3 Jan
2012
3 Jan
'12
6:10 a.m.
On 01/02/2012 11:35 PM, mohit gupta wrote:
Hi All,
I do the login with admin credentials in one internet explorer window. Now
i open one more seperate IE window and give my xwiki home url i.e
http://localhost:8888/myxwiki/ . I see in this second i am directly getting
logged in with admin credentials which is not correct. I should see login
screen on this second window here.
Then i did debugging and found out with both IE windows
xwikicontext.getRequest().getSession() returning the same session(
basically both sessions are having same session id). As per my
understanding session is specific to browser window . so both windows(or
request from diffent IE windows) should have different session attached to
them.
Not getting how come both request are having same session id.
No, this isn't true most of the times. A session is just a serverside
storage area reserved for one client, where the connection between the
client and the session is established by a key, called a session
identifier, and which can be stored in several ways. One way is by
embedding the session ID in each URL generated by the application, which
would indeed make the session work only as long as you click through the
links in the same browser window. Still, opening such a link in a new
window will keep the same session in a different window, and opening an
URL without the session ID in it would lose the session even in the same
window.
Another, simpler and preferred method of keeping the session identifier
is by using cookies, which work across an entire browsing session,
across windows and sometimes even across restarts if you configure your
browser to restore the previous (browser) session on restarts.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/