Preventing Two Instances of Same Web App

Is there a way to prevent the user from starting two instances of the same app(on the same computer)?

I think it is strange that if I start one instance of the app and log on. Then I start a second instance(on the same computer) and log on to that one also then log off of the second one it clears any session attributes of the first instance app also.

Basically, no. If the two instances are in the same brand of browser (e.g.. both in IE or both in Safari) then they may share the same session on the server. Or they may not, under some circumstances. And if they are in different brands of browser (e.g. one in Firefox and the other in Opera) then they will have different sessions on the server.

Generally trying to prevent the user of a web application from doing something which appears perfectly reasonable to him or her is a fool's errand. It's better to assume that it's going to happen and to deal with it on the server.

Paul Clapham wrote:Basically, no. If the two instances are in the same brand of browser (e.g.. both in IE or both in Safari) then they may share the same session on the server. Or they may not, under some circumstances. And if they are in different brands of browser (e.g. one in Firefox and the other in Opera) then they will have different sessions on the server.

Generally trying to prevent the user of a web application from doing something which appears perfectly reasonable to him or her is a fool's errand. It's better to assume that it's going to happen and to deal with it on the server.

This issue does not seem to be a problem when the same user uses to different machines for the same app even though both are IE.

Steve Dyke wrote:This issue does not seem to be a problem when the same user uses to different machines for the same app even though both are IE.

Correct, The session information is generally passed to the client through cookies. The first time the user reaches the server the browser does not have a 'jsessionid' cookie, so the server creates one and sends it back to client as part of the response. The browser holds on to the jsessionid cookie, and the next time it makes a request it sends the cookie back and the server knows to associate that request with the same session as before.

In the situation where the user creates multiple windows to the same website using the same machine (and browser) then the browser typically will 'share' the cookie between all the open windows - so all requests get the same jsessionid cookie and are associated with the same session.

In the situation where the user logs in from two different computers, even with the same browser brand, there is no (automatic) way to share that jsessionid across computers. So on both machines the first request goes without a session, the server generates a new jsessionid for each of the two independent clients, and therefore both clients are treated independently.

So not only am I going to have problems with multiple sessions of the same app on one machine but different apps that ping the same server and use the same attributes such as log on and user authinication? All of my apps use the same basic code structure and content for common activities.