Closed Bug 280240 Opened 20 years ago Closed 20 years ago

Mozilla does not create a new session until ALL browser windos are closed

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 117222

People

(Reporter: patrickp, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041217
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041217

I don't have a link to a page to offer because the page is one that I am
developing on in intranet.  The problem is that unlike IE 5.0-6.0 Mozilla does
not create a new session variable when a new window is opened from from links on
the desktop or quick launch bar.  I'm developing this webpage using APACHE and
PHP.  If you call the function session_start() in php and open as many windows
as you want they all share the same session variable, AND the session does not
expire until you close Mozilla completely.  The PHP function session_id() when
called without a named ID is supposed to create a new session but this seems to
have no effect on Mozilla.  I am not sure if this is an intentional feature of
Mozilla because I've tested this with Netscape 7.2 and it produced the same
results.  If there is coding that I can use to implement new sessions every time
a browser is launched from the desktop or quick launch bar I would greatly
appreciate being directed to an appropriate source for such code.  I use Mozilla
daily and love it but this could present problems for webmasters who rely on
session variables to track activity on their website...

Thank You,

Patrick

Reproducible: Always

Steps to Reproduce:
1. Open one browser on a site that tracks php sessions and echo the $_PHPSESSID
2. Open another browser on a site that tracks php sessions and echo the $_PHPSESSID
3.

Actual Results:  
You get the same session variable

Expected Results:  
Opened another session

I think this could be a security issue if users are not informed about the
continuity of the session variable.  If you leave your computer unattended and
the website has a long timeout, or worse persistent sessions, another user could
potentially use the history to go back to an unexpred session without
verification of password, user id, etc...  I know that a computer should be
locked to minimise unauthorized use but most users require a more fool proof
solution.
mozilla and netscape have always behaved this way... so, I don't think this
needs to be marked security-sensitive.

*** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Group: security
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.