my dog learned polymorphism*
The moose likes Struts and the fly likes Problem with Ctrl-N and opening a new window Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Problem with Ctrl-N and opening a new window" Watch "Problem with Ctrl-N and opening a new window" New topic
Author

Problem with Ctrl-N and opening a new window

sreenath reddy
Ranch Hand

Joined: Sep 21, 2003
Posts: 415
Hi

I have a small issue which is making major errors occuring in my app ..i have a webapplication where the UI is specific to the group of the usr logged in and this usergroup is stored in session .

But when a user logs in , and by using ctrl-n he opnes another browser and tries to login in that page with a diff user/usergroup..so what happens in that userGroup variable in the session gets overridden with the new one leading to inconsistancy in the old browser (In this all of a sudden new UI appears which is making a big hell

can any one tell me a way to sort this out
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

You could end up with the same issue using the browser's cache.

You'll probably have to invalidate the session at login or try something with resetting a token at login.


A good workman is known by his tools.
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4446
    
    5

I usually treat this issue as part training and part technical. In the training aspect, the users need to be made aware that using Ctrl-N to open up a new window will use the same session as the current window (at least when the browser is IE). If a separate session is needed, users need to run another instance of the program directly, either by clicking on the program icon or through the menu system or from the command line, whatever.

The technical part is the handling of the situation when the user does use Ctrl-N and tries to log in again. I would just check for the existence of the userGroup bean when trying to log in. If it exists, display an error or warning to the user saying that if they continue, any other windows they have already open that share the same session will be invalidated, or something to that effect.


Junilu - [How to Ask Questions] [How to Answer Questions]
sreenath reddy
Ranch Hand

Joined: Sep 21, 2003
Posts: 415
I would just check for the existence of the userGroup bean when trying to log in. If it exists, display an error or warning to the user saying that if they continue, any other windows they have already open that share the same session will be invalidated, or something to that effect.

Hi
i had done the same at the login by invalidating the old session but the thing is that whenever the old session is invalidated the new session will be given to both the browsers which are opened....so this is creating a problem in the old browser where he will be dispalyed the details of new guy who logged in ...............

i think this is the way happening with the tomcat server i feel...but i checked this in rediff and all its proper with out any data inconsistancy mean this has something to do with the server i feel..

and marc can u elaborate a bit on that resetting token.......................

and pls i fu have any ideas do let me know
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4446
    
    5

Any windows that are using an invalidated session should just forward to a "Session Invalid" type error page and not allow the user to continue. Then the training part kicks in: train the user so that they know that if they get the Session Invalid, they need to close the window and start another instance of the browser without using Ctrl+N.
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

I made the assumption that you are using Struts when I made that suggestion. You can always implement your own use of tokens but Struts makes it easier. Are you using Struts?

A token is a value that gets submitted usually with every post request. The benefit is that if some state changes you can change the token, making all requests that have the old token (browser cache) invalid.

In your case, a new login would create a new token for the session. The other instance of the old browser (before Ctrl+N) would still contain the old token, which you can catch on the server when they try to submit it and display an error page.
[ November 16, 2004: Message edited by: Marc Peabody ]
sreenath reddy
Ranch Hand

Joined: Sep 21, 2003
Posts: 415
Hi

Now i am proceeding with a temp sol which is not that good.............i am finding out in the beginning of my action itself if another user is in session and i am throwing him back to page where message is displayed and he doesnt have any other option is that except closing the window .............

If u have any ideas pls let me know

and junilu,marc thanks for ur responses
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Your solution isn't THAT bad, especially if your error page lists that scenario as a possibility of why they may have received the error.

The users must be punished for illegal procedures!
sreenath reddy
Ranch Hand

Joined: Sep 21, 2003
Posts: 415
Ya marc

i am saying the user that using ctrl n will lead to data inconsiatance and close the browser
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem with Ctrl-N and opening a new window
 
Similar Threads
session issues with Ctrl-N
Problem with dynamically generated menu.
Tomcats session architecture
Problem with opening a new window using Ctrl-N
Help me out in Session Maintainance