0

We have an application which is built on JSF 2.0(MyFaces) and runs on Weblogic app server. We are facing an issue regarding http Session.

Issue: Suppose I have opened the app in two different IE windows and give some search input in first window. The search result data received in first window is being shared in second window's session.

Note: . The beans are session scoped and javax.faces.STATE_SAVING_METHOD is server. There's no problem of static variable being shared.

Any idea why is this happening, and a solution to prevent this if any ?

Regards, Shaj.

nobody
  • 1,909
  • 5
  • 31
  • 45

2 Answers2

4

The behavior exposed is expected. If you need "window" scope, take a look at MyFaces CODI Wiki @WindowScoped. Other alternative is use MyFaces Orchestra and use a different conversation context.

JSESSIONID is a cookie used by servlet spec to diferentiate between sessions, but is shared for all windows of the same browser.

For more detailed information ask on MyFaces Users and Dev Mailing Lists.

Andreas Covidiot
  • 4,286
  • 5
  • 51
  • 96
lu4242
  • 2,318
  • 1
  • 15
  • 15
3

That's because IE keeps the session ID JSESSIONID in a cookie. That cookie exists in the same IE "space". You will realise that if you use IE and Firefox, the session cookie isn't shared.

JSESSIONID is essentially the identifier used for Session Tracking by your web container. If the browser doesn't support cookie, the ID is appended on the URL. In your case, you have JESSIONID stored in a cookie and all your multiple windows can see the same Session cookie.

Buhake Sindi
  • 87,898
  • 29
  • 167
  • 228
  • 1
    and there's no way to prevent this from happening ? – nobody Apr 08 '11 at 09:58
  • @nobody, no, as `JSESSIONID` is part of the Servlet Specification. Even though your sessions are stored in server. The user session is stored in a cookie identifier `JESSIONID`. That is important as the Servlet needs to identify which user session belongs to which Http Session. – Buhake Sindi Apr 08 '11 at 10:10
  • 1
    @nobody: just don't store request scoped data in session scope. Store it in the request scope instead. – BalusC Apr 08 '11 at 10:44
  • @BalusC, **totally unrelated**, do you mind seeing my question [here](http://stackoverflow.com/questions/5513661/https-on-jsf-2-for-protected-resources-and-login)? – Buhake Sindi Apr 08 '11 at 10:50
  • I already saw it and upvoted Matt's answer. Or wasn't that what you was asking for? – BalusC Apr 08 '11 at 11:08