On Jan 25, 8:57 am, Joerg Jooss <news-re...@joergjooss.dewrote:
Thus wrote Mark,
"George Ter-Saakov" <gt-...@cardone.comwrote in message
news:OY****************@TK2MSFTNGP05.phx.gbl...
And this is incorrect. Most likely browsers will share same session
if you running 2 copies of the browser window on the same computer at
the same time.
I just tried it. I opened 10 instances of IE7 and pointed at my
website - 10 different SessionIDs...
Then I opened one instance of IE7, pointed at my website and clicked
Cltr-N nine times - 10 different SessionIDs...
Funny, IE7 and Firefox2 behave for me just as I've described (I'm testing
this with my ASP-based web mail site).
But that't no that point. The point is that this behavior (or a lack of it)
is an implementation detail, and simply cannot be relied upon.
Cheers,
--
Joerg Jooss
news-re...@joergjooss.de
Ok, here's the deal: I was looking for a way to prevent users of my
website to open two or more instances of the same page. I must add
that my website is a game, so having multiple browsers opened is no
doubt an advantage. After reading this thread and trying out a couple
of things, here's what i did:
- user opens first instance of the page, he is not logged in.
- here i used javascript to attach a name to this window. the name is
a md5 hash of the php session_id , user ip, http_user_agent and
whatever else you want.
- the user logs in, then javascript checks if the window name is
correct.
- user opens another instance (Open link in new window)
- since user is already logged in, i check if the window name is still
the same . it's NOT ! .. i log out the user and force a new session
with a new id to be created and used in setting the window name.
what now ?
user has two choices: either continues to log in on this second page,
thus disabling the first page since the session id is different so the
page name will not match . this makes the first page log the user out
if accessed. Or the user will close the second page, returning to the
first but will find himself logged out.
That's it. And because of using the session id along with the ip and
user_agent this will also work if using two different browsers are
used or two different computers (IE and Firefox) : all you have to do
is put that key you created somewhere in a database, in a table where
you have your online users and checking every time to see if the user
has the same key or not.
I hope this helps and if you need a working example, I could send it
by email.