Help me protect my users from themselves

If I'm using a SESSION variable, and a user presses Control-N in Internet Explorer, it brings up a 2nd browser window.  They can then work on something else and leave the first screen alone.  The only problem is that the two windows are updating the same session variable.  So when they get back to the first screen, my variable could have been changed.
Is that true?
psennAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

73SpyderCommented:
Can you clarify a bit?   Is the user in the new window still on your site?  If not then what ever they do on another site will not update variables in the Session scope within CF.   If enough time passes the session could timeout though.


-73Spyder
psennAuthor Commented:
Betty pulls up SESSION.CustomerID=1 and is in the middle of changing something.
Phone rings.
Betty presses Control N and pulls up SESSION.CustomerID=2.
After the call is over, Betty goes back to screen 1 and presses 'Update'.
What is the value of SESSION.CustomerID?

Put another way:
<cfparam name="SESSION.myVar" default="0">
<cfset SESSION.myVar = SESSION.myVar + 1>
<cfdump var="#Session#">

Press refresh several times to show how SESSION.myVar is counting up.
Now press Control N and refresh several more times.
Now go back to the first window and press refresh.
The second window has been updating the same variable as the first.

Q: How can I persist variables unique to each window so that window 2 doesn't interfere with window 1?


usachrisk1983Commented:
Running CFMX7, I created a test site with a <CFAPPLICATION> tag in the Application.cfm, and just <CFDUMP VAR="#SESSION#"> in the index.cfm.  I loaded the index in IE6 and saw a valid Session ID was assigned.  I hit CTRL+N and a new window loaded, but with the same session ID.  This tells us that a new session is not created, and anything that user does to modify that session in the second window will modify their session in the first as well.
psennAuthor Commented:
I heard last night that there is a setting in Internet Explorer that turns off Session sharing, so that sessions don't step on top of each other.
But I don't know where that setting is.
gdemariaCommented:

 The problem is psenn, that you can't force your audience to turn off session sharing; not sure if it does exist or not,
 but its not practical for you to use it.  

 You are correct, coldfusion session will be the same when creating a new window.  It will be different when opening a new browser by clicking IE icon on the desktop.

 But this isn't necessarily a bad thing.  I recommend going with it rather than fighting it.   For example, session variables are most often used to control login.  If they open a new window, they will not have to login, they will be logged in as themselves.

 One problem is that people severely over use session variables.  I have seen applicables that place most variables into session scope.  This is a nightmare to debug and not efficient to use.   The only time I use session variables is to track login.

 Let's say you want to keep track of a shopping cart for a user who is not logged in.  But you don't want the cart to exist if they sign-off (again, because they don't have an account).   I recommend creating a session COOKIE, one without an expiration date will last as long as the browser window exists.  

 If you provide the usage perhaps we can give more suggestions.  But my initial thought is to try and avoid the session variable scope.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.