Hello all,

I am using url rewriting (for some technical reason not supposed to use cookies) mechanism in my application for session tracking mechanism.

I am facing the below issue:
1) Launch the application - the url now has jsessionid appended to it and I come to some intermediate screen
2) Copy the url containing the jsessionid
3) Open a new browser window (on the same machine), paste the url there and hit it. I get the screen that i got in step 1 in the previous window.

I dont want step 3 to happen. Instead I want the session to get invalidated if step 3 is executed.

I did the same thing just out of curiosity with icici bank website where i logged in, then copied the url and pasted it in another browser and tried hitting but the session got expired.This is what I want with my application. Note that I am not using any database in my application.

Can some one help me out how to acieve this? Is there a way to find out that the request to the same sessionid is coming from a different browser window than from which jsessionid was actually created. Any pointers to this would be highly appreciated.