Session unique on taking new tab in IE7
https://stackoverflow.com/questions/4143892
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I provide sessionstate in my web.config file like this
sessionstate mode="InProc" cookieless="UseUri
That way each tab generates a new unique session ID in the URL with the format like this : http://www.domain.com/(S(kbusd155dhzflbur53vafs45))/default.aspx
It worked, but when I copy the url and paste it on another tab then the previous session value is inheriting. How can I solve this issue? Is there anyother method to solve issue?
Solution
A possible solution to this situation would be issue a ticket (guid or seomthing like that) in each response you write to the client. In the request the client would send this ticket and the server would 1) Check to see if it is valid and 2) Invalidate it so just one request (the original one) could be made with it. This way your user wouldn't be able to take advantage of new tabs or even copy/paste of URLs.
OTHER TIPS
If the user pastes a URL containing an existing session token into a new tab, your application cannot possibly know that this is a new tab and not an existing tab. I'm afraid that short of some hacky browser plugin there isn't much you can do about this.
