Hi Cristi, I think you must know and understand how the session works in PHP. Please Read. http://in2.php.net/session Some things to note on that page session.use_cookies session.use_trans_sid ---- Zareef Ahmed -----Original Message----- From: Cristi Barladeanu [mailto:kristache@xxxxxxxxx] Sent: Thursday, November 04, 2004 3:56 AM To: php-general@xxxxxxxxxxxxx Subject: Re: Authentification related to browser window Thank you all for the answers. As I thought, Skippy is right. It is the only solution for independent windows, but still no idea about opening new tabs in same browser. It is at least a good starting point. I'll search the docs and the web for this. Your help (useful links maybe?) is welcome. Cheers, Cristi On Wed, 3 Nov 2004 12:09:32 +0200, Skippy <skippy@xxxxxxxxxx> wrote: > Quoting Cristi Barladeanu <kristache@xxxxxxxxx>: > > My problem is pretty simple. User enters the site, logins, and after > > that he hits ctrl+n or something, to open a new window from same > > browser. Can I make him to login again in the new window but to keep > > him logged in the old one? Now i'm using sessions, but i realise > > that the cookies set by them are related to browser, so every window > > use them. > > You'll need to use URL session id's. I seem to recall that PHP > sessions can be configured to use only them and never cookies. This > way, the session id is passed as a GET parameter to every page you go > to on your site. A new browser window won't have the id by default (if > you go to the homepage) but it will if you do "open this link in a new > tab" or "new window". > > Session id's in the URL have a lot of downsides to them. First of all, > you have to propagate them by hand. ALL links on your site must be > careful to include them as GET parameters, and all POST forms must > include them too. It's gets tedious very fast, and is error prone. > > Plus, it doesn't solve your problem 100%, as you can see above. If the > new window is derived from an existing link they'll still seem already > logged on. > > Finally, there are horrible security issues with URL sid's. The user > may chose to save an URL containing a sid to his bookmarks, where they > can be seen by someone else. They may send the URL (with the sid > included) to a friend who may pass it on to others. The URL also gets > passed to other sites in the Referer HTTP header. Finally, as long as > they have JavaScript active in the browser, any site can check their > recent browsing history and pick up the sid from there. > > -- > Romanian Web Developers - http://ROWD.ORG > ------------------------------------------------------------------------ -- Zareef Ahmed :: A PHP develoepr in Delhi ( India ) Homepage :: http://www.zasaifi.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php