The behavior is not identical.Session id will be different. but there are other things for session management like hidden fields through which you can get the same session id across different browser. but on every page you need to have that hidden field.
Joined: Aug 28, 2012
Actually i want to develop a small online test application. In this application i have a requirement that any user which is already log in, should not log in again in any other browser. also if he/she tried to do so then they get same as if anybody tried to open two instances of same browser. i.e., user should be already logged in.
jatan bhavsar wrote:Also need to set it to false on session timeout .
That's not going to work that easily. If I have two open browser windows and I ignore one, then its session will timeout while I'm still active in the second browser window. You can only log someone out in the database if a) he logs out manually, or b) all of his sessions timeout. That means you have to keep track of all these sessions per user. You could use the database, or a servlet context attribute. The latter could be a Map<String, Set<String>> with the keys being the user names and the values being sets of session IDs. If a session is created for the user, add an element to this Set (creating it if necessary), and if a session is destroyed you remove an element. If that was the last element you can remove the entire map entry and log the user out of the database. Make sure you add proper synchronization to the servlet context attribute if you choose this solution.
maintain the state of user (eg. which page is the user viewing right now with what all params in the server session itself)
have a mechanism to retrieve the session Object using the user Id
every time when the application is opened in a browser, render the login page, (maintain the session using URL rewriting or hidden field instead of cookies to avoid any previously left cookie)
whenever there is a login request, check whether that user is already logged in, if yes, then render the existing state (with new session & invalidate the older session), otherwise show the normal home page.