Can a session cookie be distinguished by IP:port?
- From: javaguy@xxxxxxxxxxxxx
- Date: 13 Jun 2006 08:43:07 -0700
Symptom:
I have two browser windows of MSIE open with only one IEXPLORE.EXE
session. I point one window at a server on port 8080 and the other at
a server on port 8084 on the same server. I perform actions, back and
forth, on the two windows. The results cause each server to log me
out, invalidating the server session on each. Is a session cookie good
only for the server and not for the port?
Details:
I have a server with two applications running on it (development
machine). One app is "testing" and the other is "new development". I
compare the new version with the testing version. Anyways, I access
the test server like "myapp.myfirm.com:8080" and the development server
like "myapp.myfirm.com:8084".
I launch MSIE from a web shortcut and point it at 8080. I launch
another MSIE window from a web shortcut and point it at 8084. Yes, I
have only one IEXPLORE.EXE instance in memory.
I have code, as a filter, that tests if the session is invalid. It
calls HttpServletRequest.getSession(false), which returns null if the
session has been invalidated. When I do the port shuffle (above), the
session (which returned true before) now returns false.
So...I think that each server (8080 and 8084) updates the same session
cookie in MSIE. When I go to the other server that session cookie is
unknown there and the previous session is no longer found.
I haven't found any documentation about how much of a URI is used in
generating a session cookie. Can anyone confirm my analysis?
Thanks,
Jerome.
.
- Prev by Date: Re: MS Popups?
- Next by Date: Re: IE default save as box
- Previous by thread: Error with client-side XSL transformations while switching from HTTPS to HTTP
- Next by thread: Re: IE default save as box
- Index(es):
Relevant Pages
|
