How can I maintain Unique Session ID between IE7 tabs. When I am trying to paste the URL in the next Tab, The page is taking the pervious session ID and the page is opened.
I need to close the session ID in the new tab and get back the page to Login page.
I think you will find that the session is shared between different Windows in IE as well. So if the user navigates File -> New -> Window, the session is shared between the two windows because IE uses the same process to open up the window. I'm guessing
the same thing is happening with the tabs.
In short, the answer is, there isn't any way of creating a brand new session with each new tab or window. The only way is by opening a new instance of IE each time but this can't be done programatically from the server.
All I can suggest is to look into using ViewState and Query Strings to store data that should be unique. Use session only for information that can be shared (such as storing the windows login of a user).
I've also got this problem where I must maintain unique sessions between different Explorer tabs but have found the only way to do it is with cookieless sessions.
The reason this problem has come about is because the website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think
I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it.
I don't want to put the customer ID in the URL as this will make it open to abuse.
So, what I did was to use cookieless sessions by putting
sessionState mode="InProc"
cookieless="UseUri"
in the web.config. That way each tab generates a new unique session ID in the URL with the format like this : http://www.domain.com/(S(kbusd155dhzflbur53vafs45))/default.aspx
It is ugly but works however I've now realised that search engines bots will not index pages with session id's in the URL which is bad news.
Has anyone any good ideas of how to stop the session variables being shared across the tabs or alternatively making the URL's with session information friendly for search engine bots?
How can I maintain Unique Session ID between IE7 tabs. When I am trying to paste the URL in the next Tab, The page is taking the pervious session ID and the page is opened.
I need to close the session ID in the new tab and get back the page to Login page.
Please help me in fixing this problem.
We have forms authentication turned on for our application. If a user clicks on the link to the application in a new tab, we check to see if they are already authenticated. If so, we post a message on the login page that they already have a session going.
If they copy a URL from an existing session and paste it into a new tab, we check to see that it is not a new session and that the
HTTP_REFERER is null. If it is null, we redirect them to the login page with a message that multiple tabbing with this application is not allowed.
One drawback is that we then force the first tab to redirect to the Login page as well with a message to close the browser and start a new instance (to ensure session variables are not corrupted).
Most of the browser share same session id in the following scenario:
1. Open new tab,
2. Open new browser using CTRL +N
3. Open new browser using File -> New
The new Session Id will be created only if you open the browser instance using start menu or shortcut, this behaviour exists in all IE version. (6,7 and 8).
In IE8, you have feature of New Session, which will generate new Session Id.
I've also got this problem where I must maintain unique sessions between different Explorer tabs but have found the only way to do it is with cookieless sessions.
The reason this problem has come about is because the website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think
I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it.
I don't want to put the customer ID in the URL as this will make it open to abuse.
So, what I did was to use cookieless sessions by putting
sessionState mode="InProc"
cookieless="UseUri"
in the web.config. That way each tab generates a new unique session ID in the URL with the format like this :
It is ugly but works however I've now realised that search engines bots will not index pages with session id's in the URL which is bad news.
Has anyone any good ideas of how to stop the session variables being shared across the tabs or alternatively making the URL's with session information friendly for search engine bots?
how would you capture URI from querystring ?
Its all about coding!
--------------------------
Don't forget to click "Mark as Answer" on the post(s) that helped you.
what you need to do is when you do logout , clear session and then add above code. it will create new session each time when user logs in even in same browser but in different tab.
If the value stored in session is unique to a particular user, and it's possible that multiple instances of the application might be run side-by-side (i.e. in different tabs or windows) by different users, do
not give the session variables simple, fixed names.
Example:
You log in as ClientA in one tab and you store his name in session as: Session("Name")
You log in as ClientB in another tab and you store his name in session as Session("Name")
Whose name does Session("Name") refer to..? You seriously risk dirty reads here.
However, if you'd identified this requirement during your planning phase, you'd have realised that the only option is to identify the session variables uniquely, beyond the IDs assigned by the server to each user (or computer).
If you log in as ClientA in one tab and you store his name in session as: Session("Name" + strID)
You log in as ClientB in another tab and you store his name in session as Session("Name" + strID)
Presuming strID is some variable holding the client's ID (which should be unique) you'll never cross-reference session variables.
Dim MyAnswer As Answer = New Answer()
Dim CorrectAnswer As Answer = New Answer()
If MyAnswer = CorrectAnswer Then
MarkAsAnswer(MyAnswer)
Thank(Me)
End If
neluru
Member
35 Points
27 Posts
Unique Session between IE7 Tabs
Apr 12, 2007 07:37 AM|LINK
Hi
How can I maintain Unique Session ID between IE7 tabs. When I am trying to paste the URL in the next Tab, The page is taking the pervious session ID and the page is opened.
I need to close the session ID in the new tab and get back the page to Login page.
Please help me in fixing this problem.
Unique Session between IE7 Tabs
Nageswara Rao Eluru
jesibl
Member
43 Points
104 Posts
Re: Unique Session between IE7 Tabs
Apr 13, 2007 06:50 AM|LINK
I think you will find that the session is shared between different Windows in IE as well. So if the user navigates File -> New -> Window, the session is shared between the two windows because IE uses the same process to open up the window. I'm guessing the same thing is happening with the tabs.
In short, the answer is, there isn't any way of creating a brand new session with each new tab or window. The only way is by opening a new instance of IE each time but this can't be done programatically from the server.
All I can suggest is to look into using ViewState and Query Strings to store data that should be unique. Use session only for information that can be shared (such as storing the windows login of a user).
Baaadger
Member
2 Points
4 Posts
Re: Unique Session between IE7 Tabs
May 30, 2007 11:40 AM|LINK
I've also got this problem where I must maintain unique sessions between different Explorer tabs but have found the only way to do it is with cookieless sessions.
The reason this problem has come about is because the website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it. I don't want to put the customer ID in the URL as this will make it open to abuse.
So, what I did was to use cookieless sessions by putting sessionState mode="InProc" cookieless="UseUri" in the web.config. That way each tab generates a new unique session ID in the URL with the format like this :
http://www.domain.com/(S(kbusd155dhzflbur53vafs45))/default.aspx
It is ugly but works however I've now realised that search engines bots will not index pages with session id's in the URL which is bad news.
Has anyone any good ideas of how to stop the session variables being shared across the tabs or alternatively making the URL's with session information friendly for search engine bots?
Cookies Session State Session Management thread
ELiva
Member
29 Points
19 Posts
Re: Unique Session between IE7 Tabs
Jun 10, 2009 06:23 PM|LINK
We have forms authentication turned on for our application. If a user clicks on the link to the application in a new tab, we check to see if they are already authenticated. If so, we post a message on the login page that they already have a session going.
If they copy a URL from an existing session and paste it into a new tab, we check to see that it is not a new session and that the HTTP_REFERER is null. If it is null, we redirect them to the login page with a message that multiple tabbing with this application is not allowed.
One drawback is that we then force the first tab to redirect to the Login page as well with a message to close the browser and start a new instance (to ensure session variables are not corrupted).
sumitd
Star
12168 Points
2151 Posts
Re: Unique Session between IE7 Tabs
Jun 11, 2009 09:09 AM|LINK
Most of the browser share same session id in the following scenario:
1. Open new tab,
2. Open new browser using CTRL +N
3. Open new browser using File -> New
The new Session Id will be created only if you open the browser instance using start menu or shortcut, this behaviour exists in all IE version. (6,7 and 8).
In IE8, you have feature of New Session, which will generate new Session Id.
http://www.downloadsquad.com/2009/05/08/ie8s-new-session-feature-allows-multiple-logins-to-web-apps/
Visit: www.msblogdirectory.com
www.dotnetspeaks.com
oidldb
Contributor
2181 Points
419 Posts
Re: Unique Session between IE7 Tabs
Jun 15, 2009 01:37 PM|LINK
Hi Neluru,
You can only have one session per browser. This is true at least with IE up 'til 7 and Firefox up 'til 3.0.11.
Regards,
Dani
Dani
P.S. Please mark as answer if this helps.
nisarkhan
Contributor
2402 Points
1472 Posts
Re: Unique Session between IE7 Tabs
Aug 31, 2009 07:46 PM|LINK
how would you capture URI from querystring ?
--------------------------
Don't forget to click "Mark as Answer" on the post(s) that helped you.
dnanetworkx
Member
174 Points
71 Posts
Re: Unique Session between IE7 Tabs
Sep 01, 2009 07:02 AM|LINK
try using viewstate..
cos sessionID across the tab will be the same...
yasir.kamal
Member
28 Points
9 Posts
Re: Unique Session between IE7 Tabs
Nov 30, 2009 01:32 PM|LINK
However you can add new session for each tab using below code.
HttpContext.Current.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
what you need to do is when you do logout , clear session and then add above code. it will create new session each time when user logs in even in same browser but in different tab.
Hope this helps you.
Regards
Yasir
DD85
Member
396 Points
121 Posts
Re: Unique Session between IE7 Tabs
Nov 30, 2009 03:33 PM|LINK
I had a similar problem.
The solution I developed was such:
If the value stored in session is unique to a particular user, and it's possible that multiple instances of the application might be run side-by-side (i.e. in different tabs or windows) by different users, do not give the session variables simple, fixed names.
Example:
You log in as ClientA in one tab and you store his name in session as: Session("Name")
You log in as ClientB in another tab and you store his name in session as Session("Name")
Whose name does Session("Name") refer to..? You seriously risk dirty reads here.
However, if you'd identified this requirement during your planning phase, you'd have realised that the only option is to identify the session variables uniquely, beyond the IDs assigned by the server to each user (or computer).
If you log in as ClientA in one tab and you store his name in session as: Session("Name" + strID)
You log in as ClientB in another tab and you store his name in session as Session("Name" + strID)
Presuming strID is some variable holding the client's ID (which should be unique) you'll never cross-reference session variables.
Dim CorrectAnswer As Answer = New Answer()
If MyAnswer = CorrectAnswer Then
MarkAsAnswer(MyAnswer)
Thank(Me)
End If