Session is being shared between tabs!?

I have just spotted quite a serious problem with my rails app. My app
uses the session to store information. Most people who use the app may
have more than one instance of it open in their browser (multiple tabs).

The session stores which country the user has selected. On each browser
tab the user may select a different country. You can add items to a
country. There are problems with items being added to the wrong
country. This is because the session is shared between the 2 open tabs.

Does anyone know how to get round this? I know i could store country
info in the page as a hidden field or attatch it to the end of every
URL, but in my situation this is too much extra work. It would be
unfortunate if i could not use sessions to do this.

I have also just noted a simular problem with my one of my J2EE apps…

Any info/help would be very valuable,

Thanks
Chris

I have just spotted quite a serious problem with my rails app. My app
uses the session to store information. Most people who use the app may
have more than one instance of it open in their browser (multiple tabs).
This is a browser feature - nothing to do with the web app. Sessions
use cookies to identify the user - browser tabs share cookies. It’s the
same if you open a browser window via another.

The grand scheme of things, it’s not really a problem. Why would you
use 2 browser tabs to do the same thing on a site?

Steve

Thanks Steve

My App is scientific software used in my company, and there is good
reason why the users would want to run 2 instances of the site.

What would you suggest i do? What is the easiest solution?

Thanks
Chris

Rimantas L. wrote:

My App is scientific software used in my company, and there is good
reason why the users would want to run 2 instances of the site.

And the reason is?

There are plenty of good reasons, here are some:

  1. The software is sometimes used in a busy lab environment where many
    people will use one computer. Each person will want his/her own instance
    of the application on the same machine.
  2. There are complex-graphs and statistics for compounds. If A user is
    working on compounds they would want 2 screens showing the info.
    • some others

My App is scientific software used in my company, and there is good
reason why the users would want to run 2 instances of the site.

And the reason is?

Regards,
Rimantas

http://rimantas.com/

BIG HAIRY BOLLOX

“Chris” [email protected] wrote in
message news:[email protected]

info in the page as a hidden field or attatch it to the end of every

Posted via http://www.ruby-forum.com/.

each tab is still part of the same browser instance so unless you can
modify
that behaviour in the browser, your session data will always be shared.
I
can’t think of any way round it. I think your solution of moving the
data
out of the session is the best option

You’re asking a question about intrinsic web architecture. Since the
web is stateless, there are 3 ways to keep session state between
subsequent requests:

  1. Cookies (the Rails default), which applies for all tabs in a
    browser (which is normally a feature, when used for things like
    authentication and shopping carts).
  2. Info in the URL (either opaque, like the Amazon id number, or non-
    opaque, like beginning the URL of the english version of the site
    with /en/)
  3. Hidden fields. This only works if every request to the server is
    a POST not a GET, or else the hidden fields will not be transmitted.

So, I would recommend 2. If you just need to keep track of a couple
of variables, routes should make it very easy to do:

http://manuals.rubyonrails.com/read/chapter/65

For example, if you’re going to change every URL on your site, you
could do:

map.connect ‘:country/:controller/:action/:id’

        - dan


Dan K. mailto:[email protected]
http://www.dankohn.com/ tel:+1-415-233-1000

On Jul 18, 2006, at 5:41 AM, Chris wrote:

country. This is because the session is shared between the 2 open
Any info/help would be very valuable,
From a cursory glance, it appears you will have to put the session
info on the URL path.

"So, I would recommend 2. If you just need to keep track of a couple
of variables, routes should make it very easy to do:

http://manuals.rubyonrails.com/read/chapter/65

For example, if you’re going to change every URL on your site, you
could do:

map.connect ‘:country/:controller/:action/:id’"

So you’re saying routes can keep hold of variables? Sorry i don’t
understand what you mean

Essentially, yes. If you use that route with the url http://
example.com/us/recipes/edit/3 then param[:country] will equal “us”.

        - dan


Dan K. mailto:[email protected]
http://www.dankohn.com/ tel:+1-415-233-1000

“Chris” [email protected] wrote in
message news:[email protected]

BIG HAIRY BOLLOX

meaning… ?

On 7/18/06, Alan B. [email protected] wrote:

“Chris” [email protected] wrote in
message news:[email protected]

BIG HAIRY BOLLOX

meaning… ?

Loosely translated I think it means “I wish I had learned something
about HTTP and browsers before developing this web application.”

map.connect ‘:country/:controller/:action/:id’"

So you’re saying routes can keep hold of variables? Sorry i don’t
understand what you mean

You could also override url_for to pass a session key around. Something
like (untested):

def url_for(options = {}, *parameters_for_method_reference) #:doc:
case options
when String then options
when Symbol then send(options, *parameters_for_method_reference)
when Hash then
@url.rewrite(rewrite_options({:s=>params[:s]}.merge(options)))
end
end

Then if there is an ‘s’ param in the URL it will be appended to all
links.

I shot milk out of my nose! ARGH!!!

Chris wrote:

Rimantas L. wrote:

My App is scientific software used in my company, and there is good
reason why the users would want to run 2 instances of the site.
And the reason is?

There are plenty of good reasons, here are some:

  1. The software is sometimes used in a busy lab environment where many
    people will use one computer. Each person will want his/her own instance
    of the application on the same machine.

They only have a single user account? If they have different accounts,
then this isn’t a problem. For that matter, with a Mozilla browser each
user could open a separate instance of the browser with their own
profile in a single login.

  1. There are complex-graphs and statistics for compounds. If A user is
    working on compounds they would want 2 screens showing the info.

There isn’t any problem with your users having two different screens
open. The only problem is that you are storing information in the
session that isn’t specific to the session. Don’t do that and you
shouldn’t have a problem.

How? You mentioned country in your original question, so use that as and
example. Just pass the country as a parameter to each page, and have
each page use that parameter instead of the session parameter. You can
do this with either gets or posts. You have to look up the parameter
anyway, you just can’t look it up where it is going to be overwritten by
user activity.

Ray

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs