You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by "Robert A. Decker" <de...@robdecker.com> on 2007/10/05 00:14:13 UTC

How can this be made session safe?

I have a question about this demo:
http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/one

here's the source:
http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/onesource

When I use this demo and look at the generated source code I see  
nothing in the html that looks like a session identifier. And then  
when I open a new browser window and hit the demo the counter is  
still at whatever it was when I was increasing it in my other window.

So, basically, the counter is being shared across all of the sessions.

Is there a way to make page/component parameters for the current  
session only?

R

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: How can this be made session safe?

Posted by adasal <ad...@gmail.com>.

I thought of replying pointing out that this is the same session in the
original post since the first browser has not closed (by definition),
although it is, in fact, possible to start IE in a new session. On my
computer this is achieved by clicking on the desktop link, whereas openeing
a new window from the menu of an existing browser opens in the same session.
In the history there are URLs like
http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/one;jsessionid=3DFAF77ECAF0177FC2599D412EEBDAD8.worker1
http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/one;jsessionid=F6CC2397FEF39C340F779355A91BB689.worker1

And from Firefox, also on the samwe machine and in a different session
inspecting JavaScript gives:-

http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/one;jsessionid=BF68516158419CAFF5B5896BC58DE659.worker1
When you have these sort of links from your sessions they can be followed
and they will display the same page with the counter value referred to in
it. Normal usage has same behaviour but no display of the session id in the
URL. This is Tapestry.
BTW it is worth having Firefox for testing and many benefits, not least that
you will be able to see the Penguin in the URL that Shing has so kindly
provided!
(On IE it will only ever show the IE glyph - at least on my machine. It
doesn't just have a prejudice against Penguins, it doesn't like, e.g. the UK
Gov glyph!)
Adam
On 05/10/2007, Tom Davies <to...@exemail.com.au> wrote:

>
> On 05/10/2007, at 8:14 AM, Robert A. Decker wrote:
>
> > I have a question about this demo:
> > http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/one
> >
> > here's the source:
> > http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/onesource
> >
> > When I use this demo and look at the generated source code I see
> > nothing in the html that looks like a session identifier. And then
> > when I open a new browser window and hit the demo the counter is
> > still at whatever it was when I was increasing it in my other window.
> >
> > So, basically, the counter is being shared across all of the sessions.
> >
>
> Are you opening those windows in the same browser on the same
> machine? If so, what you are seeing is your session being shared
> among all your browser windows. Try two machines, or (say) IE and
> Firefox on the one machine and you'll see the behaviour you expect.
>
> Regards,
>   Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>

Re: How can this be made session safe?

Posted by Tom Davies <to...@exemail.com.au>.

On 05/10/2007, at 8:14 AM, Robert A. Decker wrote:

> I have a question about this demo:
> http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/one
>
> here's the source:
> http://lombok.demon.co.uk/tapestry5Demo/test/actionlink/onesource
>
> When I use this demo and look at the generated source code I see  
> nothing in the html that looks like a session identifier. And then  
> when I open a new browser window and hit the demo the counter is  
> still at whatever it was when I was increasing it in my other window.
>
> So, basically, the counter is being shared across all of the sessions.
>

Are you opening those windows in the same browser on the same  
machine? If so, what you are seeing is your session being shared  
among all your browser windows. Try two machines, or (say) IE and  
Firefox on the one machine and you'll see the behaviour you expect.

Regards,
   Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org