Session management by different browsers? (URGENT)


Web tier: servlets, JSP, Web frameworks: Session management by different browsers? (URGENT)

  1. I have a question about how session is managed by different browsers.

    Scenario - User logs onto the system by entering userid/password on the login page. The valid user is taken to the main page that shows menus depending on the roles assigned to the user.

    Problem - Open a browser instance and logon as valid user say U1. The main displayed properly with correct menu items.
    Now open a new browser instance (not by Ctrl-N but by clicking on the icon) and try to log on as another user say U2. The main page is diplayed correctly with appropriate meny items. Now If I go back to the first browser instance where U1 had looged in and try to click on any menu item, the menu items are changed to that of the usr U2.

    Thus no the first browser is using the role information of the user U2 stored in the session.

    Interestingly this works fine with the IE 5.0 browsers. With IE 5.5 and IE 6.0 the problem is noticed based on certian applied patches. But the NN 6.2.x is consistent with this behavior.

    According to me if a new browser instance is created a new session is established. Am I missing something?

    Thanks in advance for all your help,

  2. Ya,
        you are true. we had the same problem. And we came to a logical conclusion that, no two users can login in the same system at the same time.
        As you also know, that even cookies work that way. If your client requires that you have to implement that specific requirement u told, then you have to use URL rewriting techniques.
        the Session information are stored as a shared variable of the Class of the Browser than as a object variable.
        I hope i addressed your problem.

    All the best
  3. When opening a new browser window, it is using the same set of cookies as the original one. So, the session id (in the first cookie) is simply overwritten by the second login.

    You can prevent this by starting a new iexplore.exe instance instead of ctrl-n.