Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

New Session for new Window (or: Session ID vs. Process ID...)

by shushu (Scribe)
on Feb 26, 2003 at 06:54 UTC ( #238678=perlquestion: print w/replies, xml ) Need Help??
shushu has asked for the wisdom of the Perl Monks concerning the following question:

Hallo Monks!
I have a WEB application that works with Apache::ASP and Sessions, in which every time a user open a window the data in it is kept in a Session.
I need to support a way in which the same user can open more then one Session from the same machine.
Currently, when the user open two IE processes the application works great, since each process has its own Session.
Unfortunately, when the user open a new window using CTRL-N or use "open a new window", it seems as though the same Session is used.
Some will tell me, "Well, this is very important feature". Yes, I know. You don't want a user to "forget" his login, or anything, between windows. This is why this behavior is the default, and it is fine.
The question is - how can I work differently, meaning - every window, even opened by the same process, will have its own Session.

It seems at first that using $Session->Abandon() will do the trick. Unfortunately, it does not.
First of all, the abandon will actually take place only in the next query of the server. The code below will show you:
<HTML> <HEAD> </HEAD> <BODY> <pre> <% use strict; use Data::Dumper; print "<br>Session ID before Abandon:" . $Session->{S +essionID} . "<br>"; $Session->Abandon; print "Session ID after Abandon:" . $Session->{Sessio +nID} . "<br>"; %> </pre> </BODY> </HTML>
Instead of seeing two different Session IDs, before and after, I got the same Session ID. I believe that this is not for the reason it seems - that the Abandon is done before the execution, or something else. I believe this is because the Session object does not change in the server, and all the Abandon does is sending a new Session ID in the next request.

Second, it seems that even an abandoned session will be the same session for all of the windows opened by the same process. To see that I wrote an example, in which one button open a new window, and another button shows the document.cookie, and did the following scenario:
  1. Open two IE processes, both to the test.asp below.
  2. See that each of them has a different Session ID
  3. In both of them press "open new window".
  4. Now check the Session IDs in all four windows.
What I expected is that each window will have its own Session (I did Abandon for that). Instead, every process has its own Session ID, and the new opened windows "interfere" with the first opened windows...

The bottom line - if this is the only behavior a Session can have, why bother to call it a Session ID? This is actually a Process ID!
Therefore I am almost certain there IS a way to differ between sessions in the same process. Only question is - how.

The Code:
<HTML> <script> function open_window (URL) {; } function show_session_id (URL) { alert(document.cookie); } </script> <HEAD> </HEAD> <BODY> <pre> <% use strict; use Data::Dumper; print "<br>Session ID before Abandon:" . $Session->{S +essionID} . "<br>"; $Session->Abandon; print "Session ID after Abandon:" . $Session->{Sessio +nID} . "<br>"; %> </pre> <BR> <BUTTON onclick=open_window('test.asp')>Open new window</butto +n> <BUTTON onclick=show_session_id()>Show Session ID</button> </BODY> </HTML>

Replies are listed 'Best First'.
Re: New Session for new Window (or: Session ID vs. Process ID...)
by JayBonci (Curate) on Feb 26, 2003 at 07:14 UTC
    ASP session objects work on cookies. Because you are opening a new window in the same browser thread, it shares the cookies that are local to that thread. If you "Open In New Window...", it spawns a new local thread with the same base cookie file, but you should be able to login and do other things from there. You'll find whichever browser window that you close last will write to your global cookie file.

    Session Objects are somewhat flawed, and you can never gaurentee that Abandon() will ever be called on a Session or Application object. It may be in your best interest to manually manage the cookies. I've never found an ASP application where the problems in the Session object were outweighed by it's convenience.

      Thanks for the response.
      It is clear to me that I actually work with cookies, and that I need to "manage the cookies", but what that I want is not to create new cookie, but instead work with the document cookie and just (it seems for me that this is really a "just" - a simple task) create what you called cookies local to the thread to be local to the window.
      Can I do this at all ?

        Instead of using the $Session object, use $Response->Cookie() and give it a value. What are you using the $Session object for depends on what you'd store in the ->Cookie (specific to your particular ASP application). This way, you can be gaurenteed that Session->Abandon() won't change your Session ID.

        How are you authenticating the users? A database of some sort?

Re: New Session for new Window (or: Session ID vs. Process ID...)
by perrin (Chancellor) on Feb 26, 2003 at 15:47 UTC
    There is no way to do what you want with cookies. Cookies are intentionally shared between browser windows. What you have to do is maintain state using data in the URL or hidden form fields. Not just a session ID in the URL, but the whole session data. That's the only way this can work.
      Hi All, In my application two threads from same process are ending up creating two sessions with one overwriting the other. Can anyone please suggest me how can i determine if the two requests are from same threads with in process or its from different processes. Using synchronisation doesnt seem to solve my problem Best Regards, Pavan

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://238678]
Approved by graff
[marto]: hmm, verify httpscert, hosted on IIS, created on $client Windows PKI infrastructure from perl on an old Solaris box
[marto]: I really hate our clients network/infrastruc ture :P

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (6)
As of 2017-10-20 11:07 GMT
Find Nodes?
    Voting Booth?
    My fridge is mostly full of:

    Results (261 votes). Check out past polls.