One of the common problems reported with tabbed browsing in Internet Explorer is that the session state is shared between the tabs. Sample scenario below:-
1. User A opens an IE instance and logs into a website where a session is created.
2. User A opens another tab and tries to access the same website. Without logging in, the user is already inside the session.
3. In this case, its clear that the session is shared between the tabs.
Problems with this behavior
User retrieves a particular record in both the IE Tabs. On one tab, the user deletes the particular record. Parallely on the other tab, user tries to modify the record. There will be a data instability and would throw error.
This behavior has been complained a lot.
However, imagine if it were the other way around i.e.
Sessions not shared between the tabs
Your users signed into your site and are visiting a particular page where there are a list of links (different product links). If your users want to compare 2 products by opening them in 2 different tabs at the same time, they would have to login again for the 2 new tabs. That would be pretty annoying since most people open multiple windows when accessing the same site.
You have a popup in your site, where you want to quickly populate some information and get back to the original site, this wouldnt work since the popup doesnt share the session.
So there are pros and cons to this behavior and people have provided workarounds to check if there is a new instance of IE (not a great approach) or set a hidden field (somewhat okay) to check if it is the same browser etc.,
The reason for this behavior is attributed to the single process that runs the tabs and hence sharing the same session state.
ASP.NET 2.0 offered a simpler solution by way of the following config setting
<sessionState mode="InProc" cookieless="UseUri"></sessionState>
This setting basically appends the Session to the URL of the browser, so your typical URL looks like http://localhost/SampleWeb/(S(afdg3ires1ik0lmjm3pkjtzl))/default.aspx where the highlighted portion manages the session identification.
By this way, one can open multiple tabs and still have different sessions. The only issue with this would be the absolute URLs that are hard coded, referred to, since they change with the appending of the session URI.
In IE8 each of the tabs run under a separate process. This would make you think that the session problem gets lost (or problem is starting :))
However, by default IE8 tabs also share the session state between them to avoid lesser sessions shared within a frame process. Once you launch IE8, there are 2 processes started – frame process and tab process. The frame process manages the tab processes and some of the UI rendering where the tab processes does rest of the stuff - website management.
When an additional tab is opened, there is one more tab process added and it is also managed by the same frame process which got created initially.
If you wish to override this behavior and get a new session, you can chose “File – New Session” . When you do this, instead of one additional process, there are 2 processes created – a frame process and tab process and these dont share session with the original frame process.
Hence, even if you are logged in to a site and have access to session, if you chose “File – New Session” and navigate to the site, it will not share the session.
If you would like to learn more on this, visit the IE Team’s blog post at IE 8 and Reliability
Cheers !!!
posted @ Friday, April 17, 2009 6:29 PM