Reputation: 531
Multiple sessions possible per user
If a user opens 2 web pages simultaneously they will create 2 sessions.
Usually this would not matter but it does create a problem for remember me functionality when attempting to rotate cookie tokens as recommended in the persistent login cookie best practices. There seems to be no way to rotate both cookies correctly where both sessions are opened simultaneously.
How can I resolve this?
I use Tomcat and Struts 1, but I think this is framework independent.
Upvotes: 2
Views: 1791
Answers (1)
Reputation: 489
extending @Thilo answer He is correct, any subsequent access to other page will follow send the cookies for that domain. e.g open gmail, login and now open gmail in other tab or window it send the cookie for that domain. since the cookie hold the session information on any subsequent request only session id/value will be changed. You can check it using firebug and its extension fire-cookie. On matter of avoiding remember-me problem as said in the link you specified it is more to design problem as how you are handling it.
Upvotes: 1
Related Questions
- Is Multiple browser window with single time login possible in Java
- Multiple sessions for one servlet in Java
- Java multiple HttpSession IDs for the same user
- Multiple sessions in single browser
- Maintaining session state across two http different requests in an application
- Allow each user to have a single session
- Managing session cookies in Java
- Session handling in simple http server
- Multiple sessions for one user?
- Storing different session values for multiple users on servlet