[Catalyst] Browser window/tab independent sessions
Ian Docherty
catalyst at iandocherty.com
Mon Jan 8 15:04:02 GMT 2007
Hermida, Leandro wrote:
<snip>
> The way cookies work for holding application state has the limitation of
> being for every window/tab of that browser type (someone please correct
> me if I am wrong). Use Catalyst::Plugin::Session::State::URI to pass
> the session IDs through the URI but please read the POD on security
> issues related to this!!! I also had to write an app sometime ago where
> I didn't use cookies so I just passed the session ID in form hidden
> fields (for POSTs) and in the URI (for GETs). Then each browser
> window/tab will have its own independent session no prob..
>
> Leandro
>
I used URI session variables previously where cookies were not
available. It occurs to me that if the are being used to have separate
sessions for each tab or window then the security issues could be
eliminated by making the session a combination of a cookie (fixed for
all windows/tabs) and the URI parameter (different for all windows/tabs).
I still don't know how to ensure each new window/tab gets it's own
unique session in the URI however?
Regards
Ian Docherty (IcyDee)
More information about the Catalyst
mailing list