Session Problem

[irfan.ahmad]

HI,

I need help regarding session in servlet.

i have an application with 2 web interfaces. One is for admin and other is for clients. i want to created new session for every login.

problem is: when i login by admin and client and logout any of them the rest automatically logged out :confused: i am using
HttpSession session=req.getSession(true);
to create session and
session.invalidate();
to logout.

please help me. it is urgent.

Regards,
Irfan Ahmad

[Nicholas Jordan]

I worked on this and found that Servlet httpSession will tend to persist across several hours. I can also imagine what you describe and chose to use forms authentication and some logic in the code to determine who and where was trying to logon to what.

{ As noted later: "HttpSession session=req.getSession(true), you are just getting a pointer to it.
" - that just creates one if one does not exist already.}

[irfan.ahmad]

hi,
actually problem is that, if i am logged in as admin as well as client1 and when i try to logout just client1 , admin also logged out. i want 2 separate session for both logins, so if i logout just client1, admin shouldn't be logged out.

Regards,
Irfan Ahmad

[irfan.ahmad]

I worked on this and found that Servlet httpSession will tend to persist across several hours. I can also imagine what you describe and chose to use forms authentication and some logic in the code to determine who and where was trying to logon to what.

hi,

please tell me, how can i create 2 parallel session?
and is there any other way to create session other then
HttpSession session=req.getSession(true);

Regards,
Irfan Ahmad

[zoomix]

I can think of two solutions for this.

* You either use two contexts, ie you clients log into your.web/client and your admins your.web/admin and these two have separate config fiels. This would allow for two different sessions (i think).
* You don't use .invalidate() on the session. Instead you use session.setAttribute("username", null) and check for a valid username in session on all pages.

Having two session bound to the same context from the same browser makes my head hurt. The session id:s are saved in a cookie and I can't even guess how tomcat would know which of the sessions to use at any given time, unless the browser keeps track of them. And if you leave it to the browser then you loose all control. Maybe it'll work, but there's no way of knowing for sure.

Also, the session is already created the first time a request is sent. So you are, sctrictly speaking, not "creating a new session" by HttpSession session=req.getSession(true), you are just getting a pointer to it.

/z