Discussion: Session leaks when opening another new browser

Have anyone notice that a session will leak when opening another new browser?

Scenario:
a user (Mike, that's me) logins (username=mike & pwd=123) into abcde.com website. Mike's sessions will be saved.

Immediately the same user (Mike) opens another new (second) browser (ctrl+n) to the same website and logins another time, BUT now with a different username (username=rat & pwd=456).

Now when the first browser is refreshed again, Mike's original username & pwd (mike, 123) will be overwritten with (rat,456). So, the first browser's details is now rat.

My Question:
Is this a Microsoft or Explorer bug? or can we fix it with coding? Has anyone face this problem before? Try it.

Any comments/discussion would help everyone out. Thanks in advance.

It is not an IE bug (does it w/ moz too) and its not just asp or anything either. I'm guessing it has to do with the way sessions are tracked (by ip maybe?), and I don't know a way around it. If anyone does, I'd be very interested too.

welcome to the club karsh44. that's partly why i try not to use sessions. any comments from anyone out there regarding this would help lots of people out there.

I don't think this has anything to do with asp sessions. What you're describing is the way the browser maintains user credentials after a login.

You may be able to configure your IE to run new windows in a separate process space to keep independent credentials in different browser windows. This solution may cause other unwanted side effects though.

if what you say is true, then that would be great. is there a place to set this option, doug g? unwanted side effects, huh? that means this solution (in theory) is not 100% full-proof? so, it still poses a problem? thanks anyway.

i wonder what microsoft would say to this?

I may need to back up here. This was a comment from memory, and I don't see any browse in a separate process setting in IE6. This setting used to exist in IE4.01 and IE5, but perhaps it's no longer an option. Maybe someone knows more about this.

When the option was available, the drawbacks were what happened to session data when you used popup windows, the popup could spawn a new asp session rather than sharing the existing session.

I guess I should pull an Emily Latella and just say "Never Mind".

http://support.microsoft.com/defaul...b;en-us;Q240928

hmm, I always seemed to think this was a good feature. What environment do you have exactly that has multiple users using the same website at the same time on the same client machine?

I don't think so. The problem with Ctrl+N or File->new window, etc. is that the new browser window will be a carbon copy of the first. Ie same history, same session values, etc.

it's just a hypothetical question, but it may happen, such as two persons share a pc accesing an internet (perhaps company intranet login). I came across this problem when checking my web development for bugs, i.e. login one browser as admin, and the other browser as a registered user simultaneously. It sort of screw up the sessions. This problem was found accidentally.

How about other browsers besides IE? such as Netscape, Opera & etc?

Isn't there option of disabling the carbon copy sessions when opening a new browser?

thanks again.

As I said earlier, Mozilla (Netscape) is the same way.

sorry bout that, missed it