Session in new window


Web tier: servlets, JSP, Web frameworks: Session in new window

  1. Session in new window (3 messages)

    Want help, my requirement is that when a open a new window i want it to interact with the server with a new session, that is the session variable(with the same name) set in the parent window session should be different from the session varible in child window session(even thoug they are using the same session name)

    Threaded Messages (3)

  2. I don't think you can[ Go to top ]

    I don't think you can because the session is usually associated with an instance of a web browser, and opening a new window is not the same as a new instance.

    Launching IE twice will not work either as they are just new windows.

    You might be able to do something evil but I expect it would be very platform or browser specific.

  3. Session in new window[ Go to top ]

    This has something to do with how sessions are identified. This is usually done with a cookie or url rewriting if a browser doesn't support cookies.

    In case it is done via cookies, you don't have any chance to control the behaviour, since the browser handles cookies and browsers handle this differently. While Mozilla, Firefox etc. use the same cookie values for every browser instance (so every window has the same session), IE only shares the cookies for related windows (so a window opened from another window has the same session as the opener window, but if you open a new instance of IE manually, you get a new session).

    If you use URL rewriting, you can control this since you've the possibility to create your links with the session id as url parameter (so you're reusing the session) or without to create a new session in the new window.

  4. Chicken and egg?[ Go to top ]

    Thomas, is this not the typical case of chicken and egg? How does the client indicate on the *second* invocation that they want a new session?

    If your server simply checks if there is a session, if not go to logon it would never work. If you could explictly ask for a logon page which had no sessionId in the embedded URLs, that would work.

    Have I missed something? OK, I have always missed something, but have I missed something relevant :)