*If the user opens a new browser instance, then a new session is created and both the windows have their own user id info( i.e. userid doesnt override)*
Taking the above point into consideration...you can try this way 1.When User X logged in successfully, you are storing the id in the session. 2.Now, If User Y logged in from the same broswer instance, session will be old...so check for the attribute value set by the User X..... If attribute value is null, proceed asusual, else tell the user to open a new browser window.. hope this is helpfull.. > transactions also get userid info as X. On Sat, Jan 17, 2009 at 1:46 PM, RajibJana <rajibj...@gmail.com> wrote: > > Thanks Wes for your reply. > > The application requires userid info for various reasons like > authorization, > auditing etc. Hidden key (security reason) or cookies ( may be disabled) > are not the good way to handle this situation. I am wondering whether this > is not a common requirement for any web app where we need to keep some > information that can be accessed for a particular user session. I hoped > that > Struts 2 is capable to handle user session. > > I am in a fix, may I need to look other frameworks like Seam? > > Thanks > > Rajib > > > > > Wes Wannemacher wrote: > > > > On Saturday 17 January 2009 00:23:49 RajibJana wrote: > >> > >> 1) A User opens a browser window( IE 7/Firfox) and logs in the > >> application > >> as User X and the application shows the logged in userid as X and DB > >> transactions also get userid info as X. > >> 2) The same user opens a bowser tab or new window from the opened window > >> ( > >> from where he logged in as X), and logs in the application as User Y. > Now > >> userid Y overrides the userid X in session map( as no new session is not > >> opened, I guess) and I get userid as Y in both the browser tabs. My > >> application breaks. > >> 3) If the user opens a new browser instance, then a new session is > >> created > >> and both the windows have their own user id info( i.e. userid doesnt > >> override) > >> > > > > I don't know if you will be able to fix your problem as long as you use a > > form > > of authorization that relies on the session. Each browser tab will > > continue > > using the session that is already established. > > > > Although I would not suggest this for a production application, but if > > this > > behavior is a requirement for your application, then you could try hiding > > a > > key within the page (a hidden input field) and also appending the key to > > each > > request URL. This is a very bad way to do it because it will be easy to > > hijack > > a session. Especially in cases where the user is clicking a link and the > > key > > will be visible in the GET request. > > > > I would consider whether your requirement is a development-time > > requirement... > > Meaning, is this something you need for testing your app? Or is this > > something > > the users will need? If it is something that the users need, consider re- > > factoring before you hide key fields as I suggest above. If this is > > something > > you need for testing and development, then try to find a browser plugin > > that > > allows you to gain finer control over your cookies so that you can > control > > the > > sessions while you work. > > > > -Wes > > > > -- > > > > Wes Wannemacher > > Author - Struts 2 In Practice > > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more > > http://www.manning.com/wannemacher > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > -- > View this message in context: > http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- Abhishek
