27 Sep 2010
27 Sep 2010
Link to this post
we are using Sitefinity CE 3.7 to develop an application portal.
During some unit testings, we've found that sessions are shared on multiple opened sitefinity's website on one or several browser. For example: on FF 3.6, user opens a tab and accesses te Sitefinity's admin website, logs in and goes to the dashboard (lets call this Session A). The same user , on the same browser instance, opens a new tab (not CTRL+T from the previous tab, but by clicking on the "open new tab" toolbar's button), let's call this Session B.
Tipically this should open a new Sitefinity's session and ask for login, keeping the 1st opened tab (the original) active and with Session A logged in.
Question is: after a few clicks on Session B, the user realizes that the logged in session is instead of the logged in user on Session A, meaning that it seams that the same session is shared on the various instances of the browser's tab. This also happens if the user opens a new instance of the whole browser (clicking on the FF shortcut icon, not opening a new browser from the FF's File menu).
I know that, when opening a tab or a new browser from an original tab or browser, that the "child" tab/browser will inherit the "opener" tab/browser's sessions. BUT this is not the case, as the user open a newly instance of the browser.
This also happens with IE6+ (of course, the user can open both FF and IE that the sessions are now inherited/shared...)
Anyone confirms this? Might this be a Sitefinity's feature? IIS mis-configuration? Browser specs? or ... a bug?
Thanks in advance,