How to ensure that Session ID does not expire when new browser window of same website is opened?

Question

I have a ASP.NET website.

Here's what happens:

• I open the site and log in.

• I open another window of the same site in IE.

• When I do that, it takes me to the page which is suppose to be shown when session expires.

So, can you please let me know how to ensure that Session ID does not expire when we open the site in another browser window?

Thanks!

Answer 1

To add a somewhat more simple answer to Michael's excellent response - the short answer thus is "You can't directly achieve this".

But what you CAN do is implement tracking within your application so that you are always aware of what a user's last action was, and no matter what session they come in on, forcibly keep them in your designated workflow.

To achieve that, however, you have to basically ignore session variables (which may be a good idea anyway ;)) and the like and implement a framework that constantly tracks a users behavior, current location and any other related information. There's obviously a lot of overhead involved but that's the only way I know of to ensure that a certain user will always end up where you desire them to end up when they log in from different browsers, machines, etc.

Answer 2

The session is not expiring because you've opened a new window; the new window must not have the cookie used to store the session-id. Most of the time, these cookies are transient or "session" based cookies.

Session cookies may or may not be shared between browser windows, depending on the browser and how you open the new window. For ex., in IE 9, a new window launched using Javascript, Ctrl+N, or Ctrl+T will share session cookies. However, a new window launched by going to File / New Session will not share session cookies.

You also wont see cookies shared between different browsers (for ex., IE and Firefox).