This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Sockets and Internet Protocols and the fly likes HTTP Sessions behavior Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "HTTP Sessions behavior" Watch "HTTP Sessions behavior" New topic

HTTP Sessions behavior

Ryan McClain
Ranch Hand

Joined: Nov 27, 2010
Posts: 106
How does a Container like Tomcat identify a client as being 'the same client between requests'? Is this by sessionID?

If the client keeps two browser windows open that both visit the same servlet (therefore two threads exist), how come the exact same sessionID is being exchanged (and therefore causing multithreading problems)? Why does the Container treat the client as the same regardless of browser window?

Another question:
It is possible to steal someone's HTTP session, right? I have read online that certain vBulletin boards were exploited by some session exploit (I don't know of the details).
Is it also possible to steal someone's request?
I agree. Here's the link:
subject: HTTP Sessions behavior