You are correct, it's two windows of the same browser application. What
you are saying makes sense, of course. Now, I'm not maintaining
anything about the session in the URL (I do use the occasional
QueryString variable, but it's not really tied to the session, just
telling that page which item in a given dataset to show).
As for using the IP address, that's entirely a matter of how .NET
internally maintains sessions. All I do is create a list of session
variables (HttpContext.Current.Session["variableName"]) on Session_Start
and use those throughout the session to have certain pieces of
information follow the user so that each page can access that
information. When I began developing .NET websites, this seemed like an
easy and effective way to do this. Does anyone have a suggestion for a
better way?
Regards,
David P. Donahue
[EMAIL PROTECTED]
http://www.cyber0ne.com
Brion Vibber wrote:
David P. Donahue wrote:
I've noticed an interesting effect in .NET development where sessions
can get mixed if a single computer has two browsers open to the same
site. I originally noticed it on CafePress, but now my own site is
exibiting the same behavior. I wonder if this is something people have
tried to get around before, and what can be done about it. It's rare
that a user will want to use two simultaneous browsers, but when it
happens it's certainly unexpected behavior from their perspective that
the sessions would mix. Any ideas?
Two *browsers* or two *windows* of the same browser application?
If two windows of one application (such as two Internet Explorer
windows), this is perfectly normal and will happen in pretty much any
server-side environment.
Sessions usually are keyed to cookies, which are tied to the browser
application, not to any particular open window. HTTP is a stateless
protocol and makes no restrictions about how many views you might have
open on the client or what order you visit them in, so you should always
be prepared to be 'reentrant' with multiple hits coming from the client
in different places.
For instance, if the user is browsing through a list of items in one
window, then does another search in another window, that second search
should not obliterate any server-side state for the first search. The
user might want to look at and page through both lists side-by-side.
If you mean two separate applications are sharing session state (such as
Firefox and Internet Explorer), then there might be something
problematic going on. Generally different applications will have their
own cookie storage and should thus maintain different sessions.
A mixture here might indicate a poor session keying construct such as
using the client's IP address (not guaranteed to be unique) or a key in
the URL which got cut-and-pasted from one browser to another. (Session
keys in the URL are dangerous, since keys may leak through cut-n-paste
and HTTP referer headers on external links.)
-- brion vibber (brion @ pobox.com)
------------------------------------------------------------------------
_______________________________________________
Mono-list maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list
_______________________________________________
Mono-list maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list
