1

I need to get a unique identifier for a browser, such that when I log a user out, it logs them out across all tabs of that browser. The closest I've found is the following:

window.navigator.userAgent;

However, this value appears to be the same if you open up a new incognito window. However, if you are logged in to a website (for example, on StackOverflow), and you log out of one tab, it won't log you out of the incognito tab. Is there a way to get a unique session identifier for each "browser session" ? Basically, "This current tab and all other tabs within my browser that I'll be logged out of when I click the logout link".

David542
  • 104,438
  • 178
  • 489
  • 842
  • 1
    The problem is, an incognito window is essentially like a new browser. If you're looking to accomplish something like this, why not just kill all of the users sessions, regardless of what browser they're in? – Blue Nov 02 '18 at 16:28
  • 1
    @FrankerZ I don't like the idea if they're on mobile or have a work and home computer to log them out everything. Would `document.cookie` work? – David542 Nov 02 '18 at 16:28
  • Possible duplicate of [Any way to identify browser tab in JavaScript?](https://stackoverflow.com/questions/11896160/any-way-to-identify-browser-tab-in-javascript) – Zak Nov 02 '18 at 16:28
  • 1
    It'd be easier to pass a session id from the server and store it in the cookie or localstorage and then log the users out when the value of the session id changes. – Amin Jafari Nov 02 '18 at 16:29
  • When they login, don't you start a session at that point (Storing a cookie with a unique session ID)? If they open a new tab, and continue that session, they're still using the same ID. So if you kill that token, then you're essentially killing all tabs that user has open. – Blue Nov 02 '18 at 16:30
  • @FrankerZ out of curiosity -- how does the browser itself know when to log out a user and then when not to (for example, in an incognito session) – David542 Nov 02 '18 at 16:36
  • 1
    @David542 If you invalidate a token on the server side, when the user tries to access a resource that requires a valid token, it will fail at that point, because the token is invalid (You could however push a message out through like a websocket, letting them know the user has logged out). You have to treat an incognito window as a new browser entirely. To your code, it's an isolated instance. Separate cookie container, separate localStorage, separate everything. – Blue Nov 03 '18 at 15:07

0 Answers0