How to make a new/unique session when chrome.tabs.create called, even if it's in same domain that was already opened before??
There is no direct option that allow chrome.tabs.create to "Start" new session even in same domain.
Related
I am building an extension which every time the browser opens asks user for a strong password. Its purpose is that it uses that password to derive and generate strong passwords for new websites upon registration and it tries to regenerate same passwords next time a user visits an already visited website.
I am using below method to store user's masterpassword(used for password generation) which is sensitive information:
window.sessionStorage.setItem(varName)
And I use below method to get it whenever it is needed.
sessionStorage.getItem(varName)
My problem is that I want this data which is stored in browsers data to be valid as long as Chrome open. This master password needs to be cleared every time user closes the browser and to be asked every time it gets reopened.
I read that session storage is temporary and it gets cleared but it does not work for my extension. I also know that there is nothing to add in order to detect browser getting closed as it stops running your script.
Can you please help me with it? Is there such method that keeps data for a short time?
Since Manifest V3 removed the notion of persistent background pages. You can imitate this with chrome.storage.local. The only caveat regarding this is that it stores the variable in the extensions local storage which is still okay for that user.
One way to imitate a browser closing is by creating a chrome.runtime.port that is opened and then when the browser closes or the extension gets reloaded it will call onDisconnect for that port, and you can clear your chrome.storage.local.clear():
chrome.runtime.onConnect.addListener(port => port.onDisconnect.addListener(() => chrome.storage.local.clear()))
When the browser is launched, just connect:
chrome.runtime.connect(null, {})
That might unload itself when background script goes back to sleep, unfortunately, the only way to get passed that is to keep your own managed extension window that pops up. But that might be overkill for user experience.
I am working on a JSF 1.2 application. Consider the following use case with a browser with 2 tabs:
In the first tab I login with user 'TEST'.
In the second tab I login with user 'TEST2'.
When I return back to the first tab, the logged-in user is changed to 'TEST2'.
How can I restrict the login to the current tab instead of all tabs? In other words, how can I restrict the HTTP session to one tab instead of all tabs of the browser instance?
Try to use the Private Tab. This will do the trick.
The private tab does not hold cookies. So it's a new session cookie for each tab.
NEW:
Another approach is disabling the cookies for your browser.
The default JSF behavior is concatenating the JSESSIONID in the URL.
So each tab will have a different JSESSIONID as a URL parameter.
Simply use 2 different browsers (like chrome and firefox)
If you're using FireFox install the MultiFox plugin
I understand that sessions are kept when opened in a new tab but is it possible to inherit the session when opening a new instance of IE7 or IE6?
For example, I opened a web application, if I opened a new browser and I went to the same URL, it will keep me logged in.
I think this is more related to cookies then sharing session between tabs or windows.
You have cookies from a site that retains some information about you. These are sent to the server when you connect to the same site within another window and you are identified based on the content in the cookie.
The following post presents some details, although I am not sure if you are asking "why?" or "how?" you are keept logged in... either way, it involves cookies on the client machine.
I found that IE7 maintains same session for multiple tabs in a single browser window and thus doesn't support different sessions for different tabs in a single browser window. My client needs that the application should work perfectly in two different tabs in a single browser window. i think this is because of session and cookie problem. Is there a workaround for this.
Appreciate your help in this regard.
Thanks,
Manoja Swaro
Browser tabs share cookies (and not just in IE, in Firefox and the others as well), and the cookies contain the session ID.
You could switch to cookie-less sessions however this has security and usability concerns. URL based sessions are easily hijacked, and it breaks bookmarking as well, as each page has a unique URL per session.
IE7 doesn't maintain a 'session' as such, you're talking about a cookie with a session ID in it, I would guess. All browsers will have one value for a cookie, it doesn't vary by window/tab.
If you want a session ID to travel with the click trail, you're going to have to pass it from page to page, by (for instance) passing it as a URL parameter and ensuring that you add the parameter to the URL within the page. (Or do without a session.)
The real solution is to change your application so it doesn't assume each session has only one page. An application that can't be open in multiple tabs is broken.
This can be hard if this assumption is already deeply embedded in your code.
I use a web application that forces you to reauthenticate with the application even if you open a new browser window that shares the same session, e.g. File, New Window in Internet Explorer. I was surprised since I thought that if you opened a new browser window from File, New in both IE and Firefox (vs. starting a new browser process) that it would share the same session.
Using an Internet Explorer cookie viewer/editor, I saw no cookies for this application at all.
How do they likely implement this forced authentication scheme that seems to disallow new browser windows from continuing the session?
One common approach is to pass a session ID in the URL.
For instance, asp.net uses this approach for cookieless sesssions. URLs within the application are rewritten to contain a session ID.
there are two possibilities for this:
it's session id stored in all <a href=''> , so clicking on link automatically sends some data to server.
Same, but with POST queries (hidden form fields)