c676228 said:
Hi all,
I am thinking about doing this since I got several cases that some of our
internal users open more than one browser at the same time from our
server.
When one of the transactions was not completed finished, the second
browser
jusk pick up some session variables from the first browser and process
right
after that. It messed up everything.
Sounds to me like poor design, like maybe an entry point script that posts
to itself one or more times to perform successive segments of a
transactional process, while trying to use session data to track the
current/determine the next segment.
Session data is not a workable option for that purpose. Aside from the
multiple open browsers problem you're seeing, what if the browser is closed
after the first, but before the last segment? What if something holds-up
the flow between segments, and the session expires before the next segment
is executed?
If the process is transactional in nature, you should generate an ID value
for each one when you construct the page from which the user will launch it,
and then pass that ID to each segment as a URL parameter or hidden form
input. Use that ID to facilitate isolation logic, i.e., a positive
mechanism to prevent unrelated requests from the same user from interfering
with a transaction in progress.
You might also want split some segments of the process to separate script
files, but if not, pass the value that determines which segment to execute
as a hidden input, rather than storing that value in the session from one
segment, and reading it back from the session for each request, and
branching to a segment based thereupon.
I was thinking about use remote_addr, but it seems not working since we
are
behind the firewall and every user's IP inside the company network to the
internet is the same.
Even if that were not the case, multiple requests from a single given client
system will have the same client IP, and even if *that* were not the case,
identifying the client system does nothing to identify whether/if multiple
browser windows are open on that client.
It seems that I have to use internal userID and record this in the
database
and when any page is requested, I have to check in the database to see if
the
user is connected then decide if the page should be display or not.
Again, even if there is a flawless way to do this, in the purest sence, it's
irrelevant. Why does every incoming request from a given client need to
pertain to a single transaction in progress? (In absence of bad design, the
answer is: there is no reason.)
From a user's perspective I have to tell you, I litteraly despise sites that
impose such limits on my session. Case in point, the amtrak.com site.
Booking travel on amtrak.com is a text-book example of a multi-segment
transactional process, but in many cases the list of trains available to
service some segment of your desired itinerary is artificially limited -- it
doesn't give you a big-picture view. There may be multiple ways to reach
point B from point A, not all are equal to say the least!
The site used to allow the user to have multiple browsers interactively open
at once, which allowed "what if" queries, viewing route maps/schedules, etc,
without sacrificing all your input so far in your "real" reservation
process -- what if I left on Monday instead of Sunday? What if I travel
early in the morning instead of afternoon? It can make a huge difference.
(Example: San Diego, CA to San Luis Obispo, CA. One route takes 6 hours on
a single train; another takes 14 hours with 4 lay-overs and two connecting
bus segments -- and you can't check your baggage, *and* it costs $20 more!
Option A: fast, comfortable, stress-free; option B: trip from hell!)
In any case, before I ramble on forever, after they re-factored the site,
opening a new browser on the site blows any reservations in progress. Worse
yet, when reserved seats were selected in a reservation that gets blown-out,
those reserved seats are somehow encumbered for some irritatingly long
timeout...
For whatever it's worth...
-Mark