Preventing multiple browser sessions on the same server session

Question

I\'m sure we\'ve all worked on, or are aware of web applications (especially in the enterprise) that have tightly bound themselves to the server session. In these cases, it

Answer 1

You can achieve this using javascript and cookies created on the client in combination with the fact that a browser/DOM window name must be unique. Very easy to use without changing your site.

1) The first time your page is loaded check if your session cookie exists and if not then create a session cookie (don't set the expiry date) with a unique name and value (some kind of code). Set the browser/dom window name (NOT the title) with this cookie value.

2) On subsequent requests you need to check that the DOM window name is the same as the cookie value - if not redirect to error page.

3) Remember to delete the cookie on the page's unload so that closing the window removes the cookie.

This works because if you try and open a duplicate window, the duplicate window will not have the same window DOM name as the cookie value - and you can respond to the fact.

Code example

function CheckMultipleSession() {
var existingCookieValue = getCookie("MySessionCookie");
if (existingCookieValue == null) { //first request so create cookie
   currentCookieValue = guid();
   setCookie("SessionGUID", currentCookieValue); 
   window.name = currentCookieValue; // setting DOM window name (this is key)
}
else {
if (existingCookieValue != window.name)
   top.location = "MultipleSessionsError.htm";                                       
}
}