I got find some method to distinguish session between mutiple tabs of browsers. First is the about the Cookiesless. Second is using Javascript to handle the window.name when open new tabs. Third is using hidden field to keep the session value. Still got other method to distinguish the session?
Asked
Active
Viewed 7,971 times
3
-
1I say use cookies and call it good, but that's me :) – dana Jan 17 '13 at 07:12
-
2[May be this is what you want. the link provide some code. It use HiddenField][1] [1]: http://stackoverflow.com/questions/2840615/asp-net-session-multiple-browser-tabs-different-sessions – DevProve Jan 17 '13 at 08:32
-
1See my answer to this question: http://stackoverflow.com/a/14285965/453277. In brief, use a unique hidden field as a *key* to session value(s) -- don't store the actual value in a hidden field. – Tim M. Jan 29 '13 at 02:59
-
But if you do just use a hidden field you need to be aware that that is trivial to change and submit. – Jared Peless Jan 29 '13 at 03:11
1 Answers
4
Something that many sites do, including my DNS provider and a number of banks, is just to keep the session identifier in a URL parameter instead of a cookie, and have every manner of getting between pages pass the id to the next page.
This results in a session only surviving as long as each individual tab is open, and means that each tab has a unique session that does not use cookies.
In ASP.NET, using a hidden field that exists on every page to continuously pass a constant session identifier is a good and easy method of doing this.
Another thing you can do is to hash the identifier each time navigation occurs if you want to stop people using the browser back button or browser history for security reasons. This is the method many netbanking services use. Note that while very secure, this method can be frustrating for users.
mirichan
- 1,370
- 1
- 12
- 25