You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by murthy gandikota <mu...@yahoo.com> on 2008/08/15 20:14:33 UTC
Using tabbed browsers causes session sharing
Hello All
While using tabbed browsers (e.g. IE 7) I am facing a login problem. Say on Tab#1 I login with a username A, on Tab#2 I login with username B, I still see A's session. Apparently the browser/Tomcat doesn't create a new session. Has anyone faced this problem? Are there any fixes?
Thanks
Murthy
RE: [BULK] Using tabbed browsers causes session sharing
Posted by Patrick Markiewicz <pm...@sim-gtech.com>.
Hi,
A session boils down to a cookie sent between the browser and the server. So the only way you could create 2 sessions is if the IE browser would keep cookies independent on each tab. I don't know of any browser that associates cookies with anything but the site. I.e. when you login on tab 2, your browser sends the existing cookie that is associated with the tomcat site, and it auto logs in to A's profile.
You could think about changing mozilla's source code to create a browser that allows it, but how would you change the profile for each tab? Would tab 3 remember that you logged into google mail already? Or would you have to log in again?
Patrick
-----Original Message-----
From: murthy gandikota [mailto:murthy_gandikota@yahoo.com]
Sent: Friday, August 15, 2008 2:15 PM
To: users@tomcat.apache.org
Subject: [BULK] Using tabbed browsers causes session sharing
Importance: Low
Hello All
While using tabbed browsers (e.g. IE 7) I am facing a login problem. Say on Tab#1 I login with a username A, on Tab#2 I login with username B, I still see A's session. Apparently the browser/Tomcat doesn't create a new session. Has anyone faced this problem? Are there any fixes?
Thanks
Murthy
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by André Warnier <aw...@ice-sa.com>.
murthy gandikota wrote:
> Hello All
> While using tabbed browsers (e.g. IE 7) I am facing a login problem. Say on Tab#1 I login with a username A, on Tab#2 I login with username B, I still see A's session. Apparently the browser/Tomcat doesn't create a new session. Has anyone faced this problem? Are there any fixes?
> Thanks
> Murthy
>
That's probably because there is only one JSESSIONID cookie stored by
the browser, no matter how many tabs are open, no ?
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Rusty Wright <ru...@gmail.com>.
Sessions are tied to the whole browser, not tabs within the browser. In
other words, it's a browser issue, not a tomcat issue.
murthy gandikota wrote:
> Hello All
> While using tabbed browsers (e.g. IE 7) I am facing a login problem. Say on Tab#1 I login with a username A, on Tab#2 I login with username B, I still see A's session. Apparently the browser/Tomcat doesn't create a new session. Has anyone faced this problem? Are there any fixes?
> Thanks
> Murthy
>
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by André Warnier <aw...@ice-sa.com>.
Robert Dietrick wrote:
> This is normal behavior. Sessions are tied to cookies bound to an
> entire domain. Why would you want the same person logged in twice
> with different accounts?
>
I don't know what the real issue of the OP is, but there are plenty of
situations where you would want to have 2 or more distinct sessions onto
a same service, even with the same user-id.
For instance, you are browsing two different areas of a database, and
you would need each session to keep a distinct context, and not mix up
what happens in one with the other.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Using tabbed browsers causes session sharing
Posted by Martin Gainty <mg...@hotmail.com>.
I would suggest assigning each logged-in user the capabilities of <n>individual roles which have a specified capability
http://tomcat.apache.org/tomcat-4.0-doc/manager-howto.html
start with xml basic MemoryRealm and work your way into JDBCRealm or JNDIRealm
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission.
> Date: Fri, 15 Aug 2008 16:21:38 -0400
> From: chris@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: Using tabbed browsers causes session sharing
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bill,
>
> Bill Davidson wrote:
> > Robert Dietrick wrote:
> >> Why would you want the same person logged in twice
> >> with different accounts?
> >
> > As a developer of a web app that has both admin and regular user roles,
> > I want to do this all the time. The admin roles can change things in ways
> > that affect the regular user's view. I want to see how things change
> > without having to log out and log back in as a different user.
> >
> > The way I deal with it is to use Firefox for one and IE for the other.
>
> You could use separate tabs in the same browser if you were to disable
> cookies on your browser (and you have correctly encoded your outgoing URLs).
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkil5VIACgkQ9CaO5/Lv0PDRxQCgurXC0dPS00+MzAoJAhCVSfo+
> fZMAoLcD1AgKgVTHnXJBqyW0n1UCKlUZ
> =Ul1U
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Get ideas on sharing photos from people like you. Find new ways to share.
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008
Re: Using tabbed browsers causes session sharing
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rusty,
Rusty Wright wrote:
> Sorry, I thought I did. It has nothing to do with tomcat; it's up to
> the browser whether or not it assigns different sessions to the tabs or
> not.
Replace "sessions" with "cookies" and the above statement is true. HTTP
is session-less, so clients do not keep any state information. Cookies
are a brilliantly hacky way of getting the server to maintain user state
over a state-less protocol.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkipiEwACgkQ9CaO5/Lv0PAqMgCePuM2TPHVXR/0RkbY5PD4uvZn
yhEAnjlxkLQE2/sLPbuL+qBSt1JPmVuP
=Jk6n
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Rusty Wright <ru...@gmail.com>.
Sorry, I thought I did. It has nothing to do with tomcat; it's up to
the browser whether or not it assigns different sessions to the tabs or
not. Apparently IE, or some versions of IE, do. In my experience
Firefox doesn't. I think if you have multiple Firefoxes opened, i.e.,
separate windows, not just separate tabs, they still share the session.
André Warnier wrote:
> Hi guys,
> shouldn't someone *explain* to the OP why this is happening ?
> I mean, the different bits and pieces are there in different answers,
> but maybe the "big picture" is missing to understand what and why it
> is happening ?
> Not knowing myself the hows and whys of Tomcat's session management, I
> don't feel confident enough to attempt such an explanation on my own.
> Or is it mentioned clearly somewhere in a doc that I missed ?
> I just went through items 1 to 26 of the list in
> http://tomcat.apache.org/tomcat-6.0-doc/index.html
> and, at first sight, I don't see anything that obviously points to
> session management.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Johnny Kewl <jo...@kewlstuff.co.za>.
----- Original Message -----
From: "André Warnier" <aw...@ice-sa.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Saturday, August 16, 2008 12:56 AM
Subject: Re: Using tabbed browsers causes session sharing
> Hi guys,
> shouldn't someone *explain* to the OP why this is happening ?
> I mean, the different bits and pieces are there in different answers, but
> maybe the "big picture" is missing to understand what and why it is
> happening ?
> Not knowing myself the hows and whys of Tomcat's session management, I
> don't feel confident enough to attempt such an explanation on my own.
> Or is it mentioned clearly somewhere in a doc that I missed ?
> I just went through items 1 to 26 of the list in
> http://tomcat.apache.org/tomcat-6.0-doc/index.html
> and, at first sight, I don't see anything that obviously points to session
> management.
Browsers are stateless, so they have no memory, they cant remember
anything...
So if you playing a game and you click refresh the browser will start
again... it would forget the score in a game, they stupid ;)
So servers give a browser a cookie... just some unique number, like
123456789
Then everytime the browser talks to the server it sends that back... then
the server stores state against that number...
So it stores say game score in a map addressed by 123456789...
So now the server knows and can remember stuff... but note that its the
server remembering, the browser just has this number...
They call this the session... and they hooked up in the browser by the
domain name... so if that is the same... the number is the same... the stuff
the server looks up is the same... so it does not change between tabs...
When security happens... it also uses the cookie... to remember that the
user has logged on... so the same process is at work.
Change domain names, use 2 browsers... or turn off cookies... so you can see
now why the other guys said all those things...
In old browsers... those invented just after the steam engine, they couldnt
do cookies, so the memory was done via urls...
If you look at how your google works... they still use that... eg:
http://www.google.com/search?hl=en&q=Sessions+in+Tomcat&btnG=Google+Search&meta=
So thats another way to remember state... but it can get quite hectic to
code compared to the nice easy TC session stuff.
Also can you see why cookies/sessions have to be set when you send that page
to a browser, and not when you just want the answer....
Its sending that unique number.... in TC if you look at the headers coming
in you will see JSessionID = huge number... thats the thing..
More or less ;)
Interesting hey.... clever people these TC dudes ;)
I hang out in many mailing lists... this is the best one ;)
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin,
Martin Gainty wrote:
> if you want to take it a step further determine if the client is
> using an old browser route them to latest
>
> <script language="JavaScript">
> <!--
> function onLoad()
> if(parseInt(navigator.appVersion)<7);
> document.window.open("http://www.microsoft.com/windows/downloads/ie/getitnow.mspx");
> // -->
> </script>
I think you mean http://www.mozilla.com/products/firefox ;)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkipiJcACgkQ9CaO5/Lv0PCsQQCgtLPZ5GlbXxGZZZ4XEv4EM3rO
xXsAoI7QmJsi+aJU47n7E3VvGS/mla2d
=wxFn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Using tabbed browsers causes session sharing
Posted by Martin Gainty <mg...@hotmail.com>.
if you want to take it a step further determine if the client is using an old browser route them to latest
<script language="JavaScript">
<!--
function onLoad()
if(parseInt(navigator.appVersion)<7);
document.window.open("http://www.microsoft.com/windows/downloads/ie/getitnow.mspx");
// -->
</script>
?
Martin Gainty
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission.
> Date: Sat, 16 Aug 2008 01:29:56 +0200
> From: rosenberg.leon@googlemail.com
> To: users@tomcat.apache.org
> Subject: Re: Using tabbed browsers causes session sharing
>
> Thats probably because it has nothing to do with tomcat or
> sessionmanagement, but has something to do with cookies and browser
> processes.
> AFAIK the only browser which allow theirself to be started in multiple
> processes are internet explorer and lynx. And internet explorer only
> if you activated a special option (start new window in separate
> process was the name in the good old days). The effect of the "one
> process" behaviour is:
> "one process -> one cookie -> one session".
>
> So what can you do? Basically two things
> 1) switch off your cookies and let tomcat url rewrite your links.
> This is generally a very bad idea, since your users won't be switching
> the cookies (unless some stupid admin forces them too, but i
> think/hope those specimen became extinct now) and you are
> developing/testing not the same thing your users will use.
> Also keep in mind that most crawlers can't handle sessionids in urls properly.
>
> 2) Use two different browsers.
> Now with i think at least 5 classy browsers on the market it should be
> easy to find two or three to use simultaneously. On the plus side it
> will help you to keep the browser interoperability:
>
> here some browsers to use:
> Firefox 2
> Firefox 3
> Internet Explorer 7
> Opera
> Flock
> Netscape Navigator 9 (Firefox 2.0.0.10 under the hood)
> Safari
> Mozilla
> Camino
> Konqueror
>
> Not all are available on all platforms, but most are.
>
> regards
> Leon
>
>
>
>
>
> On Sat, Aug 16, 2008 at 12:56 AM, André Warnier <aw...@ice-sa.com> wrote:
> > Hi guys,
> > shouldn't someone *explain* to the OP why this is happening ?
> > I mean, the different bits and pieces are there in different answers, but
> > maybe the "big picture" is missing to understand what and why it is
> > happening ?
> > Not knowing myself the hows and whys of Tomcat's session management, I don't
> > feel confident enough to attempt such an explanation on my own.
> > Or is it mentioned clearly somewhere in a doc that I missed ?
> > I just went through items 1 to 26 of the list in
> > http://tomcat.apache.org/tomcat-6.0-doc/index.html
> > and, at first sight, I don't see anything that obviously points to session
> > management.
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Be the filmmaker you always wanted to be—learn how to burn a DVD with Windows®.
http://clk.atdmt.com/MRT/go/108588797/direct/01/
Re: Using tabbed browsers causes session sharing
Posted by Jim Cox <sh...@gmail.com>.
FWIW, you can create distinct "profiles" with mozilla/firefox:
firefox -ProfileManager
And then start distinct processes with:
firefox -P <profile name>
On Mon, Aug 18, 2008 at 8:19 AM, David Smith <dn...@cornell.edu> wrote:
> In my experience, Internet Explorer starts a new process (and has a
> separate set of in-memory cookies) if you start it from the Start menu or
> the desktop icon. If you use Ctrl-N from inside the browser or File > New >
> Window from IE's menu bar, it's opened in the same process and uses the same
> set of cookies as the browser you launched it from. At least that was true
> of IE 6 -- I don't know if it's still true for IE 7. Firefox uses one
> process and all cookies are shared no matter how a new window is launched.
>
> --David
>
Re: Using tabbed browsers causes session sharing
Posted by David Smith <dn...@cornell.edu>.
In my experience, Internet Explorer starts a new process (and has a
separate set of in-memory cookies) if you start it from the Start menu
or the desktop icon. If you use Ctrl-N from inside the browser or File
> New > Window from IE's menu bar, it's opened in the same process and
uses the same set of cookies as the browser you launched it from. At
least that was true of IE 6 -- I don't know if it's still true for IE
7. Firefox uses one process and all cookies are shared no matter how a
new window is launched.
--David
Leon Rosenberg wrote:
> Thats probably because it has nothing to do with tomcat or
> sessionmanagement, but has something to do with cookies and browser
> processes.
> AFAIK the only browser which allow theirself to be started in multiple
> processes are internet explorer and lynx. And internet explorer only
> if you activated a special option (start new window in separate
> process was the name in the good old days). The effect of the "one
> process" behaviour is:
> "one process -> one cookie -> one session".
>
> So what can you do? Basically two things
> 1) switch off your cookies and let tomcat url rewrite your links.
> This is generally a very bad idea, since your users won't be switching
> the cookies (unless some stupid admin forces them too, but i
> think/hope those specimen became extinct now) and you are
> developing/testing not the same thing your users will use.
> Also keep in mind that most crawlers can't handle sessionids in urls properly.
>
> 2) Use two different browsers.
> Now with i think at least 5 classy browsers on the market it should be
> easy to find two or three to use simultaneously. On the plus side it
> will help you to keep the browser interoperability:
>
> here some browsers to use:
> Firefox 2
> Firefox 3
> Internet Explorer 7
> Opera
> Flock
> Netscape Navigator 9 (Firefox 2.0.0.10 under the hood)
> Safari
> Mozilla
> Camino
> Konqueror
>
> Not all are available on all platforms, but most are.
>
> regards
> Leon
>
>
>
>
>
> On Sat, Aug 16, 2008 at 12:56 AM, André Warnier <aw...@ice-sa.com> wrote:
>
>> Hi guys,
>> shouldn't someone *explain* to the OP why this is happening ?
>> I mean, the different bits and pieces are there in different answers, but
>> maybe the "big picture" is missing to understand what and why it is
>> happening ?
>> Not knowing myself the hows and whys of Tomcat's session management, I don't
>> feel confident enough to attempt such an explanation on my own.
>> Or is it mentioned clearly somewhere in a doc that I missed ?
>> I just went through items 1 to 26 of the list in
>> http://tomcat.apache.org/tomcat-6.0-doc/index.html
>> and, at first sight, I don't see anything that obviously points to session
>> management.
>>
>>
>>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Leon Rosenberg <ro...@googlemail.com>.
Thats probably because it has nothing to do with tomcat or
sessionmanagement, but has something to do with cookies and browser
processes.
AFAIK the only browser which allow theirself to be started in multiple
processes are internet explorer and lynx. And internet explorer only
if you activated a special option (start new window in separate
process was the name in the good old days). The effect of the "one
process" behaviour is:
"one process -> one cookie -> one session".
So what can you do? Basically two things
1) switch off your cookies and let tomcat url rewrite your links.
This is generally a very bad idea, since your users won't be switching
the cookies (unless some stupid admin forces them too, but i
think/hope those specimen became extinct now) and you are
developing/testing not the same thing your users will use.
Also keep in mind that most crawlers can't handle sessionids in urls properly.
2) Use two different browsers.
Now with i think at least 5 classy browsers on the market it should be
easy to find two or three to use simultaneously. On the plus side it
will help you to keep the browser interoperability:
here some browsers to use:
Firefox 2
Firefox 3
Internet Explorer 7
Opera
Flock
Netscape Navigator 9 (Firefox 2.0.0.10 under the hood)
Safari
Mozilla
Camino
Konqueror
Not all are available on all platforms, but most are.
regards
Leon
On Sat, Aug 16, 2008 at 12:56 AM, André Warnier <aw...@ice-sa.com> wrote:
> Hi guys,
> shouldn't someone *explain* to the OP why this is happening ?
> I mean, the different bits and pieces are there in different answers, but
> maybe the "big picture" is missing to understand what and why it is
> happening ?
> Not knowing myself the hows and whys of Tomcat's session management, I don't
> feel confident enough to attempt such an explanation on my own.
> Or is it mentioned clearly somewhere in a doc that I missed ?
> I just went through items 1 to 26 of the list in
> http://tomcat.apache.org/tomcat-6.0-doc/index.html
> and, at first sight, I don't see anything that obviously points to session
> management.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by André Warnier <aw...@ice-sa.com>.
Hi guys,
shouldn't someone *explain* to the OP why this is happening ?
I mean, the different bits and pieces are there in different answers,
but maybe the "big picture" is missing to understand what and why it is
happening ?
Not knowing myself the hows and whys of Tomcat's session management, I
don't feel confident enough to attempt such an explanation on my own.
Or is it mentioned clearly somewhere in a doc that I missed ?
I just went through items 1 to 26 of the list in
http://tomcat.apache.org/tomcat-6.0-doc/index.html
and, at first sight, I don't see anything that obviously points to
session management.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Bill Davidson <bi...@gmail.com>.
Christopher Schultz <ch...@christopherschultz.net> wrote:
>You could use separate tabs in the same browser if you were to disable
>cookies on your browser (and you have correctly encoded your outgoing
URLs).
David Rees wrote:
>Yep, this is probably the best way to do it. Just keep in mind that if
>you copy links it will have your session id in them.
I think it's easier to just use two browsers. I have to make sure
everything works in IE and Firefox anyway so it's just as well that
I'm using both on a fairly regular basis.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by David Rees <dr...@gmail.com>.
On Fri, Aug 15, 2008 at 1:21 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> Bill Davidson wrote:
>> The way I deal with it is to use Firefox for one and IE for the other.
>
> You could use separate tabs in the same browser if you were to disable
> cookies on your browser (and you have correctly encoded your outgoing URLs).
Yep, this is probably the best way to do it. Just keep in mind that if
you copy links it will have your session id in them.
-Dave
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bill,
Bill Davidson wrote:
> Robert Dietrick wrote:
>> Why would you want the same person logged in twice
>> with different accounts?
>
> As a developer of a web app that has both admin and regular user roles,
> I want to do this all the time. The admin roles can change things in ways
> that affect the regular user's view. I want to see how things change
> without having to log out and log back in as a different user.
>
> The way I deal with it is to use Firefox for one and IE for the other.
You could use separate tabs in the same browser if you were to disable
cookies on your browser (and you have correctly encoded your outgoing URLs).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkil5VIACgkQ9CaO5/Lv0PDRxQCgurXC0dPS00+MzAoJAhCVSfo+
fZMAoLcD1AgKgVTHnXJBqyW0n1UCKlUZ
=Ul1U
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Robert Dietrick <rd...@gmail.com>.
That's an acceptable way to deal with the problem (it's not a tomcat
problem after all but an abnormal use case). Anyone who's built an
administrative web app is accustomed to such shenanigans. If you have
a legitimate need to access different parts of your app while logged
in under one account, then you should implement some notion of roles.
On 8/15/08, Bill Davidson <bi...@gmail.com> wrote:
> Robert Dietrick wrote:
>> Why would you want the same person logged in twice
>> with different accounts?
>>
>
> As a developer of a web app that has both admin and regular user roles,
> I want to do this all the time. The admin roles can change things in ways
> that affect the regular user's view. I want to see how things change
> without having to log out and log back in as a different user.
>
> The way I deal with it is to use Firefox for one and IE for the other.
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Bill Davidson <bi...@gmail.com>.
Robert Dietrick wrote:
> Why would you want the same person logged in twice
> with different accounts?
>
As a developer of a web app that has both admin and regular user roles,
I want to do this all the time. The admin roles can change things in ways
that affect the regular user's view. I want to see how things change
without having to log out and log back in as a different user.
The way I deal with it is to use Firefox for one and IE for the other.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Using tabbed browsers causes session sharing
Posted by Robert Dietrick <rd...@gmail.com>.
This is normal behavior. Sessions are tied to cookies bound to an
entire domain. Why would you want the same person logged in twice
with different accounts?
On 8/15/08, murthy gandikota <mu...@yahoo.com> wrote:
> Hello All
> While using tabbed browsers (e.g. IE 7) I am facing a login problem. Say on
> Tab#1 I login with a username A, on Tab#2 I login with username B, I still
> see A's session. Apparently the browser/Tomcat doesn't create a new session.
> Has anyone faced this problem? Are there any fixes?
> Thanks
> Murthy
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org