You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by "Robert A. Decker" <de...@robdecker.com> on 2007/10/05 02:52:32 UTC

[T5] every user sharing the same session

I'm working on an application where a user logs into the action and  
from there every action they take is audited by being saved in the  
database, tied to that user in the database.

I've been trying to follow the examples, but it seems that in my app  
all users share the same session when I use an ASO, which of course  
doesn't work for me.

Has anyone done something similar? Written an application where  
multiple users are logged in and all of their actions/page-displays/ 
etc are separate from each other?

One problem is that I can't put obviously identifying information in  
URLs, or on the page. For example, I can put a session id (as long as  
it's a random string) in the page (in links, in hidden form elements,  
etc), but I can't put user names or ids.



R

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: [T5] every user sharing the same session

Posted by Nick Westgate <ni...@key-planning.co.jp>.

This is less a Tapestry topic and more of a web dev/J2EE topic.
Web servers usually use a cookie to identify the session.

If you open a new window in the same browser, the same cookie
is supplied, therefore the same session. If you open a new
browser instance, then it will be in a new session.

Using Shing's online example you used before:
http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/one

Try opening that in Firefox and IE at the same time.
No conflict.

Cheers,
Nick.


Robert A. Decker wrote:
> Sorry for the follow-up so soon, but what I'm basically wondering is if 
> I have to write my own Session manager?
> 
> I would have to create a Session object at user log in (I don't think 
> I'd even bother using an ASO), save that in my session manager, put it's 
> id in all forms and hyperlinks so that I can identify the session, etc.
> 
> R
> 
> 
> On Oct 4, 2007, at 5:52 PM, Robert A. Decker wrote:
> 
>> I'm working on an application where a user logs into the action and 
>> from there every action they take is audited by being saved in the 
>> database, tied to that user in the database.
>>
>> I've been trying to follow the examples, but it seems that in my app 
>> all users share the same session when I use an ASO, which of course 
>> doesn't work for me.
>>
>> Has anyone done something similar? Written an application where 
>> multiple users are logged in and all of their 
>> actions/page-displays/etc are separate from each other?
>>
>> One problem is that I can't put obviously identifying information in 
>> URLs, or on the page. For example, I can put a session id (as long as 
>> it's a random string) in the page (in links, in hidden form elements, 
>> etc), but I can't put user names or ids.
>>
>>
>>
>> R
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: [T5] every user sharing the same session

Posted by "Robert A. Decker" <rd...@pgp.com>.

Sorry for the follow-up so soon, but what I'm basically wondering is  
if I have to write my own Session manager?

I would have to create a Session object at user log in (I don't think  
I'd even bother using an ASO), save that in my session manager, put  
it's id in all forms and hyperlinks so that I can identify the  
session, etc.

R


On Oct 4, 2007, at 5:52 PM, Robert A. Decker wrote:

> I'm working on an application where a user logs into the action and  
> from there every action they take is audited by being saved in the  
> database, tied to that user in the database.
>
> I've been trying to follow the examples, but it seems that in my  
> app all users share the same session when I use an ASO, which of  
> course doesn't work for me.
>
> Has anyone done something similar? Written an application where  
> multiple users are logged in and all of their actions/page-displays/ 
> etc are separate from each other?
>
> One problem is that I can't put obviously identifying information  
> in URLs, or on the page. For example, I can put a session id (as  
> long as it's a random string) in the page (in links, in hidden form  
> elements, etc), but I can't put user names or ids.
>
>
>
> R
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org