How to avoid session sharing provided by IE8 programatically in java/j2ee application ?

Question

Microsoft, in an effort to make Internet Explorer 8 "more stable" and “faster”, have changed the underlying architecture of the browser and introduced a function called "Loosely-Coupled IE" (LCIE) which works on session sharing across TAB and new instances.

But session sharing may be fatal when some one is trying to do two different things at a time with the same application, e.g. like someone want to book one forward journey ticket and one return ticket at a time, at that time he will book 2 same tickets what he has not intended to.

PROBABLE SOLUTION ON IT

1. While creating new window Instead of creating by clicking on icon or Ctrl+N we should use File -> New Session it will not happen.

2. You can make a registry change on the client PC - adding the following. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] “TabProcGrowth" = dword : 00000000 Will disable "Loosely Couple IE8"; IE8 then works as previous versions of IE.

But how i will do it programatically ?

Answer 1

Hi , Try maitain the session id at client side ,whatever say, JSP's. and sent it back to the server componenet and try tracking it. Say if the session received is in progress currently at server side , then hold for some time ( say synchronized or whatever waiting mechanism ??) . I hope this kind of session issues should be solved tricky.

Answer 2

I think the issues you describe above can be replicated on all browsers and can be better tackled server side. One approach I know of is to create a conversation id and manage the lifecycle of the conversation with a statemachine.

This allows you (and your users) to have one sesion where multiple conversations can be held concurently, which happens a lot in practice, well, at least in internal enterprise applications. The world is a more chaotic place than the business process models let show.

Answer 3

Your best bet is probably to use a web framework which supports multiple concurrent sessions (somtimes called conversations or flows), or just avoid using the session so much and go REST. If you need to hack it on the client, you would not be able to do it from your webapp, but a custom win program or a .reg file could do it. This also means that users with other OSs and browsers will still run into the same problem.

Answer 4

See guys my problem is not my application. Its working fine if i am logging in by one user, but when I am logging in by multiple user through through different user from different instances of IE8 browser my later session datas are overriding the formar one, this is b'coz both the IE browser are using same session id. Its happening because of session sharing of IE8. There is only one session is maintained for one application by how many user i am logging in doesnt matter. In fact i want to mantain on session for each user.

Like when I am logging in gmail in one browser. If i am just typing gmail on another browser, Its logging in automatically. I dont want this in my application. I should get login by another user at a time i should perform independent operation.

My application is uses Struts, Spring, Hibernate & JBoss application server.

Now tell me how I should proceed ?

Answer 5

I did not like al the other solutions provided. The only thing I want is to provide a URL that the user can click and it gets a new session to login. There is a clear sessionAuthentication function but not a openLinkInNewSessionWindow

A work around for IE8 browser you could provide a link on the page "multiple login" and use the ugly WScript from the browser. An example:

<html>
  <head>    
    <script>
      function openNewSessionIE8NoMerge() {
        // This opens a new session window for windows with IE8, unfortually there is a Active X security warning.
        var WshShell = new ActiveXObject("WScript.Shell");
        WshShell.Run("iexplore.exe -nomerge www.gmail.com?testNewSession");
      }
    </script>
  </head>

  <a href="#" onclick="javascript:openNewSessionIE8NoMerge();">Click here for a new session IE8 (multiple sessions on the same application)</a>
</html>

Test: Save the example in sampleNewSession.html, open the file with IE8, in a new tab login in gmail, press the link in sampleNewSession. Now there is a new window and not logged in.

This will help the user, it can just click a link. The only problem is the activeX security message.