I'm developing a web application. I have a small problem with sessions when a user open the same window in the same session.

For example: Now, the user open the page user and he select a user I store this object in session (Session["user"] = user), if he open the same window in another tab browser and he select other user I override the session value (Session"["user"] = user).....

I'm thinking solutions:

• Avoid that the user can open the same window in the same PC
• Create unique id for each page opened by the user

What do you think? Wich is the better solution?

Thanks for your help and best regards,

I don't think you can prevent a user from opening the same page in two different tabs or browsers. So, if you need do make sure each window is a distinct "session" in your application, you'll need some kind of unique ID, perhaps stored in a hidden HTML input.

Thanks all for your responses.

I read the post How to differ sessions in browser-tabs? and I found severals solutions to generate unique id per tab.

The solutions are:

• https://sites.google.com/site/sarittechworld/track-client-windows
• https://github.com/chrisdew/subsession
• Implement my own unique id per page

I'm going to review them and I tell you the result.

If somebody knows another solution, allways is wellcome!

Best regards,

In this instance you have to use cookieless sessions - in web.config in system.web

<sessionState mode="InProc" timeout="20" cookieless="UseUri" />

what this does is insert a session id into the url so you get something like, www.host.com/(abc15284dndhjkdm)/app.aspx. thisis then unique per tab and so the user can have uniqie session per tab.

Edit: - here is the code for the aspx pages i show at web3.adprs.net/test/test1.aspx i mention below

Test1.aspx

<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="test1.aspx.vb" Inherits="WebApplication4.test1" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server">
    <title></title> </head>
     <body>
        <form id="form1" runat="server">
        <div>
        Enter User <asp:TextBox ID="user" runat="server"></asp:TextBox>
        <asp:Button ID="go" runat="server" Text="Go" />
        </div>
        </form>
    </body></html>

Test1.aspx.vb

Public Class test1
    Inherits System.Web.UI.Page

    Private Sub go_Click(sender As Object, e As System.EventArgs) Handles go.Click
        Session("user") = user.Text
        Response.Redirect("test2.aspx")
    End Sub
End Class

Test2.aspx

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    Your user from session is <%=Session("user").ToString%>
    </div>
    </form>
</body>
</html>

web.config

<?xml version="1.0"?>
<configuration>
  <system.web>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
    <sessionState mode="InProc" timeout="20" cookieless="UseUri" />
  </system.web>
  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

HTH