Creating a new session using window.open and server-side code

[Guest]

Ok..this a rather odd question/problem. I haven't really found a straight
forward answer to how to handle this scenario, so I hope someone here can
help.

Here it is:

I have an application that allows users to log in. Each user can have
multiple roles within the application. Each role allows the user to access
different sections of the app and allows/denies them certain functionality.

My client has requested that there be a "New Window" link on each page so
that a user (at any time) can open a new window and log on (again) using a
differnt role. So essentially they want to the ability to have 2 or more
browser windows open at the same time and be able to access the application
using different roles simultaneously.

Here is what I know for sure:
When you do a window.open using IE6 the new window shares the session ID so
any attempts to do a session.abandon will effectively kill the parent
window's session as well. Also any changes to Session variables in the child
window will also come accross in the parent window the next time the page
makes a request to the server.

What I need is to be able to let the users click on the "New Window" link
and have them redirected to the login screen where they can select the Role
they want to log in as and then grant them access into the application using
that role ...while creating a new session for that window.

The only fool-proof way that I know if is to start a new instance of IE
using the shortcut on my desktop/toolbar/startmenu...... However...this is
not sexy enough for the client.

The application is designed specifically for IE 6+.

Any help would be greatly appreciated!!!

Thanks in advance.

 

[Kevin Spencer]

Are your client browsers always going to be IE? You may not be able to count
on a new Session if not.

Rather than trying to create a new Session, I would recommend adding the
"new Session data" to the existing Session, perhaps via a Collection.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Numbskull

The man who questions opinions is wise.
The man who quarrels with facts is a fool.

 

[Guest]

If you want to be able to have separate sessions from the same computer,
you can't use sessions that are identified by cookies (which is the
default behaviour in IIS). As you noticed, you have to start a new
instance of IE to get a new session. Some other browsers won't even
start a new instance, but always uses the existing instance to open a
new window.

One way is to use cookieless sessions instead, then the session is
identified by adding the session id to the url. This makes it possible
to have more than one session regardless of the browser, and to start
new sessions from within the browser.

 

[Guest]

Thank you for the reply Kevin, sorry I took so long to do the same. Client
browser will always be IE6+.

As far as having the session data in a collection, I think that is maybe a
good idea, but we rely heavily on session data and have many session-data
objects. I'm not sure taking the time to change around how the session is
interacting with the application is going to be manageable at this stage of
development (project about 70-80% complete).

Any other suggestions??

 

[Guest]

Thank you for the reply Göran. As far as cookieless sessions go, we would
prefer to not show the sessionid in the URL and would REALLY like to keep the
cookies.

Any other suggestions?

 

[Guest]

If you want to use cookies for identifying sessions, then you can't
start a new session from the browser.