Re: [PHPLIB] Warning - Same session in two browsers? From: Florian Gnägi (gnaegi <email protected>)
Date: 11/25/99

hi simon

i think you can achieve this by using only get mode. in the first window
with the first session variable you use everywhere $sess-url() to code
your links that should show up in the same window sharing the same session
variable.

now, the link where you make it possible to open a new page with a new
session variable (e.g. with target=_blank) you just don't use
$sess->url(). since in the new window the session variable is missing,
phplib will create a new session wich is only valid in the second window.

of course, if a user clicks on a link with ctr.-click, middle mousbuton or
whatever one can get a new window witch uses the same session variable as
the first one. sam mentioned some other ways to do that. i don't know
why users always have to do things you don't want them to do, they have
all kind of strange ideas... ;-)

but anyway, i don't really understand why you want to do that. it seems a
bit confusing to me having opened the same page for the same user at the
same time but with a different session variable... but you certainly have
good reasons...

have fun

-florian

On Thu, 25 Nov 1999, Simon Sadler wrote:

> Thanks for your help Florian.
>
> I think my empty objects must be down to the multiple browser windows
> sharing one session record. I was heading down that road anyway but you've
> helped me confirm that. Thanks.
>
> I guess that the best way around this is to have the user log on every time
> they open a new window. It would be even better if I could detect whether
> they were already logged on in another window and create a new session
> straight away. Then there would be different session IDs using different
> records. Any idea how to do this?
>
> Simon.
>
> ----- Original Message -----
> From: Florian Gnägi <gnaegi <email protected>>
> To: Simon Sadler <simon.sadler <email protected>>
> Cc: <phplib <email protected>>
> Sent: 23 November 1999 6:22 pm
> Subject: Re: [PHPLIB] Warning - Same session in two browsers?
>
>
> > hi
> >
> > if you need two different sessions within the same browser you have to
> > define two different sessions in your local.inc. in the new window you
> > should use your second session definition.
> >
> > cookies as i understand them are valid for the whole browser environnement
> > and not for a single browser page. go reading your cookie file, you won't
> > find any window information in there. therefore the behaviour seems
> > to be correct.
> >
> > if two windows are opened and do use the same session variable they will
> > store their information within the same record in the database. this is
> > also true if the virtually impossible case happens that at the same time
> > another person is using the same session variable for some reason. but
> > don't care about this, it'll never happen ;-)
> >
> > the blanking of your object, hm, misterious, maybe it's in your code
> > somewhere? do you use an auth object? if yes, maybe you should choose a
> > longer livetime for the authentication...
> >
> > put an
> >
> > echo $auth->auth["uid"]."<br>";
> > echo $Login= $auth->auth["uname"]."<br>";
> >
> > somewhere in your code to check if you loose your auth information after
> > closing one window. maybe auth->delete() gets executed where it
> > shouldn't...
> >
> > hope this helps
> >
> > -florian
> >
> > On Tue, 23 Nov
> > 1999, Simon Sadler wrote:
> >
> > > I wrote concerning this a while back but got no replies so I've
> rephrased
> > > it...
> > >
> > > session->mode = "cookie"
> > > session->lifetime = 0 - session cookies
> > > Browser = IE5
> > >
> > > In setup.inc I create some objects of my classes and register them with
> the
> > > session. They are persistent the whole time a user is logged on and
> contain
> > > vital info.
> > >
> > > On my site there are links that open a page in a new browser window. I'm
> > > using <a target="new window"...> to do this. When this new window is
> opened
> > > it seems that the session from the original window is inherited as all
> the
> > > registered variables are the same. Firstly, can anyone confirm that the
> > > cookie is inherited? Now the main question is, what happens when either
> of
> > > the windows is closed?
> > >
> > > Whatever the answer, something is wrong as occasionally my registered
> > > objects become blank. At first I thought that the session cookie might
> be
> > > deleted when any of the windows were closed but I now doubt that because
> the
> > > log in screen never appears after this problem occurs. Would I be right
> in
> > > thinking that if the cookie did go missing I'd have to re-log in?
> > >
> > > I suppose that it must be down to PHPLIB itself. Would there be trouble
> if
> > > two browsers were sharing the same session? They would both be accessing
> and
> > > saving to one session record. Would that cause any trouble? I know it
> > > shouldn't but there may be something obscure here.
> > >
> > > Obviously, everything works fine if restricted to one window.
> > >
> > > Please help. I believe this is an important point and something that we
> > > should all be aware of. If I haven't been clear enough please ask
> anything
> > > you need to.
> > >
> > > Thanks in advance,
> > >
> > > Simon.
> > >
> > >
> > >
> > > -
> > > PHP3 Base Library Mailing List. Send messages to
> <phplib <email protected>>.
> > > To unsubscribe, send "unsubscribe" to <phplib-request <email protected>>
> in
> > > the body, not the subject, of your message.
> > >
> >
> > -
> > PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
> > To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
> > the body, not the subject, of your message.
> >
>
>
> -
> PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
> To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
> the body, not the subject, of your message.
>

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.