prevent to open the SAME APPLICATION (with the same session) in two or more browser windows.

[jaibux]

Everybody knows how to open (or clone) the same page that you are
viewing in a new browser window by CTRL+N or via File->New Window. the
question is how to PREVENT to open the SAME WEB APPLICATION (with the
same session) in two or more browser windows.

any ideas?

(e-mail address removed)


thanks in advance!!! =)

 

[Mark Rae]

Everybody knows how to open (or clone) the same page that you are
viewing in a new browser window by CTRL+N or via File->New Window. the
question is how to PREVENT to open the SAME WEB APPLICATION (with the
same session) in two or more browser windows.

any ideas?

Firstly, apart from under exceptional circumstances, sessions are unique
irrespective of browser and/or user. That means the same 'user' (see below)
will always have a different session every time they access the web app,
even when running two copies of the browser on the same computer at the same
time, so you're on a bit of a non-starter with that one...

Secondly, the web app will have no idea who the 'user' is unless it uses
some sort of authentication mechanism i.e. the user logs in, or uses
Integrated Windows Authentication, which is quite common in corporate
intranets etc, but highly unlikely on the public Internet.

Therefore, unless your web app has some way of 'knowing' who the user is,
there's not much you can do to prevent the same user accessing the same site
more than once at the same time.

 

[Joerg Jooss]

Thus wrote Mark,

Firstly, apart from under exceptional circumstances, sessions are
unique irrespective of browser and/or user. That means the same 'user'
(see below) will always have a different session every time they
access the web app, even when running two copies of the browser on the
same computer at the same time, so you're on a bit of a non-starter
with that one...

Unfortunately, that's usually not the case. Most browsers share a cookie
jar (so to speak) when you open a new window or tab, and that's what most
users do and the OP alluded to. You have to run another instance of the browser
executable to avoid this. But at the end of the day, that's an implementation
detail of the browser.

Cheers,

 

[Mark Rae]

You have to run another instance of the browser executable to avoid this.

That's right - that's what I said:
"even when running two copies of the browser on the same computer at the
same
time,"

 

[George Ter-Saakov]

Nope, this is what you said
" That means the same 'user' (see below)
will always have a different session every time they access the web app,
even when running two copies of the browser on the same computer at the same
time"


And this is incorrect. Most likely browsers will share same session if you
running 2 copies of the browser window on the same computer at the same
time.

George

 

[Mark Rae]

And this is incorrect. Most likely browsers will share same session if you
running 2 copies of the browser window on the same computer at the same
time.

I just tried it. I opened 10 instances of IE7 and pointed at my website - 10
different SessionIDs...

Then I opened one instance of IE7, pointed at my website and clicked Cltr-N
nine times - 10 different SessionIDs...

 

[Joerg Jooss]

Thus wrote Mark,

I just tried it. I opened 10 instances of IE7 and pointed at my
website - 10 different SessionIDs...

Then I opened one instance of IE7, pointed at my website and clicked
Cltr-N nine times - 10 different SessionIDs...

Funny, IE7 and Firefox2 behave for me just as I've described (I'm testing
this with my ASP-based web mail site).

But that't no that point. The point is that this behavior (or a lack of it)
is an implementation detail, and simply cannot be relied upon.

Cheers,

 

[Mark Rae]

But that't no that point. The point is that this behavior (or a lack of
it) is an implementation detail, and simply cannot be relied upon.

Absolutely.

 

[amzaru]

Thus wrote Mark,




Funny, IE7 and Firefox2 behave for me just as I've described (I'm testing
this with my ASP-based web mail site).

But that't no that point. The point is that this behavior (or a lack of it)
is an implementation detail, and simply cannot be relied upon.

Cheers,

Ok, here's the deal: I was looking for a way to prevent users of my
website to open two or more instances of the same page. I must add
that my website is a game, so having multiple browsers opened is no
doubt an advantage. After reading this thread and trying out a couple
of things, here's what i did:
- user opens first instance of the page, he is not logged in.
- here i used javascript to attach a name to this window. the name is
a md5 hash of the php session_id , user ip, http_user_agent and
whatever else you want.
- the user logs in, then javascript checks if the window name is
correct.

- user opens another instance (Open link in new window)
- since user is already logged in, i check if the window name is still
the same . it's NOT ! .. i log out the user and force a new session
with a new id to be created and used in setting the window name.

what now ?
user has two choices: either continues to log in on this second page,
thus disabling the first page since the session id is different so the
page name will not match . this makes the first page log the user out
if accessed. Or the user will close the second page, returning to the
first but will find himself logged out.

That's it. And because of using the session id along with the ip and
user_agent this will also work if using two different browsers are
used or two different computers (IE and Firefox) : all you have to do
is put that key you created somewhere in a database, in a table where
you have your online users and checking every time to see if the user
has the same key or not.

I hope this helps and if you need a working example, I could send it
by email.