I'll take your word for it...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe
Sent: Thursday, July 03, 2008 12:50 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new window in
tabbed browsers
Allen,
Sorry, but you are wrong here. You cannot do that. If the cookie is on disk,
it is shared across all browser instances. Session cookies
(non-persistent) may work if you can guarantee separate browser instances,
which you can't do with tabs.
I'd suggest some reading on the basics of the HTTP protocols for further info.
The "HTTP" book from O'Reilly is good.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"[T]he people can always be brought to the bidding of the leaders.
This is easy. All you have to do is to tell them they are being attacked, and
denounce the pacifists for lack of patriotism and exposing the country to
danger. It works the same in every country."
--Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials
On Jul 3, 2008, at 12:44 PM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote:
> Well......maybe, maybe not...
>
> Just for theoretical sake...you COULD make this work - would it be
> worth the trouble, that really depends on how many users do what was
> described below. But, you COULD get creative...
>
> Something like this. Let's say that there's a portal page to your
> application...you could actually force a new cfid and cftoken on that
> page and ALSO, you'd have to make sure it wasn't a temporary cookie.
> You'd have to make it a persistent cookie so that it wasn't in the
> browsers memory (otherwise they'd collide). Then, each tab would
> basically have it's own cfid/cftoken pair that would be unique to
> those browser sessions and you could have the user running two
> different sessions at a time. If you're not familiar with how the
> cookie is handled for the cf session, you'll definitely want to do
> some reading on that.
>
> Now, I will say with that with this approach, you may run into some
> weird things that you had not thought about before...but in theory,
> it's possible.
>
> Allen
>
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven
> Ross
> Sent: Thursday, July 03, 2008 12:33 PM
> To: discussion@acfug.org
> Subject: Re: [ACFUG Discuss] Cookies/Sessions when opening a new
> window in tabbed browsers
>
> What you are asking to do really isn't possible because of the
> stateless nature of http because you can't tell where the user is
> coming from. If they are authenticated then the application / web
> server has no idea what client (browser window) they are coming from
> and will let them perform any task from multiple windows (unless they
> launch a completely new instance of the browser - which like you said
> would only work if you were not using cookie based authentication).
> Sounds like you just need to educate your users a bit.
>
> -Steve
>
> On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon <[EMAIL PROTECTED]>
> wrote:
> Is there any way to force a new session, if a user opens a new tab
> then goes to the same app that is in the first window?
>
> We use the pretty standard cfapplication that allows cookies and
> session management.
>
> I have found that sometimes users will open a new tab and go to the
> same application basically executing the app twice from different
> windows. But since both these windows share session variables
> this can sometimes cause problems (changes in one window effect the
> other). Executing the browser twice keeps separate sessions.
> But since this is 2 windows in the same browser the cookie that points
> to the session id is the same.
>
> I guess one way around this is cookieless sessions, then I believe
> you would have to put the jsessionid on each url? I don't like
> doing that. And that wouldn't stop someone from copying and
> pasting the URL to another window and having the same issue.
>
> Or is there a good way to tell if the user does have 2 windows open
> with the same session?
>
> Or other slick ways around this issue?
>
>
>
> -------------------------------------------------------------
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists Archive @
> http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink
> -------------------------------------------------------------
>
>
>
> --
> Steven Ross
> web application & interface developer
> http://blog.stevensross.com
> [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! :
> zeriumsteven ] [googleTalk : nowhiding ]
> -------------------------------------------------------------
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists Archive @
> http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink
> -------------------------------------------------------------
>
> -------------------------------------------------------------
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists Archive @
> http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink
> -------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists Archive @
http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
