I've also got this problem where I must maintain unique sessions between different Explorer tabs but have found the only way to do it is with cookieless sessions.
The reason this problem has come about is because the website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think
I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it.
I don't want to put the customer ID in the URL as this will make it open to abuse.
So, what I did was to use cookieless sessions by putting
sessionState mode="InProc"
cookieless="UseUri"
in the web.config. That way each tab generates a new unique session ID in the URL with the format like this : http://www.domain.com/(S(kbusd155dhzflbur53vafs45))/default.aspx
It is ugly but works however I've now realised that search engines bots will not index pages with session id's in the URL which is bad news.
Has anyone any good ideas of how to stop the session variables being shared across the tabs or alternatively making the URL's with session information friendly for search engine bots?
Baaadger
Member
2 Points
4 Posts
Re: Unique Session between IE7 Tabs
May 30, 2007 11:40 AM|LINK
I've also got this problem where I must maintain unique sessions between different Explorer tabs but have found the only way to do it is with cookieless sessions.
The reason this problem has come about is because the website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it. I don't want to put the customer ID in the URL as this will make it open to abuse.
So, what I did was to use cookieless sessions by putting sessionState mode="InProc" cookieless="UseUri" in the web.config. That way each tab generates a new unique session ID in the URL with the format like this :
http://www.domain.com/(S(kbusd155dhzflbur53vafs45))/default.aspx
It is ugly but works however I've now realised that search engines bots will not index pages with session id's in the URL which is bad news.
Has anyone any good ideas of how to stop the session variables being shared across the tabs or alternatively making the URL's with session information friendly for search engine bots?
Cookies Session State Session Management thread