This only works if you haven't disabled session variables in your IIS
application...
Grab the id using: <%= Session.SessionID %>
Set the value as a cookie of your choice on the server.
Use this value to set a cookie and then check the cookie ON THE CLIENT
using JavaScript, if the value exists in the cookie and the user is
trying to open a new window when he/she aren't allowed just close the
window using JavaScript.
Haven't figured out a way to create the same functionality when session
variables are disabled but that's because I haven't had the need for it
yet. I know that the session id exists whether or not you have disabled
session varaibles but I don't know how you can get it if they are
disabled.
Anyone tried something like that?
/andreas.q3p
> -----Original Message-----
> From: SHUNK Dave [mailto:Dave.SHUNK@c...]
> Sent: den 29 november 2001 15:27
> To: Security_asp
> Cc: 'andreas@q...'
> Subject: [security_asp] RE: Session variables across browser instances
>
>
> When you say: "check the IIS session cookie in each window and only allow
> unique session windows"
>
> How do you do that?
>
> Thanks,
>
> Dave Shunk
>
>
> -----Original Message-----
> From: Andreas Pettersson [mailto:andreas@q...]
> Sent: Sunday, November 18, 2001 6:26 AM
> To: Security_asp
> Subject: [security_asp] RE: Session variables across browser
> instances
>
> Well Mark and Daniel.
>
> As the story goes, the functionality is straight-forward and session
> variables
> share the same client instance. But you don't have to open up another
> browser
> to create a new instance, as Daniel says.
>
> If you use the shortcut "Ctrl+N" you'll end up with a new window but this
> window shares it's connections with the parent window. It's the
> same as open
> up a new window with JavaScript or alike. This also goes for
> windows created
> by choosing FILE > NEW > WINDOW.
>
> But to open up a new instance you double click on the IE-icon at
> the desktop
> or from the Start menu. This will be an independent instance with it's own
> cookies and session variables.
>
> I've been exposed to this "problem" many times since some
> applications I've
> built depend heavily on cookies that needs to be updated frequently, if a
> user then have two windows sharing the same instance and tries to
> do things,
> the cookie will reflect the last changes in the last window for both
> windows.
>
> A tip if you want to disable this kind of functionality is to
> chech the IIS
> session cookie in each window and only allow unique session windows. Saved
> me some hair and quality time if you know what I mean.
>
> /andreas.q3p
>
> > -----Original Message-----
> > From: Daniel Kent [mailto:danielk@w...]
> > Sent: den 15 november 2001 11:02
> > To: Security_asp
> > Subject: [security_asp] RE: Session variables across browser instances
> >
> >
> > The complication is that each browser window is not a new
> instance of the
> > browser. Every window launched by a browser (e.g. Internet
> > Explorer) is part
> > of the same instance. To get a new browser instance, you will
> > need to open a
> > different browser (e.g. Netscape). Sessions will then not be
> > shared between
> > the browsers.
> >
> > This makes sense because sometimes we want to use client side
> scripting to
> > pop up new windows as part of a web application. These windows
> > need to share
> > their session information with their parent.
> >
> > I hope this is helpful.
> >
> > Dan Kent.
> > Wrox Press Limited
> >
> > -----Original Message-----
> > From: Taylor, Mark [mailto:mtaylor@m...]
> > Sent: 15 November 2001 08:13
> > To: Security_asp
> > Subject: [security_asp] Session variables across browser instances
> >
> >
> > Hi
> >
> > I have a scenario where I have two browser windows open on the same web
> > application (IIS 4.0). Performing an action in the one browser window
> > changes
> > the value for Session("Module"). When I switch to the other
> > browser window,
> > the Session("Module") is reflecting the change made in the first browser
> > window.
> >
> > Am I doing something wrong or is this supposed to happen? Surely each
> > browser *instance* connected to the web server should have its own
> > independant
> > session, even if running on the same workstation, same user,
> connected to
> > the same website?
> >
> > If this is supposed to work like this, any simple suggestions on
> > a fix would
> > be greatly appreciated...
> >
> > Thanks for your help.
> > Mark
> >
> >
> > NOTICE:
> >
> > This message contains privileged and confidential information intended
> > only for the person or entity to which it is addressed.
> >
> > Any review, retransmission, dissemination, copy or other use of, or
> > taking of any action in reliance upon this information by persons or
> > entities other than the intended recipient, is prohibited.
> >
> > If you received this message in error, please notify the sender
> > immediately by e-mail, facsimile or telephone and thereafter delete the
> > material from any computer.
> >
> > The New Africa Capital Group, its subsidiaries or associates do
> not accept
> > liability for any
> > personal views expressed in this message.
> >
> > ---
> > http://www.asptoday.com - the leading site for timely,
> > in-depth information for ASP developers everywhere.
> > $subst('Email.Unsub')
> >
>
>
> ---
> http://www.asptoday.com - the leading site for timely,
> in-depth information for ASP developers everywhere.
> $subst('Email.Unsub')
>
> ---
> http://www.asptoday.com - the leading site for timely,
> in-depth information for ASP developers everywhere.
> $subst('Email.Unsub')
> Read the future with ebooks at B&N
> http://service.bfast.com/bfast/click?bfmid=2181&sourceid=38934667&
categoryid=rn_ebooks
View Cart
