Using CTRL-N creates a new window with the same session-id, indeed. So my question takes on an other course (knowing that all browser have this kind of behaviour): If a user asks for his personals on tab A and tab B in FF (for example), deletes his data on tab B and then tries to edit it on tab A, than I have a situation that I don't want. How can I act?
thanks "Jean-Marc Desperrier" <[EMAIL PROTECTED]> schreef in bericht news:[EMAIL PROTECTED] > RML wrote: >> Yes, IE gives me 2 session id's. That what I expected to get on a >> multi-tab browser too. > > Are you *sure* of that ? > > If you click twice on the blue e, you'll get two instances of the > application, and then two different session id. > > But if you get a new windows of the same instance with CTRL-N, connecting > from that windows should get you the same ID. > >> Just tested that and that worries me even more... Got the same session-id >> too. Which means that an administrator uses the same session id as a >> regular user does. Doesn't sound too good. > > If you start FF as a different user on XP, you'll get separate instance > and separate ids. If you talk about identifying differently on your site, > you will not be ablt to do that with cookie based identification. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
