David P. Donahue wrote:
I've noticed an interesting effect in .NET development where sessions can get mixed if a single computer has two browsers open to the same site. I originally noticed it on CafePress, but now my own site is exibiting the same behavior. I wonder if this is something people have tried to get around before, and what can be done about it. It's rare that a user will want to use two simultaneous browsers, but when it happens it's certainly unexpected behavior from their perspective that the sessions would mix. Any ideas?
Two *browsers* or two *windows* of the same browser application? If two windows of one application (such as two Internet Explorer windows), this is perfectly normal and will happen in pretty much any server-side environment. Sessions usually are keyed to cookies, which are tied to the browser application, not to any particular open window. HTTP is a stateless protocol and makes no restrictions about how many views you might have open on the client or what order you visit them in, so you should always be prepared to be 'reentrant' with multiple hits coming from the client in different places. For instance, if the user is browsing through a list of items in one window, then does another search in another window, that second search should not obliterate any server-side state for the first search. The user might want to look at and page through both lists side-by-side. If you mean two separate applications are sharing session state (such as Firefox and Internet Explorer), then there might be something problematic going on. Generally different applications will have their own cookie storage and should thus maintain different sessions. A mixture here might indicate a poor session keying construct such as using the client's IP address (not guaranteed to be unique) or a key in the URL which got cut-and-pasted from one browser to another. (Session keys in the URL are dangerous, since keys may leak through cut-n-paste and HTTP referer headers on external links.) -- brion vibber (brion @ pobox.com)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
