File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes session issue with multi tabs in a browser Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "session issue with multi tabs in a browser" Watch "session issue with multi tabs in a browser" New topic
Author

session issue with multi tabs in a browser

Maddy yam
Greenhorn

Joined: Jul 14, 2009
Posts: 3
Have a session problem with application when opened in multiple tabs of a browser.
In my project a user can have multiple log in id's so he could log into the app with two id's
at the same time as two diferent users. but when they try to log in with two id in multiple
tabs of a browser. the same session of the browser is being shared and the data gets messed up.
Any insights to solve this issue?

I see a pattern in mail.yahoo.com , if i log into my mail.yahoo with one user id and try to login in
to other user id in the new tab. one of them logs out. Any idea how this could be done...

Thanks
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 31058
    
232

Maddy,
When a user logs in, you could see if they have a valid session. If so and the id doesn't match, that would be the clue to log the other user out.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Maddy yam
Greenhorn

Joined: Jul 14, 2009
Posts: 3
Thanks for the reply, multiple tabs are from the same browser, so the session id for all the
tabs from that browser are same. I tried before as you mentioned, but it didnt solve the issue
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Different browsers handle tabs/windows and sessions differently. If the browser shares sessions across tabs there's not much you can do about it, although some frameworks allow multiple conversations per session, working around this limitation (Seam comes to mind).
Charbel Keyrouz
Ranch Hand

Joined: Jun 10, 2005
Posts: 46
You can have different browsers, I mean he uses firefox to access with first userId, IE for second, flock for the 3rd , etc....
Manohar Parelly
Greenhorn

Joined: Mar 31, 2010
Posts: 3
Dear Maddy,

Would like to know if you have got the solution for this multi tab session issue?
We are facing major issue with this problem in our application and have to resolve ASAP.
Appreciate your immediate response on this.

Regards,
Manohar P
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

My response is the same: this is simply how browsers work. Look at Seam and see if its solution is adaptable to your framework.
Ram Charan
Greenhorn

Joined: Jun 07, 2008
Posts: 16
If you are trying to provide the user the same data if he opens a new tab and data should not get messed up then you should synchronize session. Though it might effect performance but you have to live with it. HttpSession is not threadsafe.

Thanks,
Ram.
Manohar Parelly
Greenhorn

Joined: Mar 31, 2010
Posts: 3
Hi,

Using window.name javascript property we can track tabs/windows in the same session. I successfully used window.name in my application to track & do necessary action when application is accessed from multiple tabs.
Implementation details to restrict multi tabs access:
On Login page submit, set the window.name property to some value. Pass the same value as a hidden variable to Login action.
With this we can always ensure that proper login attempt window will have a name associated with it.
You have to put a check in Login action. If the value is not there in the session, it means 1st time you are trying to login in the session. Put the value in the session. If value already exist in the session, it means you are trying to login from another tab in the same session.
if(sessionmap.get("WINDOW_NAME") == null){
sessionmap.put("WINDOW_NAME", windowName);
}else{
return "InvalidBrowserWindowError";
}

Assume user is already logged in from 1st tab. In my application, if I open another tab in IE (even another window in forefox) and copy & paste the URL from 1st tab... it automatically takes the user to same page as in 1st page. To restrict this access, I identified all entry points to different modules in my application, and put below logic in some required jsp files to throw error page.

<form name="invalidwindow" id="invalidwindow" action="<<some action>>" method="post">
</form>

<script language="JavaScript" type="text/javascript">
if(window.name == '' || window.name != <<some value>>'){
invokeInvalidBrowserWindow();
}
function invokeInvalidBrowserWindow(){
document.invalidwindow.submit();
}
</script>

Above logic is to restrict web application access from multiple tabs.

If you want to support multiple logins from same machine you can do like below:
IE --> login from one IE tab. Open a new IE window (File --> New Window). and login from new window.
Mozilla --> Install CookiePie add-on in your mizilla browser window. Enable CookiePie for each tab. CookiePie will ensure that a new session will be created for each tab.

Regards,
Manohar Parelly
Asheesh Mathurs
Greenhorn

Joined: Dec 07, 2011
Posts: 2
Manohar,
This is a smart idea, is it possible to share the entire source code.
Specifically how to handle window.name for the first time, store it in session.

It may help me quickly grasp it.

There's another offering on similar lines but with .NET code
A quick response will be appreciated.

Regards
Asheesh
Manohar Parelly wrote:Hi,

Using window.name javascript property we can track tabs/windows in the same session. I successfully used window.name in my application to track & do necessary action when application is accessed from multiple tabs.
Implementation details to restrict multi tabs access:
On Login page submit, set the window.name property to some value. Pass the same value as a hidden variable to Login action.
With this we can always ensure that proper login attempt window will have a name associated with it.
You have to put a check in Login action. If the value is not there in the session, it means 1st time you are trying to login in the session. Put the value in the session. If value already exist in the session, it means you are trying to login from another tab in the same session.
if(sessionmap.get("WINDOW_NAME") == null){
sessionmap.put("WINDOW_NAME", windowName);
}else{
return "InvalidBrowserWindowError";
}

Assume user is already logged in from 1st tab. In my application, if I open another tab in IE (even another window in forefox) and copy & paste the URL from 1st tab... it automatically takes the user to same page as in 1st page. To restrict this access, I identified all entry points to different modules in my application, and put below logic in some required jsp files to throw error page.

<form name="invalidwindow" id="invalidwindow" action="<<some action>>" method="post">
</form>

<script language="JavaScript" type="text/javascript">
if(window.name == '' || window.name != <<some value>>'){
invokeInvalidBrowserWindow();
}
function invokeInvalidBrowserWindow(){
document.invalidwindow.submit();
}
</script>

Above logic is to restrict web application access from multiple tabs.

If you want to support multiple logins from same machine you can do like below:
IE --> login from one IE tab. Open a new IE window (File --> New Window). and login from new window.
Mozilla --> Install CookiePie add-on in your mizilla browser window. Enable CookiePie for each tab. CookiePie will ensure that a new session will be created for each tab.

Regards,
Manohar Parelly
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19784
    
  20

Asheesh Mathurs wrote:Manohar,
This is a smart idea, is it possible to share the entire source code.

No; we are NotACodeMill.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Asheesh Mathurs
Greenhorn

Joined: Dec 07, 2011
Posts: 2
Please excuse, my intention is not to offend forum.

Manohar's idea is a brilliant one. At times. it's easy to comprehend code from multiple related artifacts when complete picture is available.



Rob Spoor wrote:
Asheesh Mathurs wrote:Manohar,
This is a smart idea, is it possible to share the entire source code.

No; we are NotACodeMill.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: session issue with multi tabs in a browser