Reputation: 906
php Sessions, tabbed browsing solution?
So, I wrote some software about 6 years ago, and am about to release version 2.0. Recently, people have been complaining that data from one customer has been transferred to another. The culprit- uses having multiple tabs open, but browsers sharing a single session. (I got an "oh, by the way, this has been happening for a while now... ")
Luckily, I was made aware before I launch 2.0. My solution is to create a random session_name at log-in time. Then this name is constantly posted or geted to other pages in the application. It works great. The drawback, is that someone can look at the source code and see something like <input type="hidden" name="session" value="LSDT2341335054" /> Not to mention that a generated report (using GET) will show "&session=LSDT2341335054" in the url.
This was a very quick fix and it works great, but I could not find anything better out there. I work by myself so don't have any type of devil's advocate. Other than being a little sloppy, are they any real risks to this method? Just because I can't see a problem with this, doesn't mean they don't exist.
Thanks, Dave
Upvotes: 0
Views: 854
Answers (1)
Reputation: 7979
Well, isn't this new system just an extra layer on top of the previous session system, and users will only be able to see their own session identifier?
Can't really see the issue, it seems perfectly safe here, reminds me of things used in facebook messaging etc.
As deceze said, you could use cookies and check the values match, or a similar method.
Upvotes: 0
Related Questions
- PHP - Session per Tab
- How to have different sessions in different tabs
- How to manage multiple tabs with PHP
- Maintaining a session over multiple pages
- Transmitting the Correct Session Data when Multiple Tabs are Opened on a Web Browser
- Session Problem with multiple Tabs
- Sessions or cookies across multiplet tabs in PHP
- Working with PHP Sessions
- PHP Sessions in tab
- Maintaining state between browser tabs in PHP