OK, I may try this if no other solution emerges. My question this is typical requirement for any enterprise level web app, how Struts2 handles it?
If it does not able to, then there is no other option but to leave S2 and look for other server frameworks. There is a need of looking beyond http session. I guess S2 is positioning itself as a server framework, I hope it addresses basic requirements for a enterprise application. Thanks Rajib abhishek reddy wrote: > > *If the user opens a new browser instance, then a new session is created > and both the windows have their own user id info( i.e. userid doesnt > override)* > > Taking the above point into consideration...you can try this way > > 1.When User X logged in successfully, you are storing the id in the > session. > 2.Now, If User Y logged in from the same broswer instance, session will be > old...so check for the attribute value set by the User X..... > If attribute value is null, proceed asusual, else tell the user to open a > new browser window.. > > hope this is helpfull.. > >> transactions also get userid info as X. > > On Sat, Jan 17, 2009 at 1:46 PM, RajibJana <rajibj...@gmail.com> wrote: > >> >> Thanks Wes for your reply. >> >> The application requires userid info for various reasons like >> authorization, >> auditing etc. Hidden key (security reason) or cookies ( may be >> disabled) >> are not the good way to handle this situation. I am wondering whether >> this >> is not a common requirement for any web app where we need to keep some >> information that can be accessed for a particular user session. I hoped >> that >> Struts 2 is capable to handle user session. >> >> I am in a fix, may I need to look other frameworks like Seam? >> >> Thanks >> >> Rajib >> >> >> >> >> Wes Wannemacher wrote: >> > >> > On Saturday 17 January 2009 00:23:49 RajibJana wrote: >> >> >> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the >> >> application >> >> as User X and the application shows the logged in userid as X and DB >> >> transactions also get userid info as X. >> >> 2) The same user opens a bowser tab or new window from the opened >> window >> >> ( >> >> from where he logged in as X), and logs in the application as User Y. >> Now >> >> userid Y overrides the userid X in session map( as no new session is >> not >> >> opened, I guess) and I get userid as Y in both the browser tabs. My >> >> application breaks. >> >> 3) If the user opens a new browser instance, then a new session is >> >> created >> >> and both the windows have their own user id info( i.e. userid doesnt >> >> override) >> >> >> > >> > I don't know if you will be able to fix your problem as long as you use >> a >> > form >> > of authorization that relies on the session. Each browser tab will >> > continue >> > using the session that is already established. >> > >> > Although I would not suggest this for a production application, but if >> > this >> > behavior is a requirement for your application, then you could try >> hiding >> > a >> > key within the page (a hidden input field) and also appending the key >> to >> > each >> > request URL. This is a very bad way to do it because it will be easy to >> > hijack >> > a session. Especially in cases where the user is clicking a link and >> the >> > key >> > will be visible in the GET request. >> > >> > I would consider whether your requirement is a development-time >> > requirement... >> > Meaning, is this something you need for testing your app? Or is this >> > something >> > the users will need? If it is something that the users need, consider >> re- >> > factoring before you hide key fields as I suggest above. If this is >> > something >> > you need for testing and development, then try to find a browser plugin >> > that >> > allows you to gain finer control over your cookies so that you can >> control >> > the >> > sessions while you work. >> > >> > -Wes >> > >> > -- >> > >> > Wes Wannemacher >> > Author - Struts 2 In Practice >> > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more >> > http://www.manning.com/wannemacher >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> > For additional commands, e-mail: user-h...@struts.apache.org >> > >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > > -- > Abhishek > > -- View this message in context: http://www.nabble.com/Struts-2-session-problem-tp21513305p21514568.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
