Somesh Chitturi wrote:I can't use session it makes my application session dependent which I don't want.
Bear Bibeault wrote:
Somesh Chitturi wrote:I can't use session it makes my application session dependent which I don't want.
Why?
Michael Cropper wrote:For a user to be able to view a unique ID within the source code does not make your application any more vulnerable, nor does it give any sensitive information away to the user. The unique ID is a reference to all of the sensitive data which will be stored in a DB somewhere.
I cannot see any issues with showing a unique ID in the source code....
Somesh Chitturi wrote:
Bear Bibeault wrote:
Somesh Chitturi wrote:I can't use session it makes my application session dependent which I don't want.
Why?
If user opens the same jsp in two tabs and if I use session to pass my unique id to servlet, the id in the first tab will be overwritten which leads to some confusion in the servlet.
Bear Bibeault wrote:
Somesh Chitturi wrote:
Bear Bibeault wrote:
Somesh Chitturi wrote:I can't use session it makes my application session dependent which I don't want.
Why?
If user opens the same jsp in two tabs and if I use session to pass my unique id to servlet, the id in the first tab will be overwritten which leads to some confusion in the servlet.
And this is a likely scenario that prevents you from using sessions? I'd say not.
So what you are actually looking to do is be able to have two unique sessionID's for when a user has the same web app open in two tabs.
Try going on to Hotmail with two tabs open and logging in with different accounts on each tab - it doesn't work. Since the sessions are at the browser level and not the tab level.
There may be a way to create a unique ID and store in a DB / continually running java file on the server, although this seems like a very complex way of accomplishing the task. ie, how would you know when to invalidate the unique ID so it can be used by someone else? (after a certain time?).
This is about where my level of knowledge ends though...