What you are asking to do really isn't possible because of the stateless nature of http because you can't tell where the user is coming from. If they are authenticated then the application / web server has no idea what client (browser window) they are coming from and will let them perform any task from multiple windows (unless they launch a completely new instance of the browser - which like you said would only work if you were not using cookie based authentication). Sounds like you just need to educate your users a bit.
-Steve On Thu, Jul 3, 2008 at 12:11 PM, Bruce Hodgdon <[EMAIL PROTECTED]> wrote: > Is there any way to force a new session, if a user opens a new tab then > goes to the same app that is in the first window? > > We use the pretty standard cfapplication that allows cookies and session > management. > > I have found that sometimes users will open a new tab and go to the same > application basically executing the app twice from different windows. But > since both these windows share session variables this can sometimes cause > problems (changes in one window effect the other). Executing the browser > twice keeps separate sessions. But since this is 2 windows in the same > browser the cookie that points to the session id is the same. > > I guess one way around this is cookieless sessions, then I believe you > would have to put the jsessionid on each url? I don't like doing that. > And that wouldn't stop someone from copying and pasting the URL to another > window and having the same issue. > > Or is there a good way to tell if the user does have 2 windows open with > the same session? > > Or other slick ways around this issue? > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- -- Steven Ross web application & interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
