I found that when I open my website in IE6, then press ctrl + N, a new IE is opened but it use the same session as my origin IE, any method to force user to login my application again when user press ctrl + n in IE6?
also, the same problem occur in IE 8 if user open a new IE by double click the IE shortcut icon.
Joined: Jul 06, 2005
Windows opened by ctrl+N, the "New Window" menu item, or clicking a link all belong to the same browser session.
Windows in the same browser session, all share the same session cookies.
The session cookie is how the server side session is maintained and linked to a client. ie the server looks at the sessionId embedded in the cookie sent with the request.
There is no way I am aware of to prevent this from happening. It is how they have designed the browser. And indeed, the functionality is desirable in many circumstances.
Joined: Mar 15, 2008
oh, but our application need prevent this happen because there are some bugs which are caused by user press ctrl + N in IE6 and work in two windows.
it make the session attribute (object in actionForm, in struts 1) chaos and save with unexpected result.
Or is there any workaround, like disable the ctrl + N function in IE6?
P.S. This is generally the way that other browsers work as well.
Joined: Mar 15, 2008
Bear Bibeault wrote:Your time would be better spent fixing the bugs rather than trying to find a band-aid that's unlikely to have any positive effect.
then any possible direction to fix or prevent the second IE browser overwrite the session attribute of the first IE browser window (if prevent user to open two browser by ctrl + n is not a proper direction)?
You need to change the scope of the stuff you store in the session, or you could use a sessionid + "window ID" approach to storing session state. Something like a filter that looks for an id for the window in the request, if it doesn't find one adds one and from then on all actions from that window use it to identify its own state in the session.
Paul Sturrock wrote:You need to change the scope of the stuff you store in the session, or you could use a sessionid + "window ID" approach to storing session state. Something like a filter that looks for an id for the window in the request, if it doesn't find one adds one and from then on all actions from that window use it to identify its own state in the session.
"all actions from that window" means all jsp from that window? my app has more than 3 hundred jsp and I think too much workload to add an id to each jsp, or ie window has a id?
also, I am using struts 1.x, the acton form is already hard code in the struts-config.xml, so how to keep each actionform map to a action from a specific browser window?