3 Jan
2012
3 Jan
'12
5:35 a.m.
Hi All,
I do the login with admin credentials in one internet explorer window. Now
i open one more seperate IE window and give my xwiki home url i.e
http://localhost:8888/myxwiki/ . I see in this second i am directly getting
logged in with admin credentials which is not correct. I should see login
screen on this second window here.
Then i did debugging and found out with both IE windows
xwikicontext.getRequest().getSession() returning the same session(
basically both sessions are having same session id). As per my
understanding session is specific to browser window . so both windows(or
request from diffent IE windows) should have different session attached to
them.
Not getting how come both request are having same session id.
Thanks
3 Jan
3 Jan
6:10 a.m.
New subject: [xwiki-users] [xwiki-devs] Same session is getting associated from separate IE windows while login?
On 01/02/2012 11:35 PM, mohit gupta wrote:
Hi All,
I do the login with admin credentials in one internet explorer window. Now
i open one more seperate IE window and give my xwiki home url i.e
http://localhost:8888/myxwiki/ . I see in this second i am directly getting
logged in with admin credentials which is not correct. I should see login
screen on this second window here.
Then i did debugging and found out with both IE windows
xwikicontext.getRequest().getSession() returning the same session(
basically both sessions are having same session id). As per my
understanding session is specific to browser window . so both windows(or
request from diffent IE windows) should have different session attached to
them.
Not getting how come both request are having same session id.
No, this isn't true most of the times. A session is just a serverside
storage area reserved for one client, where the connection between the
client and the session is established by a key, called a session
identifier, and which can be stored in several ways. One way is by
embedding the session ID in each URL generated by the application, which
would indeed make the session work only as long as you click through the
links in the same browser window. Still, opening such a link in a new
window will keep the same session in a different window, and opening an
URL without the session ID in it would lose the session even in the same
window.
Another, simpler and preferred method of keeping the session identifier
is by using cookies, which work across an entire browsing session,
across windows and sometimes even across restarts if you configure your
browser to restore the previous (browser) session on restarts.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
1:11 p.m.
New subject: [xwiki-users] [xwiki-devs] Same session is getting associated from separate IE windows while login?
Two questions on this :-
As you said One way is by embedding the session ID in each URL generated by
the application, which would indeed make the session work only as long as
you click through the links in the same browser window. Is it done by
browser internally or developer has to take care of this?
Regarding second point looks like from code xwiki is using cookies. Is
there a way to disable cookies so if want the behaviour mentioned in
Original post i can achieve it.
On 01/02/2012 11:35 PM, mohit gupta wrote:
Hi All,
I do the login with admin credentials in one internet explorer window. Now
i open one more seperate IE window and give my xwiki home url i.e
http://localhost:8888/myxwiki/ . I see in this second i am directly
getting
logged in with admin credentials which is not correct. I should see login
screen on this second window here.
Then i did debugging and found out with both IE windows
xwikicontext.getRequest().**getSession() returning the same session(
basically both sessions are having same session id). As per my
understanding session is specific to browser window . so both windows(or
request from diffent IE windows) should have different session attached
to
them.
Not getting how come both request are having same session id.
No, this isn't true most of the times. A session is just a serverside
storage area reserved for one client, where the connection between the
client and the session is established by a key, called a session
identifier, and which can be stored in several ways. One way is by
embedding the session ID in each URL generated by the application, which
would indeed make the session work only as long as you click through the
links in the same browser window. Still, opening such a link in a new
window will keep the same session in a different window, and opening an URL
without the session ID in it would lose the session even in the same window.
Another, simpler and preferred method of keeping the session identifier is
by using cookies, which work across an entire browsing session, across
windows and sometimes even across restarts if you configure your browser to
restore the previous (browser) session on restarts.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
______________________________**_________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/**mailman/listinfo/users<http://lists.xwiki.org/m…
4695
days inactive
4695
days old
2 comments
2 participants
participants (2)
-
mohit gupta -
Sergiu Dumitriu