This week's book giveaway is in the JavaFX forum.
We're giving away four copies of Introducing JavaFX 8 Programming and have Herbert Schildt on-line!
See this thread for details.
The moose likes Servlets and the fly likes Problems with sessionID persistence... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Introducing JavaFX 8 Programming this week in the JavaFX forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Problems with sessionID persistence..." Watch "Problems with sessionID persistence..." New topic

Problems with sessionID persistence...

Louis - Jean Morisset

Joined: Aug 25, 2003
Posts: 20
Here is the context: Weblogic 6.XX, Struts, jsp 1.1, sdk 1.4.
So we have..., I have problem in session persitence. When I open two browsers on one PC (this website where you can look a some monthly transactions) and ask to each browser to do a search on a particular account. Let's say the first browser gets the information right. And then you ask the second browser to get a diffrent account information. It get's it right too. But if I then ask the first browser to refresh the information of the first account by clicking refresh on the browser, I get the information of the second account from the second browser in my first browser. In my logs, when I now browse in my first browser, I see the session Id of the second browser and the initial session ID has desapeared.
We are using Struts, therefore we get the session that struts sends us back!!! Unless there is another way to bypass the session returned by struts?? But then why use sturts??? So is there a way to bypass the cookies used by struts to manage the session ID's and force the session ID that you want to have???
HELP!!! This is kinda urgent like the rest of everyone stuff ;-)
PS: This problem is only if I have two browsers on one PC. The sessions don't get mixed up between different machines. Thank go for that!!!
Jay Cornog

Joined: Aug 25, 2003
Posts: 2
I think any browsers open from the same PC at the same time going to the same web server get the same session ID. Meaning its operating correctly. I remeber reading this but thats about all.
Louis - Jean Morisset

Joined: Aug 25, 2003
Posts: 20
Thanks Jay, you are right. It is operating correctly. This does not mean it's doing what I want it to do. . Actually, I have the answer to my question. Some guys on JGURU answered it for me. I thought I would share the info. What you need to do and I quote
"you need to keep your own unique token, in the request + response, not in the session. You put a hidden field (a "LouisSessionID") with a randomly generated id, in the form on the jsp. Your user submits the form, and you get the value for it in your form bean ("getLouisSessionID()") the form bean should be in request scope, not session scope).
You compare the incoming value with ones you have previously generated. You use this as your own private session-like reference, a key to some per-request data you maintain on your own.
Perhaps in your Action you check if the "LouisSessionID" has already been set, indicating this is part of an ongoing conversation. If already set, you use it as your key to lookup this LouisSession (distinct from HttpSessions which are shared among windows). If not set yet, you generate a new random one, and set it in the form bean, prior to displaying the JSP."
So thanks to all.
[ August 25, 2003: Message edited by: Louis - Jean Morisset ]
I agree. Here's the link:
subject: Problems with sessionID persistence...
It's not a secret anymore!