" wrote: > > > > > > > Peter Alfors wrote: > > > > > > > > > "Kramer, Gary" wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I had similiar problems. You need to turn off the use of > > > Cookies > > > on > > > > > > your server (in Tomcat this setting is in server.xml). When > > > the > > > user > > > > > > opens 2 browsers, they will always have different session ids in > > > > > > both > > > > > > IE and Netscape since the first URL they will use will not have > > > a > > > > > > session id included. > > > > > > > > > > > > > > > > How do I turn off the use of cookies in the server.xml? I only > > > see > > > one > > > > > location where cookies are mentioned. > > > > > <!-- Request processing --> > > > > > <!-- Session interceptor will extract the session id from > > > > > cookies and > > > > > deal with URL rewriting ( by fixing the URL ) > > > > > --> > > > > > <RequestInterceptor > > > > > > > > className="org.apache.tomcat.request.SessionInterceptor" > > > /> > > > > > > > > > > Do I comment out this section? > > > > > > > > > > > > > For Tomcat 3.2.1 there is a noCookies attribute on this entry that > > > defaults > > > > to "false". You need to set it to "true": > > > > > > > > <RequestInterceptor > > > > className="org.apache.tomcat.request.SessionInterceptor" > > > > noCookies="true"/> > > > > > > > > NOTE: Using URL rewriting does *not* catch every case of multiple > > > windows > > > > sharing session ids. Consider that the user can right-click on a > > > hyperlink > > > > (containing the session id) and select "Open in New Window". > > > Because > > > the > > > > hyperlink being clicked had a session id in it already, the new > > > window > > > will > > > > still be part of the old session -- so your app logic needs to be > > > ready to > > > > deal with this. > > > > > > > > > > So it sounds like what I am looking for is to get the browser > > > instances > > > (IE and > > > Netscape) to generate unique session ids. Then, I need to perform > > > URL-rewriting > > > for all of my links within the webapp. This will solve my problem if > > > the user > > > has opened up multiple browser instances (from the desktop, not > > > through > > > file > > > --> new--> Window). > > > I can use the <html:link> tag to accomplish this throughout the site. > > > > > > However, I will also need to add some sort of "smarts" to the app to > > > handle the > > > possibility that the user opened a new browser instance from the (file > > > > > > --> new > > > --> Window) option. > > > > > > Am I on the right track? (sorry if I sound so confused, but I am) :) > > > > > > > Craig McClanahan > > > <<Card for Peter Alfors>> > > > > ------------------------------------------------------------------------ > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, email: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, email: [EMAIL PROTECTED]
begin:vcard n:; x-mozilla-html:FALSE org:<BR><IMG SRC="http://www.irista.com/logo/irista.gif"><BR><BR><FONT Color=#000080><FONT SIZE=2><B>Bringing Vision to Your Supply Chain adr:;;;;;; version:2.1 end:vcard
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
