Sessions carry over until you end them or the user closes the browser completely, since they are actually stored on the server, the server wouldnt know you opened up a new tab so all the information would be the same on the session. Only way is if you open up a different browser, that browser would have its own session

robinjohn,

My recommendation is stay organized.

If you are jumping between items that use the same session key's i.e. $_SESSION['user'] then you shouldn't be attempting to do 2 different things in the same browser.

You have some choices:

1) Use 2 different browsers, Firefox & IE - they will have different sessions
2) Stick to 1 functionality your working on at a time - I highly recommend this, I am sure there are some special situations needing you to move on 2 things at once, in that case, see #1.
3) Use a MVC Framework like Zend Framework and utilize Session Namespaces

I hope this was of some help!

Thanks Guys
very interesting - I think what I'll need to do is keep an eye out for what's in the session state before particular actions are performed.

In my case the problem is that I've been given an ancient php4 webapp and I think it may need a bit of work to clear it up. Sadly I can't design from scratch :-(

I just got to thinking that the user can open as many tabs as they like in newer browers by just right clicking on a link and choosing that option. (the link being a form action of some kind) - leading to the problem I described - meh no rest for the wicked on a monday!!

Thanks again,
Robin.

This is very similar to some user issues my site is having, but I am not sure if it is really the website at fault or the way browsers use the session(s).

I like the idea of using two browsers (Firefox,IE, etc.) which works great for me. However, asking several hundred users to do this is not practical (or not likely to happen).

So my add on question(s):
what happens to the session(s) when users open multiple tabs in the browser...to do other things on other sites...and come back to the tab with my website? So, same technical browser window, it hasn't been closed so session is still active, and other sites presumably use similar methods for login and purchasing. Do the tabs always exist as separate sessions? (I hope so). Are they isolated sessions or save to the same $_SESSION[] variable array?

Users are complaining that they are actively logged in, open new tabs for other sites, come back later, and are logged out. I attempted to change the timeout for the session, but other sites may do the reverse. But the times for the logout do not correspond with the 20 minutes normally used by the session on the server.

Session values are stored in one small temporary file
which is created in a special folder in the server's harddisk.
Values are read from this file, when SESSION is used.

This file is deleted and so all session values destroyed
when visitor closes down his browser (closes all tabs/windows).

Each browser is separate.
IExplorer can not use any values from Firefox.
For example, if you Login with Firefox, you are not logged in if you try with IExplorer.

So, session values exists between one website and one browser only.
And are stored at the server.

Yes, but if I have two tabs in Firefox opened in one Firefox window, does each tab store session variables in the same file...even if the sites being browsed are completely different domains or different servers?

I definitely know that Firefox sessions do not overlap with IE,AOL, Chrome, etc... But probably a good thing to post for others later on.

It makes sense that the session variables are stored on the server, except the cookie to the session that sits on the user's computer. However, can a browser keep up with more than one session id (probably cookie) at the same time in the same window for the different tabs that are opened...to different domains?

Viewing sites as a guest is probably not a big deal, but with login systems... What if the variables happen to use the same name? For cookies, using the same name, path, and domain will save over the cookie. However, cookies are supposed to store separately by domains on the user's computer. If requests are made alternately from different browser tabs (again in the same browser window) can the session IDs get mixed up? I will attempt a crude diagram:

|---Browser----------------------IE or Firefox----------------------------------------------|
|
|======tab 1=======| |======tab 2=======| |======tab 3=======|
| first used and then Used next, kept open Opened last, kept open
| Tab 2 was opened

|
| www.site.com www.random.com www.mydomain.com
|-------------------------------------------------------------------------------------------------|

If they all use sessions {with session_start() on all pages} and all are kept opened as tabs, will any of the tabs loose the session values to others? How many session IDs can a browser window keep up with at the same time? On the off chance the variable is the same name from one site to another, can the browser pull the wrong version of that variable? If Tab 3 coding closes the session, are the other tabs' sessions still active? For example, would a logout from one clear the session(s) from the other tab(s)?

Has anyone else noticed login issue happening recently?

Perhaps this is a whole new thread, but my current issue is a subset of other login issues that suddenly developed on Dec 14, 2009. The code had not been changed in almost five years. It worked for so long, then suddenly had problems. I managed to add code to fix most of it, but now have problems with multiple tabs.

Nope, you are still thinking of the tabs as "seperate sites", when they are not.
The session is kept on the server, not the clients browser. The server has no idea you have another window/tab open so it will treat them all the same. So what ever changes you made to one tab will affect the others.

Do this little test:

<?PHP
session_start(); 

if (isset($_POST["changevar"]))
	{ 
		$_SESSION["sessionvar"] = $_POST["changevar"]; 
		header("Location: ".basename($_SERVER["PHP_SELF"])); 
		exit(); 
	}	
?>
<html>
<body>
<h1>Hi there</h1>
<h3><strong>Your session variable is </strong><?PHP if (isset($_SESSION["sessionvar"])) echo $_SESSION["sessionvar"]; 
else echo " not set"; ?></h3>
<form action="<?PHP echo basename($_SERVER["PHP_SELF"]); ?>" method="post" enctype="multipart/form-data">
Set your variable here: <br />
<input type="text" name="changevar" /><br />
<input type="submit" value="change it!" /><br />
<br />
<hr />
Change the variable up top and refresh the other tabs to see what happens. 
<br />
All this is doing is changing a session variable to what you submit. <br />
Try it across browsers too. 
</form>
</body>
</html>

copy paste that and test it on your server, you'll see what I mean

Your browser WILL share the cookies, its what they are for, but different browsers will not share the cookie.
Remember, session variables are kept on the server so domains wont override each other's session variables

A given browser will use it's own "cookie jar", which will include the session ID cookie which PHP sends to manage sessions. So no matter which tab you use in a given browser, it will still send back the most recent session ID cookie from its one "cookie jar". If you want to emulate two different users accessing your site, use two different browsers (IE, Firefox, Chrome, Safari, etc....), as each will have its own "jar".

My site and your site should have separate cookies...since the domains are different. Will Tab 1 know not to use a cookie from Tab 2? If they are different sites on different domains/servers, and each site sets cookies of its own, the assumption would be that they should not overlap... Each set of session variable are stored on the respective server...which also makes perfect sense. But let's say two sites use the same session variable name(s) for our own purposes, even if they happen to store different info. The session data on each server should stay isolated (I hope!). Will this cause a problem when one tab tries to use this variable name for another tab..which may change that value in the process? When the next tab tries to use the variable, does it have the new value from the other tab...or the one from it's own server?

Here is what I know from past experiences and can produce this at will. If I have two tabs or windows opened to my site and login...both/all tabs/windows will be the same user. If I log out and change users on one window or tab for the same browser type, all of these will be on the new user as soon as any pages are reloaded. For me, this is fine. And, it is definitely the same variables, which should be overwriting the same file location on the same server. Normally, I can open a few other tabs and windows and use the other sites and my site at the same time. No problem here. I wouldn't mind if it kept the sessions separate, but understand why it would keep them merged as one session.

rulian:

Nope, you are still thinking of the tabs as "seperate sites", when they are not.

Actually, they are different sites. Users are visiting other websites on other servers while my site is opened in another tab, coming back a few minutes later (less than the 20 minute session inactivity max) and the session has appeared to drop them early. Perhaps I got everyone confused...

Here is my concern...and what seems like the problem. If multiple tabs (or windows) of the same browser are all on...and viewing different sites that are not on the same server, can a browser mix up the sessions or the session variable(s) used if they happen to be the same name? Are the variables ever used by the browser. Obviously, they are stored on the respective server(s), but I want to separate "use" from "stored" or "saved". One can read something without necessarily owning it. Is there a limit on the number of different sessions a browser can keep track of?

The reason I ask is because I know there are cookie limitations. Some sites say about 4KB per cookie, and up to 20 or 30 per domain, and up to 300 total for the browser. This was labeled as being "browser dependent" where each can enforce the limits as the browser company sees fit. I also know that my site uses the session cookie and three others for site login status (different components). We also use Google Analytics, which puts up to 5 more cookies in the jar. 9 so far if you are keeping track. Firefox uses 2 more at almost every major sub directory that the user visits. I have seen as many as 10 sets of these at the same time, each with a specific path defined.

Maybe I am answering my own question... Right now, I have 12 cookies after visiting 3 or 4 pages of my site. 4 GA + 1 session + 3 for site login + 4 more from Firefox. The only ones that stay are the 3 for the login for later visits. But all the others are for the session. That is more than 10 cookies for just a few pages of one site. If other websites have as many, the total limit will be reached quickly.

What happens to cookies once the browser reaches it's limit? Is it FIFO (first in First Out), FILO, ...? Maybe what is happening is that, as the user opens more sessions on the tabs/windows, older cookies are being removed to make room for newer ones. If one happens to be a session id cookie, that would explain the sudden login drop for that session. If the users opens a new browser window or tab, or logs back in, they are fine...which could correspond to newer cookies saving. Do browsers close sessions to make room for others?