Well......maybe, maybe not... Just for theoretical sake...you COULD make this work - would it be worth the trouble, that really depends on how many users do what was described below. But, you COULD get creative...
Something like this. Let's say that there's a portal page to your application...you could actually force a new cfid and cftoken on that page and ALSO, you'd have to make sure it wasn't a temporary cookie. You'd have to make it a persistent cookie so that it wasn't in the browsers memory (otherwise they'd collide). Then, each tab would basically have it's own cfid/cftoken pair that would be unique to those browser sessions and you could have the user running two different sessions at a time. If you're not familiar with how the cookie is handled for the cf session, you'll definitely want to do some reading on that. Now, I will say with that with this approach, you may run into some weird things that you had not thought about before...but in theory, it's possible. Allen ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Ross Sent: Thursday, July 03, 2008 12:33 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in tabbed browsers What you are asking to do really isn't possible because of the stateless nature of http because you can't tell where the user is coming from. If they are authenticated then the application / web server has no idea what client (browser window) they are coming from and will let them perform any task from multiple windows (unless they launch a completely new instance of the browser - which like you said would only work if you were not using cookie based authentication). Sounds like you just need to educate your users a bit. -Steve On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Is there any way to force a new session, if a user opens a new tab then goes to the same app that is in the first window? We use the pretty standard cfapplication that allows cookies and session management. I have found that sometimes users will open a new tab and go to the same application basically executing the app twice from different windows. But since both these windows share session variables this can sometimes cause problems (changes in one window effect the other). Executing the browser twice keeps separate sessions. But since this is 2 windows in the same browser the cookie that points to the session id is the same. I guess one way around this is cookieless sessions, then I believe you would have to put the jsessionid on each url? I don't like doing that. And that wouldn't stop someone from copying and pasting the URL to another window and having the same issue. Or is there a good way to tell if the user does have 2 windows open with the same session? Or other slick ways around this issue? ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink<http://www.fusionlink.com> ------------------------------------------------------------- -- Steven Ross web application & interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink<http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------