Hi,

Is there any way to differentiate the requests made to a Servlet from two different browser client of a single machine ?

I am able to login through one window and cut & paste the urls in another window. Since both give the same session idy, I am not able to differentiate them.

Thanks,
Nathan

Nathan,

   This behavior varies from browser to browser. I suspect you were using NetScape for your tests. Try IE4 and IE5 you will see that they exhibit different behaviors. I dont know of a solution to this issue other than educating your users.

Raj

Both IE and NN allows multiple windows to be opened, but these windows run in the same OS process space. For this reason, all these windows share the same session, therefore there's no way for the servlets/JSP to differentiate which request comes from which window.

There's nothing you can do ...

Adding to the above discussion,

In Win NT 4.0

1) when IE 4.0 /5.0 is running ,
open the task manager (ctrl+shft+esc), and see the no of
threads running .
Open a new window(ctrl+N) from this already running IE.
you'll see that one more thread is added.
Now open a seperate IE window , by DBLClicking IE , now see
the task manager , one seperate process, exe will be started.

2) But this is not the case with netscape. Even if you try to open a seperate process , it'll run in the already running process with adding on threads.

You could generate some unique ID for every page send from server (page view) and insert it into every link on your page...like this: {a href="http://yourside.com/index.jsp?uid=123123}{/a}
but the problem whit copy&paste still remains...
maybe you could create some javascript method (which will be called on every link), that could redirect to desired URL (with UID in it) (or maybe redirect to desired page and send the UID in http Post request...) But anyway only advantage in this solution is, that an user can't easily see that UID (
'cause you can put that UID in the seperate file (not in HTML-output but inside that javascript method (that means it must be regenerated for every page view)) and include that file with the javascript in your html (i think like "{SCRIPT SOURCE="your_external_javascript.js"}{/script}")

Thanks a lot for your responses.

Sorry guys I was away from my desk yesterday, hence couldn't able to see the responses.

Win2K Pro is my OS and I am using IE 5.0. The solution that I have been thinking was - do only POST requests to Servlets that way the url request parameters are hidden.

To do this I have to convert all my link tags

 {a hef="http://myserver.com/servlet/tran.MyServlet? mailtype=xyz"/}

in to

{form name="myform" action="http://myserver.com/servlet/tran.MyServlet" method="post"} {input type="hidden" name="mailtype" value="xyz"} {/form}

which I feel little less elegant. Is there any other way ?

I remember 'hotmail' in earlier days used to give 'Intrusion Login Error' when we try to do the same. Nowadays it is not doing anything of that.

Is there any way to hide the url transfers by creating multi-framed html pages?

Thanks,
Nathan

As you know there are some problems with sessionID, these are not that unique as you should think. Anyway, a simple solution for your problem is to use Cookies, store a cookie on the client side, with a unique ID, retrieve this and compare.

Hope this will do