[Catalyst] Browser window/tab independent sessions

Hermida, Leandro Leandro.Hermida at fmi.ch
Mon Jan 8 13:48:58 GMT 2007


> -----Original Message-----
> From: Perrin Harkins [mailto:perrin at elem.com] 
> Sent: Friday, January 05, 2007 22:26
> To: ian at iandocherty.com; The elegant MVC web framework
> Subject: Re: [Catalyst] Browser window/tab independent sessions
> 
> On Fri, 2007-01-05 at 20:44 +0000, Ian Docherty wrote:
> > Does anyone try to keep different state information in different 
> > browser windows/tabs?
> 
> Back in the old days, when we used to make websites with our 
> stone knives and bear skins, we used to keep state 
> information in hidden form fields and query strings.  These 
> techniques have none of the "global state" problems that cookies do.
> 
> Putting things that are specific to a window/tab in a 
> cookie-based session is a pet peeve of mine actually, since 
> it can break things so spectacularly.  If you check, you'll 
> see that all of the major web sites like Yahoo and Amazon are 
> careful to avoid this kind of issue (multiple tabs don't 
> interfere with each other) and they generally seem to use the 
> old-school techniques.
> 
> > How would I create these URI's for each window. I suppose I 
> would have 
> > to have a 'create new window' button in the application 
> that generated 
> > a new window with a unique window_session?
> 
> Users are not going to like that.  You'll never be able to 
> get something like this working without becoming totally 
> dependent on JavaScript to manipulate your URLs and tell you 
> when new windows are opening.  At that point, the hidden form 
> fields will look really easy by comparison.
> 
> - Perrin

The way cookies work for holding application state has the limitation of
being for every window/tab of that browser type (someone please correct
me if I am wrong).  Use Catalyst::Plugin::Session::State::URI to pass
the session IDs through the URI but please read the POD on security
issues related to this!!!  I also had to write an app sometime ago where
I didn't use cookies so I just passed the session ID in form hidden
fields (for POSTs) and in the URI (for GETs).  Then each browser
window/tab will have its own independent session no prob..

Leandro




More information about the Catalyst mailing list