I'm developing an automation tool using JavaScript/jQuery.
To manipulate the DOM I've tunneled all iframe/browser access through an proxy server to have all them on same domain.
All this is working fine! But my end point app is a transactional jsp/servlet database and I want to have multiple access to it.
I guess, because the proxy 'tunneling' all access through proxy has the same session, which is not desirable since I need multiple access to the app, and to do this I must create different sessions.
I'm trying to figure out how to achieve a unique sessionID for each Iframe/browser pointing to the same web app passing through the same (?) proxy server, roughly:
iframe ---\
iframe -----> browser ---> apache proxy ---> jsp transactional app
iframe ---/
I was sniffing the traffic on Firefox (FireBug) and all iframes has the same session ID. That's not exclusively on iframe, even if I start another browser and use the link passing through the proxy I keep the same session ID.
Using Apache http Server 2.2.20 (win32).
Proxy config (if useful):
ProxyPass /bbb http://xxx/bbb/
ProxyPassReverse /bbb/ http://xxx/bbb/
Do the iframes src attributes point to the same domain or subdomain?
Remember that Session is implemented through cookies and that cookies are shared through the domain and subdomains they belong to, eg:
If Cookie belongs to yourdomain.com then subdomain.yourdomain.com has access to it
but
If Cookie belongs to subdomain.yourdomain.com then yourdomain.com or subdomain1.subdomain.yourdomain.com DOES NOT have access to it
And it doesn´t matter if it's an iframe or another browser window or tab...