Quoting Cristi Barladeanu <kristache@xxxxxxxxx>: > My problem is pretty simple. User enters the site, logins, and after > that he hits ctrl+n or something, to open a new window from same > browser. Can I make him to login again in the new window but to keep > him logged in the old one? > Now i'm using sessions, but i realise that the cookies set by them are > related to browser, so every window use them. You'll need to use URL session id's. I seem to recall that PHP sessions can be configured to use only them and never cookies. This way, the session id is passed as a GET parameter to every page you go to on your site. A new browser window won't have the id by default (if you go to the homepage) but it will if you do "open this link in a new tab" or "new window". Session id's in the URL have a lot of downsides to them. First of all, you have to propagate them by hand. ALL links on your site must be careful to include them as GET parameters, and all POST forms must include them too. It's gets tedious very fast, and is error prone. Plus, it doesn't solve your problem 100%, as you can see above. If the new window is derived from an existing link they'll still seem already logged on. Finally, there are horrible security issues with URL sid's. The user may chose to save an URL containing a sid to his bookmarks, where they can be seen by someone else. They may send the URL (with the sid included) to a friend who may pass it on to others. The URL also gets passed to other sites in the Referer HTTP header. Finally, as long as they have JavaScript active in the browser, any site can check their recent browsing history and pick up the sid from there. -- Romanian Web Developers - http://ROWD.ORG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
