Thanks Wes for your reply. The application requires userid info for various reasons like authorization, auditing etc. Hidden key (security reason) or cookies ( may be disabled) are not the good way to handle this situation. I am wondering whether this is not a common requirement for any web app where we need to keep some information that can be accessed for a particular user session. I hoped that Struts 2 is capable to handle user session.
I am in a fix, may I need to look other frameworks like Seam? Thanks Rajib Wes Wannemacher wrote: > > On Saturday 17 January 2009 00:23:49 RajibJana wrote: >> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the >> application >> as User X and the application shows the logged in userid as X and DB >> transactions also get userid info as X. >> 2) The same user opens a bowser tab or new window from the opened window >> ( >> from where he logged in as X), and logs in the application as User Y. Now >> userid Y overrides the userid X in session map( as no new session is not >> opened, I guess) and I get userid as Y in both the browser tabs. My >> application breaks. >> 3) If the user opens a new browser instance, then a new session is >> created >> and both the windows have their own user id info( i.e. userid doesnt >> override) >> > > I don't know if you will be able to fix your problem as long as you use a > form > of authorization that relies on the session. Each browser tab will > continue > using the session that is already established. > > Although I would not suggest this for a production application, but if > this > behavior is a requirement for your application, then you could try hiding > a > key within the page (a hidden input field) and also appending the key to > each > request URL. This is a very bad way to do it because it will be easy to > hijack > a session. Especially in cases where the user is clicking a link and the > key > will be visible in the GET request. > > I would consider whether your requirement is a development-time > requirement... > Meaning, is this something you need for testing your app? Or is this > something > the users will need? If it is something that the users need, consider re- > factoring before you hide key fields as I suggest above. If this is > something > you need for testing and development, then try to find a browser plugin > that > allows you to gain finer control over your cookies so that you can control > the > sessions while you work. > > -Wes > > -- > > Wes Wannemacher > Author - Struts 2 In Practice > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more > http://www.manning.com/wannemacher > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > -- View this message in context: http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
