I have a small issue which is making major errors occuring in my app ..i have a webapplication where the UI is specific to the group of the usr logged in and this usergroup is stored in session .
But when a user logs in , and by using ctrl-n he opnes another browser and tries to login in that page with a diff user/usergroup..so what happens in that userGroup variable in the session gets overridden with the new one leading to inconsistancy in the old browser (In this all of a sudden new UI appears which is making a big hell
I usually treat this issue as part training and part technical. In the training aspect, the users need to be made aware that using Ctrl-N to open up a new window will use the same session as the current window (at least when the browser is IE). If a separate session is needed, users need to run another instance of the program directly, either by clicking on the program icon or through the menu system or from the command line, whatever.
The technical part is the handling of the situation when the user does use Ctrl-N and tries to log in again. I would just check for the existence of the userGroup bean when trying to log in. If it exists, display an error or warning to the user saying that if they continue, any other windows they have already open that share the same session will be invalidated, or something to that effect.
I would just check for the existence of the userGroup bean when trying to log in. If it exists, display an error or warning to the user saying that if they continue, any other windows they have already open that share the same session will be invalidated, or something to that effect.
Hi i had done the same at the login by invalidating the old session but the thing is that whenever the old session is invalidated the new session will be given to both the browsers which are opened....so this is creating a problem in the old browser where he will be dispalyed the details of new guy who logged in ...............
i think this is the way happening with the tomcat server i feel...but i checked this in rediff and all its proper with out any data inconsistancy mean this has something to do with the server i feel..
and marc can u elaborate a bit on that resetting token.......................
Any windows that are using an invalidated session should just forward to a "Session Invalid" type error page and not allow the user to continue. Then the training part kicks in: train the user so that they know that if they get the Session Invalid, they need to close the window and start another instance of the browser without using Ctrl+N.
I made the assumption that you are using Struts when I made that suggestion. You can always implement your own use of tokens but Struts makes it easier. Are you using Struts?
A token is a value that gets submitted usually with every post request. The benefit is that if some state changes you can change the token, making all requests that have the old token (browser cache) invalid.
In your case, a new login would create a new token for the session. The other instance of the old browser (before Ctrl+N) would still contain the old token, which you can catch on the server when they try to submit it and display an error page. [ November 16, 2004: Message edited by: Marc Peabody ]
Joined: Sep 21, 2003
Now i am proceeding with a temp sol which is not that good.............i am finding out in the beginning of my action itself if another user is in session and i am throwing him back to page where message is displayed and he doesnt have any other option is that except closing the window .............