I found that IE7 maintains same session for multiple tabs in a single browser window and thus doesn't support different sessions for different tabs in a single browser window. My client needs that the application should work perfectly in two different tabs in a single browser window. i think this is because of session and cookie problem. Is there a workaround for this.
Appreciate your help in this regard.
Thanks,
Manoja Swaro
Browser tabs share cookies (and not just in IE, in Firefox and the others as well), and the cookies contain the session ID.
You could switch to cookie-less sessions however this has security and usability concerns. URL based sessions are easily hijacked, and it breaks bookmarking as well, as each page has a unique URL per session.
IE7 doesn't maintain a 'session' as such, you're talking about a cookie with a session ID in it, I would guess. All browsers will have one value for a cookie, it doesn't vary by window/tab.
If you want a session ID to travel with the click trail, you're going to have to pass it from page to page, by (for instance) passing it as a URL parameter and ensuring that you add the parameter to the URL within the page. (Or do without a session.)
The real solution is to change your application so it doesn't assume each session has only one page. An application that can't be open in multiple tabs is broken.
This can be hard if this assumption is already deeply embedded in your code.
Related
I have gone through many documents and answer's but my question remains unanswered and therefore I decided to post here.
Scenario:
I am trying to share session on multiple browsers or you could say computers. Now I know this isn't possible as each browser will have its own session. However, I can probably persist the session in a database or memory and share that same session via a URL parameter so that different users can access that particular session.
So far so good, but I actually want to share the page scroll position lets say if on Chrome Page A was scrolled down to PosY-500 then Page A opened on Firefox should also be scrolled down to PosY-500.
Question:
Maybe this could be achievable by the above given session solution, But how can I save such data to session which is changing continuously and also being read on Page A. Sockets? or API calls? service worker? is it even possible?
I would really appreciate if someone can share their insights on it.
I am working on a financial web application.
There is a client requirement that if user is logged in and already browsing the app. If he copies and pastes the browser url to another window. In another window, the user should get logged out.
I know http is stateless and there is no inbuilt browser mechanism (cookies etc) to solve it, this needs to be implemented by programming only. I guess people have already solved this problem. Do you know know possible solution to solve this issue?
Sadly, there is no solution.
The browser keeps the cookies and all of the user informations for all the Tabs & Windows you open. It will clear the datas (like cookies that ask to be removed after the session) as soon as you close ALL tabs and windows of your browser. Note that if the user use another browser, the behaviour your want will be respected — browsers dnn't (yet ?) share this kind of informations.
It is simply not possible to solve the problem with code, and you'll have to find work-around.
As a researcher, I've seen one of these solutions : de-auth the user on the HTTP_REFERER (Apache Env. Variable). As soon as the referer was not the application itself (except for the login form), the user was de-authed. But take care of it : the Referer is an info sent by the browser. And no information sent by the browser should be trusted :). The advice remains, if only you want to use Javascript. You'll find someone to use a JS-disabled-browser to bypass your verification.
That's why Application Development is not yet dead ;)
Cheers.
K.
If I open www.google.com in chrome and then I clear history and open www.google.com in another chrome page ,how can I distinguish these 2 web site? Is there something in one instance of browser which make it unique from other one?(same browser and same web page but 2 windows)
Under normal circumstances - no. If you aren't talking about google.com, and instead are talking about a webpage that you develop - then you can have a javascript variable (not a cookie) that's set and sent along with page navigation.
As long as that variable is unique (or random) - you can distinguish the instances.
Cookies are shared between single browser multiple windows/tabs unless using "Privacy mode"
More information on what you're trying to accomplish would help better answer this question.
The HTTP Protocol is stateless by nature so in general you shouldn't be able to tell. However, you have have two separate sessions open you can track traffic by inspecting the HTTP headers for session cookie values, but that's about as good as you're going to get.
how to prevent user to relogin in the same browser but different teb.Suppose i have loggid in gmail in a browser.But in the same browser in different tab ,if i login again, it will redirect me to the same page but my requirement is that it should redirect me to the gmail home page.Can any one solve this plz....
You'll need to store two cookies, and you'll need a way to distinguish between the two cookies in the two sessions. The only way I know to do this is to encode part of the cookie in every single GET query made from a single "session".
I understand that sessions are kept when opened in a new tab but is it possible to inherit the session when opening a new instance of IE7 or IE6?
For example, I opened a web application, if I opened a new browser and I went to the same URL, it will keep me logged in.
I think this is more related to cookies then sharing session between tabs or windows.
You have cookies from a site that retains some information about you. These are sent to the server when you connect to the same site within another window and you are identified based on the content in the cookie.
The following post presents some details, although I am not sure if you are asking "why?" or "how?" you are keept logged in... either way, it involves cookies on the client machine.