Discussions

Web tier: servlets, JSP, Web frameworks: Session Creation

  1. Session Creation (4 messages)

    I am writing a sample servlet where users are allowed to login.

    Once a user Logs-In successfully i create a session.

    My question is if multiple users come frome the same IP address as in the case of users accessing through a proxy server. How will the sessions be created.

    Are sessions created based on IP address???

    Thanks in Advance
    David

    Threaded Messages (4)

  2. Session Creation[ Go to top ]

    You could set attributes in your session based on the user profile, even with multiple logins from the same ip
  3. Session Creation[ Go to top ]

    Be default, most webservers create a key representing the user that is logging in. The user is then required to provide that key with each request. This is typically don thought cookies.
  4. Session Creation[ Go to top ]

    Well David...
    According to my knowledge everytime a new Session is considered a unique session id is assigned for that session for uniquely identifying it from the others...i think it does'nt matter wheter all are behind a proxy having the Same IP's....they'll still have the unique Session id's...

    Farhan.
  5. Session Creation[ Go to top ]

    david -

    Here is my 2 cents ....

    Sessions are not necessarily created for every user that comes to your website. A session is only created when required(ie. a call to request.getSession(true)). Once that session is created, that user is assigned a unique identifier called a session id and that can either be placed into a cookie, or rewritten into the URL. The session id is usually not based on users IP address, but that is left up to vendor's implementation(usually includes random number and time and possibly a section of the server's IP). Therefore, you do not need to worry about users via a proxy server receiving the same session.

    The only concern would be if you were load balanciing a couple machines using a sticky session algorithm based on users IP.

    Hope this helps,
    Sean