Thanks EJP, for example the User1 has logged in for the first time we store the information in a Session object a jsessionId is created he has not logout.So the browser stores a cookie.
Now the same user is using another browser instance and logging again , in such case what happens?The browser finds the cookie and sends it.
Since he is not loggedoff whether a new session Id will be created for the second time?Not unless the application invalidates the session or it expires or the application creates a new one.
how the server will identify that the same user has logged in another browser instance for which he has not logged off in the first browser instance and based on that invalidate the first browser instance?It won't. The server can't see browser instances. It can only see the cookies the browser sends.
EJP wrote:And hence all browser instances will share the same session - if you're 'logged in' in one, you're 'logged in' in in the other. Cookies are maintained per browser however, so you can have two different sessions in two different browsers (Firefox and IE for example).
It won't. The server can't see browser instances. It can only see the cookies the browser sends.