• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Problem with Ctrl-N and opening a new window

 
Ranch Hand
Posts: 415
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

I have a small issue which is making major errors occuring in my app ..i have a webapplication where the UI is specific to the group of the usr logged in and this usergroup is stored in session .

But when a user logs in , and by using ctrl-n he opnes another browser and tries to login in that page with a diff user/usergroup..so what happens in that userGroup variable in the session gets overridden with the new one leading to inconsistancy in the old browser (In this all of a sudden new UI appears which is making a big hell

can any one tell me a way to sort this out
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could end up with the same issue using the browser's cache.

You'll probably have to invalidate the session at login or try something with resetting a token at login.
 
Sheriff
Posts: 17644
300
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I usually treat this issue as part training and part technical. In the training aspect, the users need to be made aware that using Ctrl-N to open up a new window will use the same session as the current window (at least when the browser is IE). If a separate session is needed, users need to run another instance of the program directly, either by clicking on the program icon or through the menu system or from the command line, whatever.

The technical part is the handling of the situation when the user does use Ctrl-N and tries to log in again. I would just check for the existence of the userGroup bean when trying to log in. If it exists, display an error or warning to the user saying that if they continue, any other windows they have already open that share the same session will be invalidated, or something to that effect.
 
sreenath reddy
Ranch Hand
Posts: 415
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would just check for the existence of the userGroup bean when trying to log in. If it exists, display an error or warning to the user saying that if they continue, any other windows they have already open that share the same session will be invalidated, or something to that effect.

Hi
i had done the same at the login by invalidating the old session but the thing is that whenever the old session is invalidated the new session will be given to both the browsers which are opened....so this is creating a problem in the old browser where he will be dispalyed the details of new guy who logged in ...............

i think this is the way happening with the tomcat server i feel...but i checked this in rediff and all its proper with out any data inconsistancy mean this has something to do with the server i feel..

and marc can u elaborate a bit on that resetting token.......................

and pls i fu have any ideas do let me know
 
Junilu Lacar
Sheriff
Posts: 17644
300
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Any windows that are using an invalidated session should just forward to a "Session Invalid" type error page and not allow the user to continue. Then the training part kicks in: train the user so that they know that if they get the Session Invalid, they need to close the window and start another instance of the browser without using Ctrl+N.
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I made the assumption that you are using Struts when I made that suggestion. You can always implement your own use of tokens but Struts makes it easier. Are you using Struts?

A token is a value that gets submitted usually with every post request. The benefit is that if some state changes you can change the token, making all requests that have the old token (browser cache) invalid.

In your case, a new login would create a new token for the session. The other instance of the old browser (before Ctrl+N) would still contain the old token, which you can catch on the server when they try to submit it and display an error page.
[ November 16, 2004: Message edited by: Marc Peabody ]
 
sreenath reddy
Ranch Hand
Posts: 415
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

Now i am proceeding with a temp sol which is not that good.............i am finding out in the beginning of my action itself if another user is in session and i am throwing him back to page where message is displayed and he doesnt have any other option is that except closing the window .............

If u have any ideas pls let me know

and junilu,marc thanks for ur responses
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your solution isn't THAT bad, especially if your error page lists that scenario as a possibility of why they may have received the error.

The users must be punished for illegal procedures!
 
sreenath reddy
Ranch Hand
Posts: 415
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ya marc

i am saying the user that using ctrl n will lead to data inconsiatance and close the browser
 
reply
    Bookmark Topic Watch Topic
  • New Topic