In my application, it should not allow the user to open the application in multiple tabs for same browser. I need to implement this for some security purpose. How can i implement this?
Asked
Active
Viewed 4,117 times
0
-
4How does preventing more than one instance of an application make your site more secure? Also, as it has been asked before ([here](http://stackoverflow.com/questions/557733/how-to-prevent-a-user-from-having-multiple-instances-of-the-same-web-application?rq=1) and [here](http://stackoverflow.com/questions/8252977/prevent-users-from-opening-multiple-instance-of-same-website?rq=1)): it's not a good idea, nor is it a user-friendly one. – Terry Jun 04 '16 at 05:57
2 Answers
1
Generate a session ID on server side every time a user opens your application. This session ID should be specific to the browser, IP, MAC and any data you receive as part of the initial request. For every subsequent request, validate the session ID.
Any link in your application should send a POST request, best would be submitting a form, and not a GET request so it does not open in another tab.
If a user intentionally opens your application in another tab, since you would know you already have a session ID generated for the requested data, invalidate the previously generated session ID, log the user out, and destroy the session.
Pulkit Mittal
- 5,916
- 5
- 21
- 28
1
A simpler way is to subscribe to localStorage notification and then update a node. Since events are not sent to the updating tab, it will only affect previously opened tabs.
Example in jquery:
$(window).on("storage", function(ev) {
if (ev.originalEvent.key == "tabsync") {
window.close(); // will probably not work if the user opened the tab
window.location = "/onetabonlyplease";
}
});
localStorage.setItem("tabsync", Date.now());
Yuval
- 11
- 2