0

I have a page to register users information for request submitting.I want to save the user's information entered by user in each window individually and in a dedicated session for each browser window. I searched Google and stackoverflow but did not get a good result.

How should I generate unique session for every browser window by PHP?If set session with manual sessid is more secure?

harix
  • 277
  • 3
  • 15
  • You don't know it's a different window, so you can't do this afaik. Different browsers, fine, but not multiple windows in the same browser. – Jonnix Aug 31 '17 at 13:19
  • You COULD potentionally use AJAX paired with JQUERY to get the clients current browser window, send it back to your PHP page but there's gonna be some delay since you load php first – clearshot66 Aug 31 '17 at 13:20
  • You could use `sessionStorage` javascript API – Lawrence Cherone Aug 31 '17 at 13:22
  • as long as containers aren't a thing, cookies (php sessions usually use cookies when available) are shared between browser windows of the same browser. that also means, that php sessions are probably a bad idea anyway. in general cookies could very well be a bad idea. essentially you have to provide your "session id" with every request. how you generate it is another question, but I believe creating some cryptographic random number is covered elsewhere. – Jakumi Aug 31 '17 at 13:22

1 Answers1

2

Since sessions (session cookies) are shared among all instances of the same browser, they won't help you. You will need to create unique URLs, so each window/tab can visit a truly different page. E.g.:

http://example.com/foo.php?id=abcdef123456789

Whether you treat this as unique page identifiers or as transporting the session id in the URL is up to you and what exactly you need this for.

Beware that an id transported this way is easily shared, possibly accidentally. It shows up in the browser history and can easily be copied and pasted elsewhere.

deceze
  • 510,633
  • 85
  • 743
  • 889
  • yhanks for your answer.BUT as I've searched, the method of using URL for a session is not safe. **There is no better way?** – harix Aug 31 '17 at 14:45
  • Yes indeed, you can't have your cake and eat it too in this case. – deceze Aug 31 '17 at 14:46
  • In your opinion, the first answer to this question: https://stackoverflow.com/questions/5081025/php-session-fixation-hijacking?rq=1 That gets194 votes **is and does it make sure that it works properly and safe?** – harix Aug 31 '17 at 14:59