Avoiding multiple usage of session

wm_zike

I've searched the forum and mailing lists (after searching the Internet) on this site, looking for answer.

Question is simple. How could I avoid using the same session key in multiple browser windows?

It's pretty nasty when user opens multiple windows with the same session key because all the variables are stored in same session table under the same key. I can't protect ALL variables and so the user can easilly play around with the data stored in session.

Is there any way to avoid it? I have'nt found any way to stop it. I have thought about some predefined variables. Closest match was REMOTE_PORT whitch stays the same until user opens up a new window, but it also changes when user refreshes the page.

Any ideas?

Antti

vsego

Try to propagate one variable through cookies and it's copy in session. Each time the page is loaded, increase it by 1.

vsego

For additional security, start with random number (instead of 1) and keep md5() hash of you counter in cookie (cookies are easily editable text files in both NS and IE).