I am writing a sample servlet where users are allowed to login.
Once a user Logs-In successfully i create a session.
My question is if multiple users come frome the same IP address as in the case of users accessing through a proxy server. How will the sessions be created.
Are sessions created based on IP address???
Thanks in Advance
You could set attributes in your session based on the user profile, even with multiple logins from the same ip
Be default, most webservers create a key representing the user that is logging in. The user is then required to provide that key with each request. This is typically don thought cookies.
According to my knowledge everytime a new Session is considered a unique session id is assigned for that session for uniquely identifying it from the others...i think it does'nt matter wheter all are behind a proxy having the Same IP's....they'll still have the unique Session id's...
Here is my 2 cents ....
Sessions are not necessarily created for every user that comes to your website. A session is only created when required(ie. a call to request.getSession(true)). Once that session is created, that user is assigned a unique identifier called a session id and that can either be placed into a cookie, or rewritten into the URL. The session id is usually not based on users IP address, but that is left up to vendor's implementation(usually includes random number and time and possibly a section of the server's IP). Therefore, you do not need to worry about users via a proxy server receiving the same session.
The only concern would be if you were load balanciing a couple machines using a sticky session algorithm based on users IP.
Hope this helps,