Paweł Wielgus escribió:
Hi all,
by saying non web based i ment swing or swt.
As for Spring WebFlow, Paul could You elaborate more about it, i was
almost sure that it's impossible . Lets take my standard behavior, i
open my page with default tab, then i click middle button (wheel) on a
link and get a content in new tab, then i continue to work on new tab.
If i got it right it sholud not be possible to do it?
Best greetings,
Paweł Wielgus.
2008/12/1 Paul Benedict <[EMAIL PROTECTED]>:
Oh, my apologies. I thought the discussion revolved around preventing
the same person from having multiple sessions.
If you want to just prevent multiple views, you need to integrate
Spring WebFlowwt.
Paul
On Sun, Nov 30, 2008 at 4:45 PM, Dave Newton <[EMAIL PROTECTED]> wrote:
--- On Sun, 11/30/08, Paul Benedict wrote:
I've seen this kind of solution before. When a user logs
in, you need to write them into a database -- either in
memory or disk -- and then do not allow the same user to
log in again until the previous session expires. You want
to use a session listener for this to detect expired sessions.
I'm not sure that solves the problem of multiple session "views" in browsers
that make new tabs/windows as non-new connections/sessions, though--I think those have to
be handled with a sort of token mechanism.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
In fact there is another point, using databases for storing sessions, if
a user closes his tab or browser without "clicking" the correct link in
the webapp which invalidates the session, this session would be still
active in DB. Then a businness logic between the servlet and the DB
should be implemented...but how to control it? It is a catch 22 : /
A bad situation for multiple tabs: Imagine a webapp for tests. A user
could open multiple tabs login-in correctly with the session id and make
multiple tests when only 1 test per user should be permitted, this
implies multiple access to DB and a security hole for the webapp.
So if there is no clear or unknow implementation to solve this kind of
problem, something in a higher level should be done to take control
about tabs, shouldn´t it?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
