Session Data common across multiple tabs and windows.
I realize that I am probably not using Firefox in the normal way, but this is the situation. I am developing a website using a frame work that allows you create the website on line through the browser. This means that I have several tabs open to different places in the same website, some for editing, some for viewing and some for reference information.
I have noticed that if I copy the address line from one tab to another tab or even another window, that all of my session data, (login and all) is being shared. That is to say that the new tab or window shows my login information from the orginal tab. I can and do work around this by using different browsers, but for security reasons, I think this is less than optimal.
I believe that a website's sessions data should be unique to one tab or window.
글쓴이 pgallanger@gmail.com 수정일시
모든 댓글 (1)
I have the exact opposite problem. I am using asp.net. What I am experiencing is my asp.net membership provider (which is a custom Amazon dll) will allow user 2 on tab N to be authenticated but then when the code hits the first page of my website it reverts to user 1 who is still active. In the debugger I see the sessionid values changing like mad. I use crazy async ajax calls but franky this is driving me mad so to remedy I started using a custom cookie to track the first successful login thereby limiting my browser to one user at a time.
However in Chrome 12 each tab has a potential different value. My login page forces no caching but even when I watch the javascript delete the cookie it is alive in other tabs. Thus I have no way to synchronize behavior. I am trying to shield the user from this complexity, and even more annoying this is a corner case but people freak over cookies and logins so I cannot figure this out.
I tried testing to simultaneous yahoo logins and they can track when one user logs out and the other tabs will say, "your session is no longer active"
So I cannot get a handle on the active user, if they have logged out, etc. between tabs/windows for the same browser & I have read and read and never had issues with cookies before but this behavior seems odd to me that you cannot force one browser-wide global cookie for tracking this kind of stuff. My cookie is set to "/" path so after reading and reading it is just maddening.
And on top of that Firefox 6 does not delete the cookie when browser closes even though the expiration is the default of 0, i.e. kill coookie when browser is closed. I am just shaking my head in disbelief at this sad state of event on what seems so primary a task to my addled brain.
Sigh....