Advice needed on supporting multiple window / copies of app

["Molitor, Stephen" <SM...@erac.com>]

BACKGROUND:  We're starting to write a rather large intranet web app (250
database tables, maybe 2-8 times as many pages), that will have to remember
at least some session data.  It's supposed to look like a traditional client
app, not a web app, so we've removed the browser menu, button bars and URL
window.  

QUESTION:  We have a request for a 'Open New Copy of Application' button,
that would pop open a new copy of the app in a new browser window.  The idea
is that each browser window would be independent; we don't want the two
windows to step on each other's session data.  So far, we've thought of two
ways to implement this:

1.  USE URL-REWRITING TO CREATE ONE SESSION PER WINDOW
Use URL rewriting, not cookies, to encode the session id.  For the 'Open New
Copy of App' button, use JavaScript to create a new window, and submit the
url *without* the session id.  This will cause the app server to create a
new session for this window.  Each new copy of the app (each new browser
window) gets its own session.  We always use html:form and html:link, so
Struts will take care of the URL encoding for us.  In WebLogic, you can
force URL rewriting by setting EnableCookies=false and
URLRewritingEnabled=true in weblogic.xml.

The nice thing about this approach is that it seems easy to implement, and
doesn't require any changes to JSP's or any other part of the app.   We can
still use all Struts tags like normal.  Since we're removing the url bar,
the fact that the URL's get ugly is not an issue.  The downside is that we
might be dependent on application server specific configuration parameters,
and we're worried that WebLogic might take away the ability to force URL
rewriting in a future release.  Also, URL rewriting is not the normal method
for tracking session ids.  

2.  SUB-DIVIDE THE SESSION BY WINDOW NAME
Use one session for all windows.  In the JavaScript that creates a new
window, create a unique name for the window.  Use a hidden variable in all
pages to send that window name back and forth from the server.  Extend
html:form to always put the window name in as a hidden variable; extend
ActionForm to add a windowName property.  When accessing the session,
qualify the session attribute you are interested in with the window name.
For example:  'session.getAttribute(form.getWindowName() + "myObject")'.
Or, use a separate HashMap for each sub-session.
Either way, the idea is to create one logical sub-session per window.  

The nice thing about this approach is that we still use cookies for session
tracking, and don't have to rely on special application server settings.
Disadvantages include:  In JSP pages, accessing session beans would be
complicated.  We would have to 'qualify' the session by window name in JSP
tags, by using Java scriplets to get the window name prefix.  Or use a
bean:define to get the sub-session HashMap for our window, and then use that
in subsequent tags as the logical session.  Also, we might not be able to
use session scoped action forms. (How would Struts know how to get the form
from the correct 'sub-session', based on the window name?)  Could also be
some threading issues.  In general, this approach is invasive in that it
would require changes in the way we code every JSP page and action, but we
might be able to manage it.

With either approach, we still have to deal with the issue of the user
creating new windows behind our back.  We've disabled the browser bars, but
they can still use hot-keys.  We're thinking about using the synchronizer
token (Action.saveToken, isTokenValid, etc.) to detect these cases.

Advice?  Any other approaches?

Thanks!

Steve Molitor
smolitor@erac.com




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>