From: "Dan Bachelder" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 06, 2001 8:58 AM
Subject: Re: security
> Well, I'm trying... the great thing about mailing lists is now I have this
> wonderful place to preserve my ignorance for years to come.. fantastic :)
>
> Well... let me try and express where I am at now... There is this concept of
> a cookie on the client side which contains some name/value pair... these
> cookies are by default around for the lifetime of a browser window (session)
> and are only available to that one window... any number of seconds can be
> assigned to the life of the cookie, at which time they become "persistent"
> and are available to all browser windows on the client machine...
>
> On the server side there is a concept of a session... this session is
> defined by credentials supplied in the form of a JSESSIONID, which is
> created by the container and stored in a session cookie (or the url) on the
> client... Problems arise when one has an application that can span multiple
> windows, as session cookies are only visible to the window in which they
> were created.
>
> If the container was to use persistent cookies to track the clients session
> instead of the in-memory session cookies, one would think multiple browser
> windows could participate in the same session...
>
> Is there some inherent problem with using persistent cookies for tracking a
> user session? I must be missing something, but I'm not sure what....
>
Dan,
I'm no expert on the way this works (or anything in particular for that matter),
but I think you really need to get over the fact that you cannot have multiple
browser windows partaking in the same session (from the perspective of the
server). If you think about it, the session exists on the server in order to keep
track of what is going on in a specific browser window for a specific client
machine. How then can you expect a session to maintain state for multiple
windows? I don't think you can.
I think you need to focus on automatically logging the new window in as a
*NEW* session and then somehow getting it to where you want it to be
in the application.
Cheers,
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
