I have a javabean I'm using for logins. It is set for session scope. The top of each page is printing out the session ID. Here's what's happening: >Main page loads. SessionID like: 9wlk1fck81 >Click on 'log in'. New window pops up with user/pass fields and sessionID like: 9wlk1fck81 >Type in username/pass and click submit. Login window submits to itself, authenticates, and redirects to an HTML page which has a 'opener.location.href="newPage"' line of script. It then closes itself. >The new page that is in our original window now has a sessionID like: wl143fkdiow2 How in the heck can the sessionID on the same server in the same browser window change? At no point am I forcing the session to end or anything like that. Obviously it is causing problems because the user is logged in the original session, not the new one that it redirects to. Platform is tomcat/apache on Solaris. Browser = explorer OR netscape on a win xp/2k or mac.
.... pretty funky behavior... I was going to ask what platform / app server you're running and also what Browser you're using (to see if the behavior was different).... but you already answered those :-) So -- my only thought is that it's specific to your app server, possibly a bug? If your app is in a war file (and can be run on its own with out a DB), you can email it to me and I can try running it on my two App Servers to see if I get similar behavior. (I'm running both Total-e-Server 7.3 and HP Application Server 8.0) ------------------ - Jessica Bradley HP Bluestone
Well I did have this running on my dev system (Win2k with Jbuilder) which I believe is using tomcat. I never experienced any of the above problems on that machine. I also have another app that has the same pop login setup as this which is working fine deployed on Weblogic/Solaris. I agree, it is something specific to this server, but I still have to make it work =P
Joined: Nov 01, 2000
Following some advice I saw on a msg board somewhere else on a related topic, I changed the url's in the redirects to be absolute url's. Someone was mentioning a bug in mod_jk (sits between apache and tomcat) that makes it not track session ID's correctly on relative urls. I'm not convinced it fixed everything, but it is definitely working much better. More information if I figure anything else out.