• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session issue with multi tabs in a browser

 
Maddy yam
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have a session problem with application when opened in multiple tabs of a browser.
In my project a user can have multiple log in id's so he could log into the app with two id's
at the same time as two diferent users. but when they try to log in with two id in multiple
tabs of a browser. the same session of the browser is being shared and the data gets messed up.
Any insights to solve this issue?

I see a pattern in mail.yahoo.com , if i log into my mail.yahoo with one user id and try to login in
to other user id in the new tab. one of them logs out. Any idea how this could be done...

Thanks
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34870
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maddy,
When a user logs in, you could see if they have a valid session. If so and the id doesn't match, that would be the clue to log the other user out.
 
Maddy yam
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply, multiple tabs are from the same browser, so the session id for all the
tabs from that browser are same. I tried before as you mentioned, but it didnt solve the issue
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Different browsers handle tabs/windows and sessions differently. If the browser shares sessions across tabs there's not much you can do about it, although some frameworks allow multiple conversations per session, working around this limitation (Seam comes to mind).
 
Charbel Keyrouz
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can have different browsers, I mean he uses firefox to access with first userId, IE for second, flock for the 3rd , etc....
 
Manohar Parelly
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Maddy,

Would like to know if you have got the solution for this multi tab session issue?
We are facing major issue with this problem in our application and have to resolve ASAP.
Appreciate your immediate response on this.

Regards,
Manohar P
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My response is the same: this is simply how browsers work. Look at Seam and see if its solution is adaptable to your framework.
 
Ram Charan
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are trying to provide the user the same data if he opens a new tab and data should not get messed up then you should synchronize session. Though it might effect performance but you have to live with it. HttpSession is not threadsafe.

Thanks,
Ram.
 
Manohar Parelly
Greenhorn
Posts: 3
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Using window.name javascript property we can track tabs/windows in the same session. I successfully used window.name in my application to track & do necessary action when application is accessed from multiple tabs.
Implementation details to restrict multi tabs access:
On Login page submit, set the window.name property to some value. Pass the same value as a hidden variable to Login action.
With this we can always ensure that proper login attempt window will have a name associated with it.
You have to put a check in Login action. If the value is not there in the session, it means 1st time you are trying to login in the session. Put the value in the session. If value already exist in the session, it means you are trying to login from another tab in the same session.
if(sessionmap.get("WINDOW_NAME") == null){
sessionmap.put("WINDOW_NAME", windowName);
}else{
return "InvalidBrowserWindowError";
}

Assume user is already logged in from 1st tab. In my application, if I open another tab in IE (even another window in forefox) and copy & paste the URL from 1st tab... it automatically takes the user to same page as in 1st page. To restrict this access, I identified all entry points to different modules in my application, and put below logic in some required jsp files to throw error page.

<form name="invalidwindow" id="invalidwindow" action="<<some action>>" method="post">
</form>

<script language="JavaScript" type="text/javascript">
if(window.name == '' || window.name != <<some value>>'){
invokeInvalidBrowserWindow();
}
function invokeInvalidBrowserWindow(){
document.invalidwindow.submit();
}
</script>

Above logic is to restrict web application access from multiple tabs.

If you want to support multiple logins from same machine you can do like below:
IE --> login from one IE tab. Open a new IE window (File --> New Window). and login from new window.
Mozilla --> Install CookiePie add-on in your mizilla browser window. Enable CookiePie for each tab. CookiePie will ensure that a new session will be created for each tab.

Regards,
Manohar Parelly
 
Asheesh Mathurs
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Manohar,
This is a smart idea, is it possible to share the entire source code.
Specifically how to handle window.name for the first time, store it in session.

It may help me quickly grasp it.

There's another offering on similar lines but with .NET code
A quick response will be appreciated.

Regards
Asheesh
Manohar Parelly wrote:Hi,

Using window.name javascript property we can track tabs/windows in the same session. I successfully used window.name in my application to track & do necessary action when application is accessed from multiple tabs.
Implementation details to restrict multi tabs access:
On Login page submit, set the window.name property to some value. Pass the same value as a hidden variable to Login action.
With this we can always ensure that proper login attempt window will have a name associated with it.
You have to put a check in Login action. If the value is not there in the session, it means 1st time you are trying to login in the session. Put the value in the session. If value already exist in the session, it means you are trying to login from another tab in the same session.
if(sessionmap.get("WINDOW_NAME") == null){
sessionmap.put("WINDOW_NAME", windowName);
}else{
return "InvalidBrowserWindowError";
}

Assume user is already logged in from 1st tab. In my application, if I open another tab in IE (even another window in forefox) and copy & paste the URL from 1st tab... it automatically takes the user to same page as in 1st page. To restrict this access, I identified all entry points to different modules in my application, and put below logic in some required jsp files to throw error page.

<form name="invalidwindow" id="invalidwindow" action="<<some action>>" method="post">
</form>

<script language="JavaScript" type="text/javascript">
if(window.name == '' || window.name != <<some value>>'){
invokeInvalidBrowserWindow();
}
function invokeInvalidBrowserWindow(){
document.invalidwindow.submit();
}
</script>

Above logic is to restrict web application access from multiple tabs.

If you want to support multiple logins from same machine you can do like below:
IE --> login from one IE tab. Open a new IE window (File --> New Window). and login from new window.
Mozilla --> Install CookiePie add-on in your mizilla browser window. Enable CookiePie for each tab. CookiePie will ensure that a new session will be created for each tab.

Regards,
Manohar Parelly
 
Rob Spoor
Sheriff
Pie
Posts: 20611
63
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Asheesh Mathurs wrote:Manohar,
This is a smart idea, is it possible to share the entire source code.

No; we are NotACodeMill.
 
Asheesh Mathurs
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please excuse, my intention is not to offend forum.

Manohar's idea is a brilliant one. At times. it's easy to comprehend code from multiple related artifacts when complete picture is available.



Rob Spoor wrote:
Asheesh Mathurs wrote:Manohar,
This is a smart idea, is it possible to share the entire source code.

No; we are NotACodeMill.
 
Santhosh Samban
Greenhorn
Posts: 9
Java Postgres Database Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is a good idea. By the way it will not work in IE. Because window.name method won't work in IE!!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic