Rails - Jul 2006 - Session is being shared between tabs!!??

I have just spotted quite a serious problem with my rails app.  My app 
uses the session to store information.  Most people who use the app may 
have more than one instance of it open in their browser (multiple tabs).

The session stores which country the user has selected. On each browser 
tab the user may select a different country.  You can add items to a 
country.  There are problems with items being added to the wrong 
country.  This is because the session is shared between the 2 open tabs.

Does anyone know how to get round this?  I know i could store country 
info in the page as a hidden field or attatch it to the end of every 
URL, but in my situation this is too much extra work.  It would be 
unfortunate if i could not use sessions to do this.

I have also just noted a simular problem with my one of my J2EE apps....

Any info/help would be very valuable,

Thanks
Chris

-- 
Posted via http://www.ruby-forum.com/.

> I have just spotted quite a serious problem with my rails app.  My app 
> uses the session to store information.  Most people who use the app may 
> have more than one instance of it open in their browser (multiple tabs).
This is a browser feature - nothing to do with the web app.  Sessions 
use cookies to identify the user - browser tabs share cookies.  It''s
the
same if you open a browser window via another.

The grand scheme of things, it''s not really a problem.  Why would you 
use 2 browser tabs to do the same thing on a site?

Steve

Thanks Steve

My App is scientific software used in my company, and there is good 
reason why the users would want to run 2 instances of the site.

What would you suggest i do?  What is the easiest solution?

Thanks
Chris

-- 
Posted via http://www.ruby-forum.com/.

> My App is scientific software used in my company, and there is good
> reason why the users would want to run 2 instances of the site.
And the reason is?


Regards,
Rimantas
--
http://rimantas.com/

Rimantas Liubertas wrote:
>> My App is scientific software used in my company, and there is good
>> reason why the users would want to run 2 instances of the site.
> 
> And the reason is?
There are plenty of good reasons, here are some:

1. The software is sometimes used in a busy lab environment where many 
people will use one computer. Each person will want his/her own instance 
of the application on the same machine.
2. There are complex-graphs and statistics for compounds. If A user is 
working on compounds they would  want 2 screens showing the info.
3.  + some others



-- 
Posted via http://www.ruby-forum.com/.

"Chris" <cadams1342@hotmail.com> wrote in 
message
news:7ab2dc73f56dfdd23cfdf46ab7dd8fe5@ruby-forum.com...
>I have just spotted quite a serious problem with my rails app.  My app
> uses the session to store information.  Most people who use the app may
> have more than one instance of it open in their browser (multiple tabs).
>
> The session stores which country the user has selected. On each browser
> tab the user may select a different country.  You can add items to a
> country.  There are problems with items being added to the wrong
> country.  This is because the session is shared between the 2 open tabs.
>
> Does anyone know how to get round this?  I know i could store country
> info in the page as a hidden field or attatch it to the end of every
> URL, but in my situation this is too much extra work.  It would be
> unfortunate if i could not use sessions to do this.
>
> I have also just noted a simular problem with my one of my J2EE apps....
>
> Any info/help would be very valuable,
>
> Thanks
> Chris
>
> -- 
> Posted via http://www.ruby-forum.com/.
each tab is still part of the same browser instance so unless you can modify 
that behaviour in the browser, your session data will always be shared. I 
can''t think of any way round it. I think your solution of moving the
data
out of the session is the best option

BIG HAIRY BOLLOX

-- 
Posted via http://www.ruby-forum.com/.

> -----Original Message-----
> Rimantas Liubertas wrote:
> >> My App is scientific software used in my company, and 
> there is good 
> >> reason why the users would want to run 2 instances of the site.
> > 
> > And the reason is?
> 
> There are plenty of good reasons, here are some:
> 
> 1. The software is sometimes used in a busy lab environment 
> where many people will use one computer. Each person will 
> want his/her own instance of the application on the same machine.
> 2. There are complex-graphs and statistics for compounds. If 
> A user is working on compounds they would  want 2 screens 
> showing the info.
> 3.  + some others
> 
Unfortunately as others have pointed out this isn''t specific to Rails.
It also affects many other web applications.  

As to why would I need it?  For me, when working in a QA/Support role I
need to sign in to applications as different users to test and verify
display and functionality.  If the app is using sessions in this
fashion, I have to completely close all instances of the browser
(including those open with reference web pages and other unrelated
sites) in order to switch users since the session remains beyond the
close of the tab / browser window.  This quickly becomes a complete pain
to do.  

My only solution is to run multiple different browsers.  Which is why I
have IE, Firefox (my preferred default) and Opera all installed on my
machine.  Not pretty but it''s the best I can do with some of the apps I
use.

The only other possible solution would be to use virtualization to
isolate the browser windows which might yield the desired effect but
certainly raises the complexity significantly.

--Bill

You''re asking a question about intrinsic web architecture.  Since the  
web is stateless, there are 3 ways to keep session state between  
subsequent requests:

1) Cookies (the Rails default), which applies for all tabs in a  
browser (which is normally a feature, when used for things like  
authentication and shopping carts).
2) Info in the URL (either opaque, like the Amazon id number, or non- 
opaque, like beginning the URL of the english version of the site  
with /en/)
3) Hidden fields.  This only works if every request to the server is  
a POST not a GET, or else the hidden fields will not be transmitted.

So, I would recommend 2.  If you just need to keep track of a couple  
of variables, routes should make it very easy to do:

http://manuals.rubyonrails.com/read/chapter/65

For example, if you''re going to change every URL on your site, you  
could do:

map.connect '':country/:controller/:action/:id''

            - dan
-- 
Dan Kohn <mailto:dan@dankohn.com>
<http://www.dankohn.com/>  <tel:+1-415-233-1000>



On Jul 18, 2006, at 2:41 AM, Chris wrote:
> I have just spotted quite a serious problem with my rails app.  My app
> uses the session to store information.  Most people who use the app  
> may
> have more than one instance of it open in their browser (multiple  
> tabs).
>
> The session stores which country the user has selected. On each  
> browser
> tab the user may select a different country.  You can add items to a
> country.  There are problems with items being added to the wrong
> country.  This is because the session is shared between the 2 open  
> tabs.
>
> Does anyone know how to get round this?  I know i could store country
> info in the page as a hidden field or attatch it to the end of every
> URL, but in my situation this is too much extra work.  It would be
> unfortunate if i could not use sessions to do this.
>
> I have also just noted a simular problem with my one of my J2EE  
> apps....
>
> Any info/help would be very valuable,
>
> Thanks
> Chris
>
> -- 
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

"So, I would recommend 2.  If you just need to keep track of a couple
of variables, routes should make it very easy to do:

http://manuals.rubyonrails.com/read/chapter/65

For example, if you''re going to change every URL on your site, you
could do:

map.connect '':country/:controller/:action/:id''"

So you''re saying routes can keep hold of variables? Sorry i
don''t
understand what you mean

-- 
Posted via http://www.ruby-forum.com/.

On Jul 18, 2006, at 5:41 AM, Chris wrote:
> I have just spotted quite a serious problem with my rails app.  My app
> uses the session to store information.  Most people who use the app  
> may
> have more than one instance of it open in their browser (multiple  
> tabs).
>
> The session stores which country the user has selected. On each  
> browser
> tab the user may select a different country.  You can add items to a
> country.  There are problems with items being added to the wrong
> country.  This is because the session is shared between the 2 open  
> tabs.
>
> Does anyone know how to get round this?  I know i could store country
> info in the page as a hidden field or attatch it to the end of every
> URL, but in my situation this is too much extra work.  It would be
> unfortunate if i could not use sessions to do this.
>
> I have also just noted a simular problem with my one of my J2EE  
> apps....
>
> Any info/help would be very valuable,
 From a cursory glance, it appears you will have to put the session  
info on the URL path.

Essentially, yes.  If you use that route with the url http:// 
example.com/us/recipes/edit/3 then param[:country] will equal "us".

            - dan
-- 
Dan Kohn <mailto:dan@dankohn.com>
<http://www.dankohn.com/>  <tel:+1-415-233-1000>



On Jul 18, 2006, at 9:14 AM, Chris wrote:
> "So, I would recommend 2.  If you just need to keep track of a couple
> of variables, routes should make it very easy to do:
>
> http://manuals.rubyonrails.com/read/chapter/65
>
> For example, if you''re going to change every URL on your site, you
> could do:
>
> map.connect '':country/:controller/:action/:id''"
>
> So you''re saying routes can keep hold of variables? Sorry i
don''t
> understand what you mean
>
> -- 
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

"Chris" <cadams1342@hotmail.com> wrote in 
message
news:964a992d36719370ae09b1f830c8cb25@ruby-forum.com...
> BIG HAIRY BOLLOX
meaning.... ?

On 7/18/06, Alan Bullock <liststuff@gmail.com>
wrote:
> "Chris" <cadams1342@hotmail.com> wrote in
> message news:964a992d36719370ae09b1f830c8cb25@ruby-forum.com...
> > BIG HAIRY BOLLOX
>
> meaning.... ?
Loosely translated I think it means "I wish I had learned something
about HTTP and browsers before developing this web application."

> On Jul 18, 2006, at 9:14 AM, Chris wrote:
> 
>> "So, I would recommend 2.  If you just need to keep track of a
couple
>> of variables, routes should make it very easy to do:
>>
>> http://manuals.rubyonrails.com/read/chapter/65
>>
>> For example, if you''re going to change every URL on your site,
you
>> could do:
>>
>> map.connect '':country/:controller/:action/:id''"
>>
>> So you''re saying routes can keep hold of variables? Sorry i
don''t
>> understand what you mean
>>
You could also override url_for to pass a session key around. Something 
like (untested):

def url_for(options = {}, *parameters_for_method_reference) #:doc:
   case options
   when String then options
   when Symbol then send(options, *parameters_for_method_reference)
   when Hash   then 
@url.rewrite(rewrite_options({:s=>params[:s]}.merge(options)))
end
end

Then if there is an ''s'' param in the URL it will be appended
to all links.

-- 
R.Livsey
http://livsey.org

I shot milk out of my nose!   ARGH!!!

On 7/18/06, Chris <cadams1342@hotmail.com> wrote:
>
> BIG HAIRY BOLLOX
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060719/e4336fe9/attachment.html

Chris wrote:
> Rimantas Liubertas wrote:
>>> My App is scientific software used in my company, and there is good
>>> reason why the users would want to run 2 instances of the site.
>> And the reason is?
> 
> There are plenty of good reasons, here are some:
> 
> 1. The software is sometimes used in a busy lab environment where many 
> people will use one computer. Each person will want his/her own instance 
> of the application on the same machine.
They only have a single user account? If they have different accounts, 
then this isn''t a problem. For that matter, with a Mozilla browser each
user could open a separate instance of the browser with their own 
profile in a single login.
> 2. There are complex-graphs and statistics for compounds. If A user is 
> working on compounds they would  want 2 screens showing the info.
There isn''t any problem with your users having two different screens 
open. The only problem is that you are storing information in the 
session that isn''t specific to the session. Don''t do that and
you
shouldn''t have a problem.

How? You mentioned country in your original question, so use that as and 
example. Just pass the country as a parameter to each page, and have 
each page use that parameter instead of the session parameter. You can 
do this with either gets or posts. You have to look up the parameter 
anyway, you just can''t look it up where it is going to be overwritten
by
user activity.

-- 

Ray