Tabbed browsing and sessions

Re: Tabbed browsing and sessions

Peter Chant <pete@petezilla .co.uk> wrote:[color=blue]
> Is there anyway to force each tab to have a separate session,[/color]

No. Tabs are nothing special in anyway to the server.
[color=blue]
> if that is my problem?[/color]

No, the problem is that your application isn't "thread safe".
[color=blue]
> My application was written not realising this potential problem and I
> am a bit stumped on how to fix it.[/color]

Don't use the session to store variables in a "global scope". You
mentioned forms, so you could generate random IDs per form and use that
to store the sessionvars for that form:
$_SESSION['formid_foo']['foo']='foo';
$_SESSION['formid_bar']['foo']='bar';

Re: Tabbed browsing and sessions

*** Peter Chant wrote/escribió (Thu, 21 Apr 2005 01:14:18 +0100):[color=blue]
> Am I right in assuming that when I connect from one browser, using several
> tabs to a database produced in mysql/php/apache only uses one session for
> all tabs?[/color]

As you know, browsers do not use sessions, they merely send session IDs to
server, typically using cookies. The browser will send the cookie if
instructed to do so. If the cookie is set to be deleted when browsing
session ends, I believe you need to (al least) close all open browser
windows. So I'd say tabs are not the problem.
[color=blue]
> I have been loosing records from my database and my best guess
> is that each tab is not a separate session, therefore the session variables
> are shared by all tabs and unfortunately this plays havoc when I try to
> update my database using the forms I have created.[/color]

Session variables are for values that must be shared among pages. Yours
seems to be the opposite case: values must *not* be shared. Why use
sessions then? Anyway, if they're strictly necessary I guess you can create
a session with a random name and store that name in the form itself.
Something like:

if($_POST['session_name']!=''){
session_name($_ POST['session_name']);
session_start() ;
}else{
// Create new session or display error, whatever
}

My code probably won't work, but I hope it gives you an idea.


--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

Re: Tabbed browsing and sessions

I have currently the same problem, if I got you right that is. I
designed a athentication/session system and now I find out that when I
open different instances of the same browser (hitting New Tab in
Firefox or File - New - Window in IE, as opposite of double-clicking
the desktop IE icon again) the navigation window duplicates, and both
windows now are in the same page, use the same session and therefore
the same session vars, hence messing everything up when navigating
simultaneously.

Still looking for a solution :|

Re: Tabbed browsing and sessions

Alvaro G Vicario wrote:
[color=blue]
>
>
> As you know, browsers do not use sessions, they merely send session IDs to
> server, typically using cookies. The browser will send the cookie if
> instructed to do so. If the cookie is set to be deleted when browsing
> session ends, I believe you need to (al least) close all open browser
> windows. So I'd say tabs are not the problem.[/color]

Well, I have left various browsers open on various desktops. I first became
aware when using a tabbed browser. I think the problem is if I have two
copies of my 'edit member' form open, one for Tom and the other for Dick.
If they both exist in the same session and I use one variable to store the
persons ID, $cont_id I have good chance of overwriting Tom's data with
Dick's and vice versa.

[color=blue]
> Session variables are for values that must be shared among pages. Yours
> seems to be the opposite case: values must *not* be shared. Why use
> sessions then?[/color]

Well, I thought that sessions were 'A Good Thing (TM)'?

I should have just stck to post data.

[color=blue]
> Anyway, if they're strictly necessary I guess you can
> create a session with a random name and store that name in the form
> itself. Something like:
>
> if($_POST['session_name']!=''){
> session_name($_ POST['session_name']);
> session_start() ;
> }else{
> // Create new session or display error, whatever
> }
>
> My code probably won't work, but I hope it gives you an idea.
>
>[/color]

Hmm, kind of see where you are coming from, not quite sure putting the
session name is quite the right plan.

It looks like when I submit a form I need to include in the form, not the
session variables, the id of the database record that the particular form
relates to.




--

Re: Tabbed browsing and sessions

Samuel Caparrós wrote:
[color=blue]
> I have currently the same problem, if I got you right that is. I
> designed a athentication/session system and now I find out that when I
> open different instances of the same browser (hitting New Tab in
> Firefox or File - New - Window in IE, as opposite of double-clicking
> the desktop IE icon again) the navigation window duplicates, and both
> windows now are in the same page, use the same session and therefore
> the same session vars, hence messing everything up when navigating
> simultaneously.
>
> Still looking for a solution :|[/color]

Hmm,

if I'd known perhaps it would have been easier to not use sessions, or
limited them to storing which style sheet I wanted to uses for the pages.
Though I can see some advantage in using the same session with multiple
pages if each were separate we would both not be in this mess.


--

Re: Tabbed browsing and sessions

Daniel Tryba wrote:
[color=blue]
> Peter Chant <pete@petezilla .co.uk> wrote:[color=green]
>> Is there anyway to force each tab to have a separate session,[/color]
>
> No. Tabs are nothing special in anyway to the server.
>[color=green]
>> if that is my problem?[/color]
>
> No, the problem is that your application isn't "thread safe".[/color]

! I did not know what that meant until know, learning the hard way.

[color=blue]
>[color=green]
>> My application was written not realising this potential problem and I
>> am a bit stumped on how to fix it.[/color]
>
> Don't use the session to store variables in a "global scope". You
> mentioned forms, so you could generate random IDs per form and use that
> to store the sessionvars for that form:
> $_SESSION['formid_foo']['foo']='foo';
> $_SESSION['formid_bar']['foo']='bar';[/color]

Eek. You seem to suggest re-inventing sessions again to create
'sub-sessions' for each form!

I assume I would have to pass the random id as post (get?!) data or a hidden
form field (I can't remember the name of the appropriate tag). It might be
just as easy to pass the variable in question, $cont_id since only I use
this app so people fiddling with the variable is not a problem.

It looks like this multiple tabs thing really takes away a lot of the
advantages of sessions in PHP.

--

Re: Tabbed browsing and sessions

"Samuel Caparrós" <lets.monroe@gm ail.com> wrote in
news:1114102964 .667721.270810@ z14g2000cwz.goo glegroups.com:

[color=blue]
> Still looking for a solution :|[/color]


use different web-browsers at the same time. that way you can double-check
your css too.

Re: Tabbed browsing and sessions


"Samuel Caparrós" <lets.monroe@gm ail.com> wrote in message
news:1114102964 .667721.270810@ z14g2000cwz.goo glegroups.com.. .[color=blue]
>I have currently the same problem, if I got you right that is. I
> designed a athentication/session system and now I find out that when I
> open different instances of the same browser (hitting New Tab in
> Firefox or File - New - Window in IE, as opposite of double-clicking
> the desktop IE icon again) the navigation window duplicates, and both
> windows now are in the same page, use the same session and therefore
> the same session vars, hence messing everything up when navigating
> simultaneously.
>
> Still looking for a solution :|[/color]

I came across this very same problem some while ago, and it took quite some
time to figure out a solution. The biggest problem is that "new tab" or
"new" does not actually open up a new browser instance, it merely creates a
clone of the current instance. This clone includes browser history as well
as the session name, and it is the session name which provides the session
id which is used to link with session data on the server. My solution is as
follows:

1) Completely new instances, not clones, can only be created by avoiding the
"new tab" and "new" options. The user must start a completely new browser
instance from scratch.
2) The application must use a session name which is different to the default
PHPSESSID. In my application I use "menuNN" where "NN" is an
auto-incrementing number. As the relationship between session names and
session id's is one-to-one, the only way to have multiple sessions id's in
use at the same time is to have multiple session names.
3) The user must start the application at the logon screen, as it is only
the logon process which can choose a new session name. The session id is
allocated automatically. In my logon process I scan to see which session
names are currently in use, then allocate a new one by incrementing the "NN"
value. The session name thus generated must therefore be included in all
URLs, otherwise the link to a specific set of session data will be lost.

Tricky, but it works.

--
Tony Marston

Re: Tabbed browsing and sessions


Tony Marston wrote:[color=blue]
> 1) Completely new instances, not clones, can only be created by[/color]
avoiding the[color=blue]
> "new tab" and "new" options. The user must start a completely new[/color]
browser[color=blue]
> instance from scratch.[/color]

Of course :) That solves the problem, but still I have to either

1) convince the customer to not use "clones" under any circumstances to
navigate simultaneously, but creating new browser windows for that (my
current system works fine with this).
2) make sure the customer will get an error if creating a "clone" (this
would be ideal, but that's where I'm lost).

I've been thinking of creating a txt dummy file on server, named after
the SID, that each page would open and keep open. Then a Javascript
would close it before page transition. The next page would check wether
the file is in use or not, and return an error if so.

I'll try today and see what I can get. But I can already foresee the
first problem; popup windows or Right Click - Open in new window would
give problems. And these are more common than your average "New Tab"
user, as far as I can see.

Re: Tabbed browsing and sessions


Samuel Caparrós wrote:[color=blue]
> Tony Marston wrote:[color=green]
> > 1) Completely new instances, not clones, can only be created by[/color]
> avoiding the[color=green]
> > "new tab" and "new" options. The user must start a completely new[/color]
> browser[color=green]
> > instance from scratch.[/color]
>
> Of course :) That solves the problem, but still I have to either
>
> 1) convince the customer to not use "clones" under any circumstances[/color]
to[color=blue]
> navigate simultaneously, but creating new browser windows for that[/color]
(my[color=blue]
> current system works fine with this).
> 2) make sure the customer will get an error if creating a "clone"[/color]
(this[color=blue]
> would be ideal, but that's where I'm lost).
>
> I've been thinking of creating a txt dummy file on server, named[/color]
after[color=blue]
> the SID, that each page would open and keep open. Then a Javascript
> would close it before page transition. The next page would check[/color]
wether[color=blue]
> the file is in use or not, and return an error if so.
>
> I'll try today and see what I can get. But I can already foresee the
> first problem; popup windows or Right Click - Open in new window[/color]
would[color=blue]
> give problems. And these are more common than your average "New Tab"
> user, as far as I can see.[/color]


I'd have to say that as a user, I'd be pretty irritated if you did
figure out something. When I'm on site, lots of the links there I'm
going to open in a new tab. This saves me time, because when I'm done
there I just close that tab and the original page is still there. Also,
if I like what I see in that tab, I can keep it around for future use,
while I continue to explore other stuff.

Were I to encounter new requests for login each time, I'd pretty
quickly bail on your site and go to one much more user friendly.
There's little or no good reason that I can see for what you are
proposing.



Brian

Re: Tabbed browsing and sessions

A pretty simple one; it's not simply a website, it's a corporate
application that will probably handle loads of important data.

Re: Tabbed browsing and sessions

Samuel Caparrós wrote:
[color=blue]
> A pretty probablyne; it's not simply a website, it's a corporate
> application that will probably handle loads of important data.[/color]

Mine application is not corporate, probally only ever I will use it but the
security of the data is far more important than having to log on separately
for each tab.

That said, being as we can't force MySQL to do that the point is fairly
moot. I think I will just create tempoary id variables to tie each form to
the correct variables.


Pete

--

Re: Tabbed browsing and sessions

defaultuserbr@y ahoo.com wrote:[color=blue]
> Samuel Caparrós wrote:[color=green]
> > Tony Marston wrote:[/color][/color]
<snip>[color=blue]
> I'd have to say that as a user, I'd be pretty irritated if you did
> figure out something. When I'm on site, lots of the links there I'm
> going to open in a new tab. This saves me time, because when I'm done
> there I just close that tab and the original page is still there.[/color]
Also,[color=blue]
> if I like what I see in that tab, I can keep it around for future[/color]
use,[color=blue]
> while I continue to explore other stuff.
>
> Were I to encounter new requests for login each time, I'd pretty
> quickly bail on your site and go to one much more user friendly.
> There's little or no good reason that I can see for what you are
> proposing.[/color]

I strongly agree with you. When the web application is designed, it
has to be designed with concurrency in mind. Instead, avoiding
concurrency and hence user friendliness is a stupid and costly mistakes
of any designs. If I'm right, the recent internal changes in Yahoo!
email somewhat tries to avoid concurrency--but it is totally
annoying--every time I open a new tab in FF, it redirects to main page
but flagging that message as read. Guess, Yahoo! lacks good
programmers.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re: Tabbed browsing and sessions

I noticed that Message-ID:
<1114329447.231 363.253900@z14g 2000cwz.googleg roups.com> from R. Rajesh
Jeba Anbiah contained the following:
[color=blue]
>Guess, Yahoo! lacks good
>programmers.[/color]


I think they have at least one...


--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/