Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

<< SecurityException when making requests to websites in Silverlight 2.0 | Home | IE8 Beta 2 Bug: Disabled listboxes do not show selected items >>

Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

One of IE8's new features is a that when closing a window or tab, it can remember the session ID and therefore maintain the session with a website. This is an advantage if you accidentally close a window or tab, but there is a problem.

For example, if you have several logins for a site, each login giving totally separate functionality of the site (e.g customer and administrator), then you may close your browser and login as someone else. What you may find is that when you open a new window, you are already logged in as the other person. Why does this happen?

IE8 seems to use the first window a storage mechanism for sites visited in this browsing session. When visiting a site, the unique Session ID is generated and then stored in this host process. When opening new tabs and windows the new process checks the host process to see if the website has been visited and if so returns the existing session ID.

So to re-iterate, if you have at least 1 browser window open, all subsequent tabs and windows pointing to a specific site will all generate the same session ID.

In order to get around this "problem", you should close all instances of IE8. The session information seems to be stored in memory rather than on disk, so by closing all of these instances, the problem goes away.

This serves as a warning to both developers and kiosk/Internet café users. Developers should provide the ability to log out of a site so that the Session is cleaned up after a user logs out. Kiosk/Internet Café users should close ALL Internet browser sessions down before leaving!

Bookmark with :

Digg It!

DZone

StumbleUpon

Technorati

Reddit

Del.icio.us

Newsvine

Furl

Blinklist

posted @ Thursday, November 20, 2008 9:15 AM | in Misc

Comments

# re: Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

Posted by amit

on 12/3/2008 7:05 AM

if i want to enable forcefully to maintain a session so how can..?

Issue: i m using asp.net1.1 and i the browser IE 8.0. so when i transfer some info from one to another page in same application. for that i am using session state.
but the problem is that when the second page is open the session has expires, but i need this session.

# re: Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

Posted by Dominic Zukiewicz

on 12/3/2008 9:43 AM

Session timeouts are a server issue. IIS or the hosting software will hold the session for a pre-configured amount of time before timing out. However, if you do close all instances of the browser, the session will be lost. When re-opened, the browser will generate a new Session ID and a new session will be created by IIS (or other hosting software). Does that help?

# re: Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

Posted by Mat Ferguoon

on 12/22/2008 11:03 AM

Can anyone see a way to switch this off. This was one of the many reasons for using IE over the likes of Firefox which also exhibits this kind of behavior.
I have multiple user accounts for some sites and often need to use them simultaniously. I can't see a way to do this with IE8 unless I use a different browser brand for each session.

# re: Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

Posted by Winfried

on 1/28/2009 11:31 AM

You can use
iexplore -nomerge
to force a new session. See "frame process merging" on http://blogs.msdn.com/ie/archive/2008/07/28/ie8-and-reliability.aspx

# re: Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

Posted by craig ling

on 3/20/2009 4:42 PM

Thanks Winfried, added the -nomerge option in, worked great.

# re: Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

Posted by Ed

on 3/30/2009 2:15 PM

An alternative to the -nomerge option is to use "File - New Session"

# re: Internet Explorer 8 (IE8) does not generate new Session IDs for new tabs and windows

Posted by Cyril

on 3/31/2009 4:13 PM

Thanx for the "iexplore -nomerge" ;)

Post Comment

Title *
Name *
Email
Url
Comment *

Remember Me?

Please add 5 and 8 and type the answer here:

Enter the code shown above:

Dominic Zukiewicz is an MCPD qualified

Solutions Developer

I am an MCPD qualified .NET Enterprise Solutions Developer with 6 years commercial experience. 4 years of this has been through the financial services using COM, web development, windows programming, security and auditing systems.

With Business & Decision, I hav been involved with globalizing a website for Mandarin, centralising all data access, improving stability and maintainability of the site as well as helping develop and maintain the site.

Latest projects include

Creating a reliable report generation for Epson
Implementing a CMS solution for Flash Videos for Watson-Marlow Bredal
The upgrading of the subscription services of Achilles Information Ltd, a company that provides public tender service opportunities for the open market.

Strengths include ASP .NET, Data Access, Tracing and Debugging, Cryptography, General Framework and BizTalk 2006.

Outside of work, Dominic enjoys seeing live bands, eating out, seeing friends and playing drums, bass and guitar - but not at the same time!

Site Sections

Article Categories

Archives

Post Categories

Image Galleries

Post image

Blogs

Books

Links

Blog Stats

Posts - 71
Comments - 31
Trackbacks - 3