don't open new window

Re: don't open new window

Jayme Assuncao Casimiro:
[color=blue]
>
> Is there the possibility of not permiting the user of opening
> two windows of the same web site?[/color]

No.

André Næss

Re: don't open new window

Jayme Assuncao Casimiro <jayme@dcc.ufmg .br> schrieb:
[color=blue]
> Is there the possibility of not permiting the user of opening
> two windows of the same web site?[/color]

No. You can't control the user and the users browser(s) and computer(s).

Regards,
Matthias

Re: don't open new window

Matthias Esken wrote:
[color=blue]
>
> No. You can't control the user and the users browser(s) and computer(s).[/color]

Perhaps you could (with a complicated session-based tracker, or by
tracking IPs), but the point is that you *should not* control the user's
browser, that's not the purpose of a website!

-adi

Re: don't open new window

Adi Schwarz wrote:
[color=blue]
> Matthias Esken wrote:
>[color=green]
>>
>> No. You can't control the user and the users browser(s) and computer(s).[/color]
>
> Perhaps you could (with a complicated session-based tracker, or by
> tracking IPs), but the point is that you *should not* control the user's
> browser, that's not the purpose of a website!
>
> -adi[/color]

I would say it's not even possible then. The client most probably caches
the page and when a new window is opened just opens it from cache. You
*may* be able to do it with JavaScript (if you are really anal, a
combination of javascript and PHP), but again, there is no reason you
should be limiting how many windows a client has open. You shouldn't care,
your PHP code should be robust enough to handle submissions/track where a
user is if they have multiple pages open, plus thats just one thing you
should mess with. A users web-browser is personal. At the point you start
making it impossible to do something, they get pissed. (Or do something
for that matter, like pop-ups). Take my advice, leave the browser alone.


-Eric Kincl

Re: don't open new window

*** Eric Kincl wrote/escribió (Fri, 21 Nov 2003 01:53:38 +0000):[color=blue]
> I would say it's not even possible then. The client most probably caches
> the page and when a new window is opened just opens it from cache.[/color]

User can spoil any attempt just opening two browsers (Explorer and
Mozilla)—give n that he actually care. I normally leave annoying sites
unexplored ;-)



--
--
-- Álvaro G. Vicario - Burgos, Spain
--

Re: don't open new window

Eric Kincl <Eric@Kincl.net _NO_SPAM_> wrote in message news:<3fbd7022@ news.gvsu.edu>. ..[color=blue]
> Adi Schwarz wrote:
>[color=green]
> > Matthias Esken wrote:
> >[color=darkred]
> >>
> >> No. You can't control the user and the users browser(s) and computer(s).[/color]
> >
> > Perhaps you could (with a complicated session-based tracker, or by
> > tracking IPs), but the point is that you *should not* control the user's
> > browser, that's not the purpose of a website!
> >
> > -adi[/color]
>
> I would say it's not even possible then.[/color]

No. It's possible. As Adi said, you need complex session
processing for that. BTW, I don't mean disabling "Open new window"
option of browser---I mean if the user opens a new window, then prompt
a error message or force log off.

My bank ( http://www.icicibank.com/ )have such option. They won't
allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
"Open link in new window". If you do so, then they will force log off
telling that it's for security purpose.

---
"One who mix sports and patriotism is a barbarian"
Email: rrjanbiah-at-Y!com

Re: don't open new window

R. Rajesh Jeba Anbiah:
[color=blue]
> Eric Kincl <Eric@Kincl.net _NO_SPAM_> wrote in message
> news:<3fbd7022@ news.gvsu.edu>. ..[color=green]
>> Adi Schwarz wrote:
>>[color=darkred]
>> > Matthias Esken wrote:
>> >
>> >>
>> >> No. You can't control the user and the users browser(s) and
>> >> computer(s).
>> >
>> > Perhaps you could (with a complicated session-based tracker, or by
>> > tracking IPs), but the point is that you *should not* control the
>> > user's browser, that's not the purpose of a website!
>> >
>> > -adi[/color]
>>
>> I would say it's not even possible then.[/color]
>
> No. It's possible. As Adi said, you need complex session
> processing for that. BTW, I don't mean disabling "Open new window"
> option of browser---I mean if the user opens a new window, then prompt
> a error message or force log off.
>
> My bank ( http://www.icicibank.com/ )have such option. They won't
> allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
> "Open link in new window". If you do so, then they will force log off
> telling that it's for security purpose.[/color]

Well they can obviously do that because you have to log in and thus they can
link all your actions to you as a person. But in the general case you don't
have that luxury.

But really, instead of disallowing the Stop, Refresh and CTRL-N buttons the
bank should get a fucking clue and implement their system so that it can
handle those sorts of things. Doesn't sound like a bank I would want to
use. "Our security depends on the user's ability to not make mistakes.".
Right.

André Næss

Re: don't open new window

ng4rrjanbiah@re diffmail.com (R. Rajesh Jeba Anbiah) schrieb:
[color=blue]
> Eric Kincl <Eric@Kincl.net _NO_SPAM_> wrote in message news:<3fbd7022@ news.gvsu.edu>. ..
>[color=green]
>> I would say it's not even possible then.[/color]
>
> No. It's possible. As Adi said, you need complex session
> processing for that. BTW, I don't mean disabling "Open new window"
> option of browser---I mean if the user opens a new window, then prompt
> a error message or force log off.
>
> My bank ( http://www.icicibank.com/ )have such option. They won't
> allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
> "Open link in new window". If you do so, then they will force log off
> telling that it's for security purpose.[/color]

Which information do they use for this? IPs can change (Proxy!) and
browsers can change.

Regards,
Matthias

Re: don't open new window

Matthias Esken <muelleimer2003 nospam@usenetve rwaltung.org> wrote in message news:<bpll7c.1a 4.1@usenet.eske n.de>...[color=blue]
> ng4rrjanbiah@re diffmail.com (R. Rajesh Jeba Anbiah) schrieb:
>[color=green]
> > Eric Kincl <Eric@Kincl.net _NO_SPAM_> wrote in message news:<3fbd7022@ news.gvsu.edu>. ..
> >[color=darkred]
> >> I would say it's not even possible then.[/color]
> >
> > No. It's possible. As Adi said, you need complex session
> > processing for that. BTW, I don't mean disabling "Open new window"
> > option of browser---I mean if the user opens a new window, then prompt
> > a error message or force log off.
> >
> > My bank ( http://www.icicibank.com/ )have such option. They won't
> > allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
> > "Open link in new window". If you do so, then they will force log off
> > telling that it's for security purpose.[/color]
>
> Which information do they use for this?[/color]

I don't know about their implementation. The pages are in JSP. I
think, they're doing this with session. Also, their system is somewhat
buggy---sometimes the system fails to recognize the use of "Stop
button" or "Refresh button" or "Ctrl+N"...

Here is my simple, quick (but buggy) solution:

<?php
session_start() ;
header('Cache-Control: no-store, no-cache, must-revalidate'); //don't
cache the page

if (isset($_SESSIO N[$_SERVER['PHP_SELF']]))
{
echo 'Error: You cannot see a page more than once or open more
than one window.';
}
else //no problem...
{
$_SESSION[$_SERVER['PHP_SELF']] = 1;
echo 'Hello, World!.';
//show other contents...
}
?>

---
"There are two kinds of people, those who do the work and those who
take the credit. Try to be in the first group; there is less
competition there."---Indira Gandhi
Email: rrjanbiah-at-Y!com