I am not sure I understand the exact question, but you realize that persistent cookies (cookies where you setMaxAge) are shared across multiple IE windows? Cheers- - marty
Java training and consulting<br /><a href="http://www.coreservlets.com/" target="_blank" rel="nofollow">http://www.coreservlets.com/</a>
Joined: Aug 20, 2003
I guess what I am trying to ask if I can control the number of sessions an user can initiate in one web application.
I am still not sure I understand the question. If the user comes back to the container within the session timeout and without quitting his browser, they will not get any more sessions -- they will get the same one. If one user is getting multiple sessions, then you have to ask why.
Because they have cookies disabled? Then I suspect you cannot detect that they are the same user, so you cannot limit the number of sessions.
Because the session timed out? You can change the session timeout with setMaxInactiveInterval (or in some more general way using server-specific settings).
Because the user quit the browser? Normally, you want that to end the session, but you could read the incoming JSESSIONID cookie and send it out with a max age so that sessions persist even when the browser is quit.
Or did you really mean you wanted to limit the amount of data that would be stored for a user within their single session object? Cheers- - Marty
Joined: Aug 20, 2003
Problem is that I don't want same user in multiple IE windows updating the same data at the same time. So if I can restrict an user to only one session in the application, not multiple then I can solve the problem. However, I couldn't think of another way to handle this other than i keeping track of user session in database. If user has entry in database then send back a message that user has session in another browser window. To make sure database entry is removed, when the session terminates put a listener on session so when it invalidates I removed the entry in the database. However there are problems with this, if the user can close the IE window, the session is active until it timeout in the meantime the user launch another IE window with new session, since the entry is still in the database the code will denied them. Then what you said, 'Then I suspect you cannot detect that they are the same user, so you cannot limit the number of sessions.' means I have no solution. Thanks so much for those who responsed to my questions. I am relatively new on posting questions in this medium, thanks for your patience. [ November 14, 2003: Message edited by: Jean Miles ] [ November 14, 2003: Message edited by: Jean Miles ]