[FX.php List] Multiple windows with Session Variables

Steve Winter steve at bluecrocodile.co.nz
Wed Dec 10 09:38:21 MST 2008 

Hi David,

You're correct in thinking that multiple windows of the same browser  
share the same session, as do multiple tabs of the same window (which  
is perhaps more to be expected). The other interesting thing is that  
if your user is on a Mac, even if they close all the windows, but not  
the application itself, then the session variables are maintained.

My suggestion for 'resolving' this would be that you destroy the  
session, or at least unset the relevant variables stored there within  
at the time that you 'finalise' the record, that way the data is  
totally destroyed...

In a shopping cart solution which I have developed I pass a lot of  
data in a session variable $_SESSION['cart']. When the user has got to  
the end of the process, and paid for their items, I duplicate that  
data into another session variable $_SESSION['completedCart'] and  
completely clear the 'cart' variable... that way if they go back into  
the 'shop' their cart is empty and they can add more things if they  
wish... I retain the most recent completed 'cart' in a variable in  
case they reload the confirmation page... it never displays content  
from 'cart' only 'completedCart'...

You can destroy the session a number of ways including;
  - session_destroy();
  - unset($_SESSION);
  - unset($_SESSION['yourVariableThatMatters'];

HTH

Cheers
Steve

On 10 Dec 2008, at 15:49, David Ness wrote:

> Dear fx.php associates,
>
> I’ve just discovered that I might have a problem with my fx.php  
> solution, and wanted to know if anyone else has faced this and  
> developed a workaround.
>
> My online solution allows users to enter, save, edit and ‘finalize’  
> application forms online. During the entry and processing of the  
> form, several pages are loaded and the form data is saved and  
> retrieved in various ways and at various points in the process. I  
> save the record ID of the FileMaker record into a $_SESSION variable  
> ($_SESSION['application_recid'], along with a whole bunch of other  
> $_SESSION variable values) in order keep track of the record I’m  
> working with. After the application reaches a certain status  
> (finalized), the record is no longer available for editing, only  
> review.
>
> My problem is that I’ve discovered some users were able to overwrite  
> a previously finalized record with a new record. Upon interviewing  
> the user, he mentioned he commonly opened a window with a previous  
> record to reference when entering a new record in another window or  
> tab within the same browser.
>
> My theory is that one array of $_SESSION variables is being ‘shared’  
> among windows, and this is the root cause of my problem. So my  
> question is: are the $_SESSION variables shared among windows, or is  
> a separate set of $_SESSION variables created for each window? If  
> the $_SESSION variables *are* shared, what methods do you use to  
> prevent the unwanted co-mingling of variables?
>
> A little Googling seems to confirm this. Multiple windows seem to  
> share the same $_SESSION variables. Yikes! This fundamental  
> construct flaw in my program would initially seem to be really hard  
> to work around, as I would need to carry forward lots and lots of  
> variables using some other method.
>
> Ideas or comments?
>
>
> David Allen Ness
> Database Systems Programmer
> Web Applications Developer
>
> <image001.gif>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20081210/b71432d6/attachment.html

More information about the FX.php_List mailing list