On Saturday 17 January 2009 00:23:49 RajibJana wrote: > > 1) A User opens a browser window( IE 7/Firfox) and logs in the application > as User X and the application shows the logged in userid as X and DB > transactions also get userid info as X. > 2) The same user opens a bowser tab or new window from the opened window ( > from where he logged in as X), and logs in the application as User Y. Now > userid Y overrides the userid X in session map( as no new session is not > opened, I guess) and I get userid as Y in both the browser tabs. My > application breaks. > 3) If the user opens a new browser instance, then a new session is created > and both the windows have their own user id info( i.e. userid doesnt > override) >
I don't know if you will be able to fix your problem as long as you use a form of authorization that relies on the session. Each browser tab will continue using the session that is already established. Although I would not suggest this for a production application, but if this behavior is a requirement for your application, then you could try hiding a key within the page (a hidden input field) and also appending the key to each request URL. This is a very bad way to do it because it will be easy to hijack a session. Especially in cases where the user is clicking a link and the key will be visible in the GET request. I would consider whether your requirement is a development-time requirement... Meaning, is this something you need for testing your app? Or is this something the users will need? If it is something that the users need, consider re- factoring before you hide key fields as I suggest above. If this is something you need for testing and development, then try to find a browser plugin that allows you to gain finer control over your cookies so that you can control the sessions while you work. -Wes -- Wes Wannemacher Author - Struts 2 In Practice Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more http://www.manning.com/wannemacher --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
