Rafal Los wrote:
Can anyone answer this question:
What is the *technical reason* that separate TABS cannot be isolated
from each other (for session management, etc).
Because the session information is per-profile in the typical case (e.g.
cookies). If the question is why session cookies are not per-tab, it's
because the cookie store was written way before tabs were thought of.
It could be completely rewritten to work differently, sure.
There's also the fact that users don't see separate tabs as separate
sessions... With windows it's more interesting; in particular for WinIE
separate windows are in fact separate sessions if they're started by
clicking the icon.
Why haven't browsers (such as FireFox) isolated tabs/windows from
each other such that I cannot simply replicate a logged-in user by
simply pasting into another FF tab?
For what it's worth, some sites do in fact prevent this (not sure which
mechanism they use), and it's incredibly painful from a user perspective
(opening links in new windows/tabs doesn't work properly, session
history doesn't work properly, reloading doesn't work properly, etc, etc).
-Boris
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
