Thank you all for the answers. As I thought, Skippy is right. It is the only solution for independent windows, but still no idea about opening new tabs in same browser. It is at least a good starting point. I'll search the docs and the web for this. Your help (useful links maybe?) is welcome. Cheers, Cristi On Wed, 3 Nov 2004 12:09:32 +0200, Skippy <skippy@xxxxxxxxxx> wrote: > Quoting Cristi Barladeanu <kristache@xxxxxxxxx>: > > My problem is pretty simple. User enters the site, logins, and after > > that he hits ctrl+n or something, to open a new window from same > > browser. Can I make him to login again in the new window but to keep > > him logged in the old one? > > Now i'm using sessions, but i realise that the cookies set by them are > > related to browser, so every window use them. > > You'll need to use URL session id's. I seem to recall that PHP sessions > can be configured to use only them and never cookies. This way, the session > id is passed as a GET parameter to every page you go to on your site. A > new browser window won't have the id by default (if you go to the homepage) > but it will if you do "open this link in a new tab" or "new window". > > Session id's in the URL have a lot of downsides to them. First of all, > you have to propagate them by hand. ALL links on your site must be careful > to include them as GET parameters, and all POST forms must include them > too. It's gets tedious very fast, and is error prone. > > Plus, it doesn't solve your problem 100%, as you can see above. If the > new window is derived from an existing link they'll still seem already > logged on. > > Finally, there are horrible security issues with URL sid's. The user > may chose to save an URL containing a sid to his bookmarks, where they > can be seen by someone else. They may send the URL (with the sid included) > to a friend who may pass it on to others. The URL also gets passed to > other sites in the Referer HTTP header. Finally, as long as they have > JavaScript active in the browser, any site can check their recent > browsing history and pick up the sid from there. > > -- > Romanian Web Developers - http://ROWD.ORG > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
