[Catalyst] Browser window/tab independent sessions

Octavian Rasnita orasnita at gmail.com
Tue Jan 9 08:33:44 GMT 2007 

From: "Matija Grabnar" <matija at serverflow.com>

> There is no need for having two separate sessions if you can guarantee the 
> user will ALWAYS be able to finish
> one task before starting another. That works beautifully in theory, not so 
> well in real life.
>
> Practical case one: database of users for an ISP. A helpdesk operator is 
> going through his tickets, looking up one user at a time, when a phone 
> call comes in. He now either has to deal with the customer without looking 
> them up (practically impossible), or he has to abandon the session where 
> he half completed the processing of the ticket in order to look
> up the customer. Both alternatives are unappealing.
> Practical case two: a webshop where items can be customised. (i.e. first 
> you choose a widget, then you specify the color, case design, ram size, 
> two wheels or four, .... Let us say all of those choices affect the 
> price). As long as your customers go through the shop one widget at a 
> time, everything is fine. But if he goes through two different sessions at 
> a time
> because he wants to "comparison shop", they have a problem. If *all* your 
> state is in the cookie, it is simply impossible
> for them to do that.
>
> There are very good reasons why PART of the session information should be 
> unique to each tab, and PART of it should be common. Deciding which part 
> belongs where requires knowledge of the problem domain, and thinking 
> through of common usage scenarios.
>
> Saying "Oh, that problem is solved by choosing browser X" is completely 
> unacceptable in the real world. In the real world, you can NOT choose 
> which browser all the people using your application will run, nor can you 
> afford to turn away those who run different browsers.
>

But there is the option of opening a new window by clicking on the icon of 
that browser, or using the shortcut defined for it.
Then in the new window you can open a totally separate page, with its own 
state, and that page can use a cookie-based session.
This is the way I do every time. I never open another window using Control+N 
from the currently opened window of the browser, so there is no relation 
between the 2 windows.

But I think my misunderstanding is because the question was not very 
complete.
I guess (again) that the user might want to login a single time, and not 
open 2 separate windows and login twice or for more times, so in fact a 
single session is required, and more sessions should be avoided.
So the user want to have a single session and in the same time he also wants 
to keep 2 or more separate sets of data in 2 or more windows, like you 
exemplified.
In that case using only cookies is not possible because when the new window 
is started all the cookies from the original window are copied, not only the 
permanent cookies.

There is a solution that can use cookies-only, but I think that nobody like 
it. The session could use permanent cookies which are available in all the 
windows, and the data which is available only in one window is kept in 
temporary cookies (which are not saved to the disk).
In that case the new window should be opened by clicking on the browser 
icon, or using its shortcut, and not starting from a certain browser window, 
and some users might not like that, because they should type again the url 
of that web site (even though they won't need to login again, since the 
cookie of the session is permanent).
And in that case the user should logout manually before closing the browser, 
because otherwise another user might come, open that web site, and he will 
be automaticly logged in.

Octavian

More information about the Catalyst mailing list