 |
 |
 |
 |
|
|
Date: 11/29/99
- Next message: Newbie: "[PHPLIB] Language problem"
- Previous message: Florian Gnägi: "Re: [PHPLIB] $sess->url and $sess->add_query()"
- In reply to: Simon Sadler: "Re: [PHPLIB] Warning - Same session in two browsers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: Simon Sadler [mailto:simon.sadler <email protected>]
> Sent: 28 November 1999 12:35
> To: sam <email protected>
> Cc: phplib <email protected>
> Subject: Re: [PHPLIB] Warning - Same session in two browsers?
>
>
> Thanks for your feedback Sam. See my recent reply to Florian about my
> situation and possible solution.
>
> > IMHO the session should store NOTHING about the current page. Any
> > page specific stuff should ONLY be done with forms, and stored in
> > hidden fields - encrypted if it needs to be secure.
>
> Problem with hidden fields is that they can be edited on the
> client side to
> feed back invalid data. Also with large variables in hidden
> fields, the user
> has to suffer a longer download of the page and then a longer
> upload to send
All true.
> it all back. Surely much better to store it on the server.
Except for the problems you discovered.
> However, this whole episode has opened my eyes to persistent
> variables. The
> way I see it is if you have two browser windows sharing the same session
> then your registered variables will become corrupt.
Corrupt is a strong word - they will certainly become iconsistent with some
of the multiple pages.
> Of course
> this will only
> happen if the pages actually modify the variables but most would.
> Does this
> make persistent (registered) variables useless?
It just introduces the problems you mention.
Sam
>
> Simon.
>
> ----- Original Message -----
> From: Sam Liddicott <hea176136 <email protected>>
> To: Simon Sadler <simon.sadler <email protected>>; <phplib <email protected>>
> Sent: 25 November 1999 10:53 am
> Subject: Re: [PHPLIB] Warning - Same session in two browsers?
>
>
> > Simon Sadler <simon.sadler <email protected>> said:
> >
> > > Thanks for your help Florian.
> > >
> > > I think my empty objects must be down to the multiple browser
> > windows
> > > sharing one session record. I was heading down that road anyway
> > but you've
> > > helped me confirm that. Thanks.
> > >
> > > I guess that the best way around this is to have the user log on
> > every time
> > > they open a new window. It would be even better if I could detect
> > whether
> > > they were already logged on in another window and create a new
> > session
> > > straight away. Then there would be different session IDs using
> > different
> > > records. Any idea how to do this?
> >
> > I think you just cannot tell the difference, CTRL-N in IE makes a
> > new window with a copy of the contents without re-requesting.
> >
> > Which one is new? If you close your eyes when you do CTRL-N and
> > atl-tab a few times, you won't know which one is new, neither will
> > IE, and neither can the server.
> >
> > IMHO the session should store NOTHING about the current page. Any
> > page specific stuff should ONLY be done with forms, and stored in
> > hidden fields - encrypted if it needs to be secure.
> >
> > Sam
> >
> > -
> > PHP3 Base Library Mailing List. Send messages to
> <phplib <email protected>>.
> > To unsubscribe, send "unsubscribe" to
> <phplib-request <email protected>> in
> > the body, not the subject, of your message.
> >
>
>
-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.
- Next message: Newbie: "[PHPLIB] Language problem"
- Previous message: Florian Gnägi: "Re: [PHPLIB] $sess->url and $sess->add_query()"
- In reply to: Simon Sadler: "Re: [PHPLIB] Warning - Same session in two browsers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]