This content has been marked as final. Show 2 replies
I have recently started to work(or rather maintain) on a Web application. The session management is non existent in this application.That doesn't mean that there isn't any. If it is a servlet container of any kind it is obliged to do session management.
1. Same user logged in to different windows(IE 6+) share the session.A container won't do that.
2. Different users logged also share the same session.A container won't do that either.
I conclude that there is session management in the application and that it is broken. Severely.
When I searched online for possible solutions I came across concepts of using Cookies, URL Rewriting with JSessionID etc.The container does all that for you. See the Java Servlet Specification.
user2954391 wrote:Different browser windows created in the same (client side) browser process will share a single session. That's the way browsers are designed, has nothing to do with your application.
1. Same user logged in to different windows(IE 6+) share the session.
2. Different users logged also share the same session.
Whether a new browser window is part of the same client side process or not depends on the design of the browser application and operating system, again has nothing to do with your application.