This content has been marked as final. Show 2 replies
There is no "overcoming" it; this is expected behavior. A second window of the same browser will not be separated from the first, both instances will share sessions, cookies and apparently also basic authentication user credentials. There is no controlling that as it is simply a browser feature.
Is there a specific reason why you think this is a problem?
Ya... I am taking a small example need not happen always but a kind of possibility i am thinking off.
once the user sign out and just left without closing the browser and a friend (suppose not a good friend ... just kidding...) of that user may open the same jsp or file .This time the security is breached. If that feature or property exists....
I know what you might say ... the user will log-out before leaving where a programer might invalidate the session at the time of log out.
Consider the case of a bad Programing or just a programer might forget to invalidate,At that time as a application administrator how can he solve that issue.
Edited by: user8483670 on Jun 6, 2011 1:08 AM
Edited by: user8483670 on Jun 6, 2011 1:09 AM