LeAnn3274 wrote:
> I downloaded IE8 last night and it does seem faster and so far, I like
> it.......except!!
> Normally, I open 2 browers of the same website. We have two paid accounts on
> this site and I sign into each one and keep them both open all day. Now when
> I switch from one brower to the other, it signs me into the same account on
> both browers so I can't keep both accounts open at the same time. Very
> frustrating. How can I make it keep both accounts going at the same time?
You have to load a new instance of the web browser to ensure isolation
of sessions IDs between them. Running child browser windows or using
tabbed browsing will result in session ID collisions amongst them. In
general, tabbed browsers do not create new instances of the web browser
process to isolate their session IDs. The session ID collision problem
exists in any web browser that does not load a separate process for each
child window or tab. It is possible to put the session ID in the URL
but that is a potential security hazard.
To have multiple concurrent logins to a web application, load a NEW
instance of the web browser (do not just have an existing instance open
another window or tab). In IE8, use the "File -> New Session" menu, or
run "iexplore.exe -nomerge" at a command prompt or in a shortcut. Also
read:
http://blogs.msdn.com/ie/archive/200...e-and-ie8.aspx
http://www.google.com/search?q=%2B%2...on+%2Bcooki e
The problem noted above involves session ID collisions when using
cookies to identify the sessions. The following regarding the use of an
instance-id in the URL is from Daniel Crichton (with some rephrashing).
Rather than use a session ID in a cookie or in the URL, you could
include an "instance id" and use this to differentiate between the
multiple concurrent logins to the same web application. For example,
assume you're using IIS and ASP/ASP.NET sessions (which uses a known
named cookie to identify to the server as to which session is linked to
a server-side object that holds the session collection information), you
would use the instance-id plus the session-id; however, that requires
changing the entire session handling system in your server code since it
has to take into account the inclusion of an instance-id. For example:
Session("username")
would become:
Session("username_" & instanceid)
where instance-id is the value passed in the URL.
The session ID collisions are a problem for web applications that permit
multiple concurrent connections by the same user. While this may be a
convenience to the user, the server cannot differentiate the sessions
unless a new instance of the web browser is used (that then manages its
own session IDs). Unless a further means is incorporated into the
server code to differentiate between separate but concurrent multiple
logins, the server should not permit multiple concurrent connections
from the same IP to the web application. That is, only one connection
per IP address would be allowed.
Many servers impose a limit (of one) regarding concurrent connections by
the same IP address to eliminate the possibility of session ID
collisions or for security concerns (like spoofing/intercepting a login
session). If you open another tab or child window, the server may
assume you simply wanted to use the same session over there, or it may
reject another connection attempt. For example, some e-mail providers
allow a login from only one instance of an IP address. You cannot login
using their webmail interface and also poll the same account using a
local e-mail client while doing both from the same host.
Linear Mode
