General discussion

Locked

Locking session for Netscape browsers

By Koke ·
We are experiencing a problem with our online java application (servlets & jsps using WebSphere app. server). When a user logs in with NS and has his data displayed in his browser, it is possible for another user to log in and end up with the original user's session id. This normally happens when clicking on a link that runs a second servlet. The problem manifests itself immediately if tested on the same machine - however we have not been able to reproduce from machines with different ip addresses. BUT, we know it does happen because a client called in and described the problem and gave us info from the 2nd users account. This does not happen in IE. Should the session ID be set in the browser window so that even if the user opened a new window and logged in again he would never get the original sessionid? If so, how is this done?

MK

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Locking session for Netscape browsers

by Ivan Kravchenko In reply to Locking session for Netsc ...

As for Netscape 4 all browser windows share the same process. Thus, if session tracking is performed using cookies, all windows are in the same session. The only way to fix the situation (except dropping Netscape support is to choose another method of session tracking. Another common one is URL rewriting. However it will require extra development efforts. Check http://java.sun.com/docs/books/tutorial/servlets/client-state/session-tracking.html for details.
HTH

Collapse -

Locking session for Netscape browsers

by Koke In reply to Locking session for Netsc ...

Poster rated this answer

Collapse -

Locking session for Netscape browsers

by Koke In reply to Locking session for Netsc ...

This question was closed by the author

Back to Web Development Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums