I should preface this by saying I'm not a guru either.

You could require a login and do not allow the same user to log in more than
once.  You can persist things like shopping carts over different sessions
using a database.  Amazon uses cookies to automatically identify users and
tie them to their carts and what-not.


Greg



-----Original Message-----
From: Lichty, Kent [mailto:Kent.Lichty@d...]
Sent: Thursday, February 27, 2003 10:17 AM
To: Pro_JavaServer_Pages
Subject: [pro_jsp] HELP! Why do multiple windows in the same browser
mess up my sessions!



Hello. I was hoping that someone out there could help me with a VERY
FRUSTRATING problem that I am having.  Just as an introduction, I have been
coding servlets and JSPs for about two years, and, while I don't consider
myself a "guru" by any means, I do think I have a basic handle on the
subject.  However, NOBODY at my organization has ANY experience in the area
of web development so I am pretty much on my own.  Here is my problem:

I have a web application that makes heavy use of the HttpSession object.
For each session, I create a unique java bean which contains LOTS of
session-state information.  The application works great as long as I can
maintain session integrity.

However, browsers (I am using IE 6.0) easily allow session integrity to be
messed up!  For example, if you click the File-> New->Window button from
your browser, then you are now crossing session boundaries.  That is, lets
say my application is up and running and has a certain state. Now, the user
requests that another window be opened up as per above and gets into my
application. Now I have big problems, because the two applications are
tromping over each other's state!   The same problem occurs if you have a
page that contains a bunch of links to my application (it can be opened in
different ways, for different user types, etc) and it opens each application
in a separate browser window (target=_blank).  I open application session 1,
and application session 2.  When I go back to my first application, the
session ID has now changed to that of application session 2 and everything
is hosed up!

I just wonder how the "gurus" get around this problem.  I mean, sessions are
great but if they can be so easily confused and invalidated by using the
browser in certain ways then what good are they? I am also frustrated
because no books seem to want to address this issue, that is, the problems
that browsers present when maintaining session state.

I used to be able to demonstrate that Amazon.com had this same problem.  For
example, in one browser window add a book to your shopping cart. Then, in
another window delete the book from the cart. Then, go back to window 1 and
proceed to checkout. They used to show an error message, but it now seems
that they have fixed this.  But I don't think they attempt to maintain a
separate session state for each window (as I am trying to do in my app);
now, when you make a change in one window it shows up in the other.

Again, I am just looking for how others address what to me is quite a thorny
issue. Thanks.