Preventing multiple browser sessions on the same server session

前端 未结 7 1815
时光取名叫无心
时光取名叫无心 2021-01-18 06:43

I\'m sure we\'ve all worked on, or are aware of web applications (especially in the enterprise) that have tightly bound themselves to the server session. In these cases, it

7条回答
  •  暖寄归人
    2021-01-18 07:27

    You can achieve this using javascript and cookies created on the client in combination with the fact that a browser/DOM window name must be unique. Very easy to use without changing your site.

    1) The first time your page is loaded check if your session cookie exists and if not then create a session cookie (don't set the expiry date) with a unique name and value (some kind of code). Set the browser/dom window name (NOT the title) with this cookie value.

    2) On subsequent requests you need to check that the DOM window name is the same as the cookie value - if not redirect to error page.

    3) Remember to delete the cookie on the page's unload so that closing the window removes the cookie.

    This works because if you try and open a duplicate window, the duplicate window will not have the same window DOM name as the cookie value - and you can respond to the fact.

    Code example

    function CheckMultipleSession() {
    var existingCookieValue = getCookie("MySessionCookie");
    if (existingCookieValue == null) { //first request so create cookie
       currentCookieValue = guid();
       setCookie("SessionGUID", currentCookieValue); 
       window.name = currentCookieValue; // setting DOM window name (this is key)
    }
    else {
    if (existingCookieValue != window.name)
       top.location = "MultipleSessionsError.htm";                                       
    }
    }
    

提交回复
热议问题