starting a new session in Seam app

admin.admin.email.tld Jul 21, 2008 4:37 PM

so in chapter 17 of bauer & king, I noticed there is a Seam.invalidateSession() method available.

How can a user start a new session when using a Seam app? is it possible to have more than one simultaneous sessions going for the same user?

It sounds like, according to ch. 17, that when the user launches a new browser window (or tab?), Seam or other web frameworks will use the same HTTPSession for that user/app.

is this always true? how does the app/framework know it's the same user if there's no authentication in the app?

1. Re: starting a new session in Seam app

nickarls Jul 22, 2008 8:02 AM (in response to admin.admin.email.tld)

A session is a contract (session id) between the http client (browser, usually) and server that is transported through a parameter or header etc and a new session is usually created (for a stateful app) if one is not present.

The same session is usually used for a single browser (or in IE case, browsers spawned from same parent process)

The conversation id acts as an additional sub-session-id to keep track of different paths within a session. The user authentication is usually tied to a single session.

So no, if you are logged in someone can sneak up on you, hit you unconscious and continue typing in your browser (or spawn a new tab etc) and seam won't know the difference ;-)
Actions