Session management in Web application

763219

Hi,

I have recently started to work(or rather maintain) on a Web application. The session management is non existent in this application. This application follows a client specific framework.

I have noted the some of the major discrepancies below

1. Same user logged in to different windows(IE 6+) share the session.
2. Different users logged also share the same session.

When I searched online for possible solutions I came across concepts of using Cookies, URL Rewriting with JSessionID etc.

Could someone please suggest some methods to manage sessions properly. It would be great if I can get some links using which I can implement the said methd without much trouble.

Thanks!

EJP

I have recently started to work(or rather maintain) on a Web application. The session management is non existent in this application.

That doesn't mean that there isn't any. If it is a servlet container of any kind it is obliged to do session management.

1. Same user logged in to different windows(IE 6+) share the session.

A container won't do that.

2. Different users logged also share the same session.

A container won't do that either.

I conclude that there is session management in the application and that it is broken. Severely.

When I searched online for possible solutions I came across concepts of using Cookies, URL Rewriting with JSessionID etc.

The container does all that for you. See the Java Servlet Specification.

jwenting

user2954391 wrote:
1. Same user logged in to different windows(IE 6+) share the session.
2. Different users logged also share the same session.

Different browser windows created in the same (client side) browser process will share a single session. That's the way browsers are designed, has nothing to do with your application.

Whether a new browser window is part of the same client side process or not depends on the design of the browser application and operating system, again has nothing to do with your application.