On Thu, 2009-08-20 at 12:04 +0200, Leon du Plessis wrote: > Thanks Ashley, > > I just want to iterate again that when a new page is opened by another > existing page in a new browser or Tab, the session_id is already created and > therefore the current way browsers work is in no way compremised. The new > browser/tab would receive the session id along with GET or POST variables. > > What I am suggesting/hoping is that when a new browser is opened or a new > tab is opened via the application, the protocols would reckognize that this > is the first time the page is served and is not being called from another > page. That is, a new page is loaded by the user entering it, and NOT by > clicking login or some other link from an existing page. > > Yes, I know..that creates other scenarios, so is happy to not meddle with > the way browsers work. It is just a limitation I will live with and can get > by with it. > > Regards > Leon > > -----Original Message----- > From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] > Sent: 20 August 2009 11:39 AM > To: Leon du Plessis > Cc: 'Nitebirdz'; php-general@xxxxxxxxxxxxx > Subject: RE: SESSIONS lost sometimes > > On Thu, 2009-08-20 at 10:50 +0200, Leon du Plessis wrote: > > ">> It'd make sense for things to run this way, I think. After all, I'd > > find it quite confusing if I log into Google Docs, open a document (by > > default, it opens in a new tab) and I had to log in yet again to be able > to > > edit it." > > > > Yes. I agree. But in this case the Tab being opened is used with the same > > authentication details either via POST, GET or Cookie variables. The > problem > > comes in when a totally different set of login credentials are being used > > (for the same tab/window). Other user's login particulars should not > affect > > your login variables. > > > > -----Original Message----- > > From: Nitebirdz [mailto:nitebirdz@xxxxxxxxxxxxxxx] > > Sent: 20 August 2009 10:40 AM > > To: php-general@xxxxxxxxxxxxx > > Subject: Re: SESSIONS lost sometimes > > > > On Thu, Aug 20, 2009 at 09:44:02AM +0200, Leon du Plessis wrote: > > > > > > Since we are on the subject: I have the following similar problem: > > > > > > When testing page on internet explorer, I find that one tab's variables > > can > > > affect another tab's variables. Thus when having the same web-site open > > and > > > using SESSION variables but for different users, Internet explorer can > > > become "disorientated". This also "sometimes" happen when I have two > > > separate browsing windows open with Internet Explorer for the same site. > > > > > > I have yet to determine if this is an internet explorer, or PHP or > > > combination of the two that is causing this condition. > > > > > > To my understanding _SESSION variables should be maintained per session, > > tab > > > or window. If this has been addressed already, my apologies, but thought > > it > > > worthwhile to mention. > > > > > > > I'm a total newbie when it comes to these issues, but it seems to me > > that Firefox behaves in the very same manner. It's not limited to PHP > > sessions either. It's always been my experience on any website that > > requires authentication, including the likes of Google Mail, etc. When > > I want to run multiple sessions for different GMail accounts, for > > example, I just create a different user profile in Firefox. > > > > It'd make sense for things to run this way, I think. After all, I'd > > find it quite confusing if I log into Google Docs, open a document (by > > default, it opens in a new tab) and I had to log in yet again to be able > > to edit it. > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > The point is you are misunderstanding how browsers work. What the server > app is seeing is a new login that replaces the first. This is the way > browsers work, and if it changed to the idea you have for it, then > millions of sites would suddenly fail to work; i.e. any site that > requires a new tab or window to be opened in order to function, like > banks, etc. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > There is one way to get around it, and that is to use arrays within your session variables. So for example, it might look something like this: $_SESSION['your_app_name']['username']['some_value'] This way, if the username doesn't exist, you know there is no session for them. It's ugly, but it will get around what you see as a limitation. Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
