Dealing with sessions on explorer 7

[tshad]

How do you deal with sessions on IE7?

Each tab seems to share the same session? This is a real problem as a
person could go to the site, leave the site open and open another page and
be still logged in and share the session information, which I definately
don't want to do.

In IE6, this wasn't a problem as each instance of the browser would have
it's own session ID and information.

Thanks,

Tom

 

[Göran Andersson]

How do you deal with sessions on IE7?

Each tab seems to share the same session? This is a real problem as a
person could go to the site, leave the site open and open another page and
be still logged in and share the session information, which I definately
don't want to do.

I'm afraid that's unavoidable. A user can always open more than one
window/tab.

You could partly protect yourself from this if you store the creation
time of the last page in the Session object, and also in the page so
that you can send it back with every request. That way you can check if
a request comes from the page that was last created.

In IE6, this wasn't a problem as each instance of the browser would have
it's own session ID and information.

The same problem existed, you only didn't notice it. You can open a new
window instead of starting a new instance (shift-clicking or selecting
New Window from the File menu), and the new window is in the same
session. As far as I know, it has been the same ever since version 1.

If you use Firefox, there is only one instance, so there is only one
session. If you try to start another instance, it will just open another
window in the existing instance.

 

[Cowboy \(Gregory A. Beamer\)]

This has been a problem since browsers came out. THe only way to avoid two
instances on a browser is to spawn from the start menu. And, there is no way
to force someone to do that.

The best you can do is limit using session as a dump, which reduces your
risk tremendously.

 

[bruce barker]

the best way is to code for it. add a request guid to each page render.
then tie a context to each guid, as each page should act its own
session. you should use a locking guid for access to shared session
objects. you should also have some conflict resolution code.

also if you use cookieless sessions you can start a new session whenever
you want and have two tabs with different sessions.

-- bruce (sqlwork.com)

 

[George]

First of all you are incorrect about IE6
If you right click on a link and choose "Open in a new Window" then 2
windows will share the same session.


And on a second note, what is the problem with user using 2 tabs. Unless you
put ViewState into Session I do not see any problem

George.