You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Alexander Khoo <al...@yahoo.com> on 2006/09/20 10:11:29 UTC

Restrict Session In One Browser!

Dear users,
 
Can anyone help on restricting 1 session per browser? 
what we are trying to archieve here is when the users sucessfully login to our server & establish a session, we want that session to lock in that current browser & when another browser is open it show the previous login page again!!!
 
Please Help!!!
 
Regards,
Jujai

Re: Restrict Session In One Browser!

Posted by Mark Thomas <ma...@apache.org>.

Alexander Khoo wrote:
> Hi,
>  
> 1) user access http://www.xyz.com  -login page appear & user key in username & password
>  
> 2) http://www.xyz.com/CheckRule.do  ( "CheckRule.do is a action our programmer created to hide the jsessionid) -wellcome page show
>  
> 3) http://www.xyz.com//MemberAgreeRule.do - member page show
>  
> 4) click "CTRL N" or "click FILE > NEW > WINDOWS & another browser with http://www.xyz.com/MemberAgreeRule.do link will show,in this stage the new browser will show "Page Has Expire" but when you click refresh the page is back into business again.
>  
> Regards,
> Alexander Khoo

<spec-quote>
SRV.7.7.3 Client Semantics
Due to the fact that cookies or SSL certificates are typically
controlled by the Web browser process and are not associated with any
particular window of the browser, requests from all windows of a
client application to a servlet container might be part of the same
session. For maximum portability, the Developer should always assume
that all windows of a client are participating in the same session.
</spec-quote>

For what it is worth, depending on how you open IE it does, or doesn't
start a new process. If you get a new process, you should get a new
session. Use task manager, or similar, to monitor.

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Restrict Session In One Browser!

Posted by Alexander Khoo <al...@yahoo.com>.

Hi,
 
1) user access http://www.xyz.com  -login page appear & user key in username & password
 
2) http://www.xyz.com/CheckRule.do  ( "CheckRule.do is a action our programmer created to hide the jsessionid) -wellcome page show
 
3) http://www.xyz.com//MemberAgreeRule.do - member page show
 
4) click "CTRL N" or "click FILE > NEW > WINDOWS & another browser with http://www.xyz.com/MemberAgreeRule.do link will show,in this stage the new browser will show "Page Has Expire" but when you click refresh the page is back into business again.
 
Regards,
Alexander Khoo


----- Original Message ----
From: David Delbecq <de...@oma.be>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Wednesday, September 20, 2006 5:19:25 PM
Subject: Re: Restrict Session In One Browser!


Hi,
am not sure to understand you. Please provide more detailed information
about the case in which 2 browser windows get 2 logins. Provide the
exact steps you issue from the 'opening the first browser windows' to
'you have 2 different sessions'. At each step give us the url you are at
and whether or not there is a cookie set in browser.

Alexander Khoo a écrit :
> Hi,
>  
> Thanks for the answer! I have tried but the problem is when i sucessfully login in to the page & click "CTRL N" to open another browser & click refresh the previous screen appear.So i got 2 sucessfully login page now! & we are trying to lock the URL aswell from showing the jsessionid...for example:
>  
> 1) http://www.abc.com/test/index.jsp;jsessionid12323213
>  
> to
>  
> 2) http://www.abc.com/test/ (this also apply to other page within the same browser if user click)
>  
> Regards,
> Alexander Khoo
>
>
>  
> ----- Original Message ----
> From: David Delbecq <de...@oma.be>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Sent: Wednesday, September 20, 2006 4:40:47 PM
> Subject: Re: Restrict Session In One Browser!
>
>
> Hi Alexander.
> Because tomcat use a session cookie (JSESSIONID), the sessions are
> already limited to one per browers, except if the user deactivate
> cookie, in which case only the Url rewriting mecanism is used. In the
> last mecanism, if the flow of page is interrupted (by accessing an url
> not rewritted with session id), a new session will be created.
> Anyway, nothing prevents user to start 2 Browsers.
>
> Alexander Khoo a écrit :
>   
>> Dear users,
>>  
>> Can anyone help on restricting 1 session per browser? 
>> what we are trying to archieve here is when the users sucessfully login to our server & establish a session, we want that session to lock in that current browser & when another browser is open it show the previous login page again!!!
>>  
>> Please Help!!!
>>  
>> Regards,
>> Jujai
>>   
>>     
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Restrict Session In One Browser!

Posted by David Delbecq <de...@oma.be>.

Hi,
am not sure to understand you. Please provide more detailed information
about the case in which 2 browser windows get 2 logins. Provide the
exact steps you issue from the 'opening the first browser windows' to
'you have 2 different sessions'. At each step give us the url you are at
and whether or not there is a cookie set in browser.

Alexander Khoo a écrit :
> Hi,
>  
> Thanks for the answer! I have tried but the problem is when i sucessfully login in to the page & click "CTRL N" to open another browser & click refresh the previous screen appear.So i got 2 sucessfully login page now! & we are trying to lock the URL aswell from showing the jsessionid...for example:
>  
> 1) http://www.abc.com/test/index.jsp;jsessionid12323213
>  
> to
>  
> 2) http://www.abc.com/test/ (this also apply to other page within the same browser if user click)
>  
> Regards,
> Alexander Khoo
>
>
>  
> ----- Original Message ----
> From: David Delbecq <de...@oma.be>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Sent: Wednesday, September 20, 2006 4:40:47 PM
> Subject: Re: Restrict Session In One Browser!
>
>
> Hi Alexander.
> Because tomcat use a session cookie (JSESSIONID), the sessions are
> already limited to one per browers, except if the user deactivate
> cookie, in which case only the Url rewriting mecanism is used. In the
> last mecanism, if the flow of page is interrupted (by accessing an url
> not rewritted with session id), a new session will be created.
> Anyway, nothing prevents user to start 2 Browsers.
>
> Alexander Khoo a écrit :
>   
>> Dear users,
>>  
>> Can anyone help on restricting 1 session per browser? 
>> what we are trying to archieve here is when the users sucessfully login to our server & establish a session, we want that session to lock in that current browser & when another browser is open it show the previous login page again!!!
>>  
>> Please Help!!!
>>  
>> Regards,
>> Jujai
>>   
>>     
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Restrict Session In One Browser!

Posted by Alexander Khoo <al...@yahoo.com>.

Hi,
 
Thanks for the answer! I have tried but the problem is when i sucessfully login in to the page & click "CTRL N" to open another browser & click refresh the previous screen appear.So i got 2 sucessfully login page now! & we are trying to lock the URL aswell from showing the jsessionid...for example:
 
1) http://www.abc.com/test/index.jsp;jsessionid12323213
 
to
 
2) http://www.abc.com/test/ (this also apply to other page within the same browser if user click)
 
Regards,
Alexander Khoo


 
----- Original Message ----
From: David Delbecq <de...@oma.be>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Wednesday, September 20, 2006 4:40:47 PM
Subject: Re: Restrict Session In One Browser!


Hi Alexander.
Because tomcat use a session cookie (JSESSIONID), the sessions are
already limited to one per browers, except if the user deactivate
cookie, in which case only the Url rewriting mecanism is used. In the
last mecanism, if the flow of page is interrupted (by accessing an url
not rewritted with session id), a new session will be created.
Anyway, nothing prevents user to start 2 Browsers.

Alexander Khoo a écrit :
> Dear users,
>  
> Can anyone help on restricting 1 session per browser? 
> what we are trying to archieve here is when the users sucessfully login to our server & establish a session, we want that session to lock in that current browser & when another browser is open it show the previous login page again!!!
>  
> Please Help!!!
>  
> Regards,
> Jujai
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Restrict Session In One Browser!

Posted by David Delbecq <de...@oma.be>.

Hi Alexander.
Because tomcat use a session cookie (JSESSIONID), the sessions are
already limited to one per browers, except if the user deactivate
cookie, in which case only the Url rewriting mecanism is used. In the
last mecanism, if the flow of page is interrupted (by accessing an url
not rewritted with session id), a new session will be created.
Anyway, nothing prevents user to start 2 Browsers.

Alexander Khoo a écrit :
> Dear users,
>  
> Can anyone help on restricting 1 session per browser? 
> what we are trying to archieve here is when the users sucessfully login to our server & establish a session, we want that session to lock in that current browser & when another browser is open it show the previous login page again!!!
>  
> Please Help!!!
>  
> Regards,
> Jujai
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Restrict Session In One Browser!

Posted by Alexander Khoo <al...@yahoo.com>.

Hi,

Thanks,This has been resolve by encode the jsessionid into the a frame,Now when user create a new windows the login page will show.

Regards,
Alexander

----- Original Message ----
From: Michael Jouravlev <jm...@gmail.com>
To: Tomcat Users List <us...@tomcat.apache.org>; Alexander Khoo <al...@yahoo.com>
Sent: Thursday, September 21, 2006 12:15:01 AM
Subject: Re: Restrict Session In One Browser!

On 9/20/06, Alexander Khoo <al...@yahoo.com> wrote:
> Dear users,
>
> Can anyone help on restricting 1 session per browser?
> what we are trying to archieve here is when the users sucessfully login to our server & establish a session, we want that session to lock in that current browser & when another browser is open it show the previous login page again!!!
>
> Please Help!!!

Use Firefox, is starts only one session per website.

On the other hand, someone recently posted that MSIE starts a new
process if you start if from Explorer, and does not start a new
process if you open a new window with Ctrl+N. Your experience seem to
prove that Ctrl+N actually *do* start a new process. If so, then
again, use Firefox.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Restrict Session In One Browser!

Posted by Michael Jouravlev <jm...@gmail.com>.

On 9/20/06, Alexander Khoo <al...@yahoo.com> wrote:
> Dear users,
>
> Can anyone help on restricting 1 session per browser?
> what we are trying to archieve here is when the users sucessfully login to our server & establish a session, we want that session to lock in that current browser & when another browser is open it show the previous login page again!!!
>
> Please Help!!!

Use Firefox, is starts only one session per website.

On the other hand, someone recently posted that MSIE starts a new
process if you start if from Explorer, and does not start a new
process if you open a new window with Ctrl+N. Your experience seem to
prove that Ctrl+N actually *do* start a new process. If so, then
again, use Firefox.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org