don't open new window

[Jayme Assuncao Casimiro]

Is there the possibility of not permiting the user of opening
two windows of the same web site?

Thanks


+---------------------------------------------+
| Jayme Assuncao Casimiro |
| Graduado em Ciência da Computação |
| Estudante de Mestrado em Computação |
| Universidade Federal de Minas Gerais - UFMG |
+---------------------------------------------+

[Matthias Esken]

Jayme Assuncao Casimiro <jayme@dcc.ufmg.br> schrieb:

> Is there the possibility of not permiting the user of opening
> two windows of the same web site?

No. You can't control the user and the users browser(s) and computer(s).

Regards,
Matthias

[André Næss]

Jayme Assuncao Casimiro:

>
> Is there the possibility of not permiting the user of opening
> two windows of the same web site?

No.

André Næss

[Adi Schwarz]

Matthias Esken wrote:

>
> No. You can't control the user and the users browser(s) and computer(s).

Perhaps you could (with a complicated session-based tracker, or by
tracking IPs), but the point is that you *should not* control the user's
browser, that's not the purpose of a website!

-adi

[Eric Kincl]

Adi Schwarz wrote:

> Matthias Esken wrote:
>

>>
>> No. You can't control the user and the users browser(s) and computer(s).

>
> Perhaps you could (with a complicated session-based tracker, or by
> tracking IPs), but the point is that you *should not* control the user's
> browser, that's not the purpose of a website!
>
> -adi

I would say it's not even possible then. The client most probably caches
the page and when a new window is opened just opens it from cache. You
*may* be able to do it with JavaScript (if you are really anal, a
combination of javascript and PHP), but again, there is no reason you
should be limiting how many windows a client has open. You shouldn't care,
your PHP code should be robust enough to handle submissions/track where a
user is if they have multiple pages open, plus thats just one thing you
should mess with. A users web-browser is personal. At the point you start
making it impossible to do something, they get pissed. (Or do something
for that matter, like pop-ups). Take my advice, leave the browser alone.


-Eric Kincl

[Alvaro G Vicario]

*** Eric Kincl wrote/escribió (Fri, 21 Nov 2003 01:53:38 +0000):

> I would say it's not even possible then. The client most probably caches
> the page and when a new window is opened just opens it from cache.

User can spoil any attempt just opening two browsers (Explorer and
Mozilla)—given that he actually care. I normally leave annoying sites
unexplored ;-)



--
--
-- �lvaro G. Vicario - Burgos, Spain
--

[R. Rajesh Jeba Anbiah]

Eric Kincl <Eric@Kincl.net_NO_SPAM_> wrote in message news:<3fbd7022@news.gvsu.edu>...

> Adi Schwarz wrote:
>

> > Matthias Esken wrote:
> >

> >>
> >> No. You can't control the user and the users browser(s) and computer(s).

> >
> > Perhaps you could (with a complicated session-based tracker, or by
> > tracking IPs), but the point is that you *should not* control the user's
> > browser, that's not the purpose of a website!
> >
> > -adi

>
> I would say it's not even possible then.

No. It's possible. As Adi said, you need complex session
processing for that. BTW, I don't mean disabling "Open new window"
option of browser---I mean if the user opens a new window, then prompt
a error message or force log off.

My bank ( [url]http://www.icicibank.com/[/url] )have such option. They won't
allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
"Open link in new window". If you do so, then they will force log off
telling that it's for security purpose.

---
"One who mix sports and patriotism is a barbarian"
Email: rrjanbiah-at-Y!com

[André Næss]

R. Rajesh Jeba Anbiah:

> Eric Kincl <Eric@Kincl.net_NO_SPAM_> wrote in message
> news:<3fbd7022@news.gvsu.edu>...

>> Adi Schwarz wrote:
>>

>> > Matthias Esken wrote:
>> >
>> >>
>> >> No. You can't control the user and the users browser(s) and
>> >> computer(s).
>> >
>> > Perhaps you could (with a complicated session-based tracker, or by
>> > tracking IPs), but the point is that you *should not* control the
>> > user's browser, that's not the purpose of a website!
>> >
>> > -adi

>>
>> I would say it's not even possible then.

>
> No. It's possible. As Adi said, you need complex session
> processing for that. BTW, I don't mean disabling "Open new window"
> option of browser---I mean if the user opens a new window, then prompt
> a error message or force log off.
>
> My bank ( [url]http://www.icicibank.com/[/url] )have such option. They won't
> allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
> "Open link in new window". If you do so, then they will force log off
> telling that it's for security purpose.

Well they can obviously do that because you have to log in and thus they can
link all your actions to you as a person. But in the general case you don't
have that luxury.

But really, instead of disallowing the Stop, Refresh and CTRL-N buttons the
bank should get a fucking clue and implement their system so that it can
handle those sorts of things. Doesn't sound like a bank I would want to
use. "Our security depends on the user's ability to not make mistakes.".
Right.

André Næss

[Matthias Esken]

[email]ng4rrjanbiah@rediffmail.com[/email] (R. Rajesh Jeba Anbiah) schrieb:

> Eric Kincl <Eric@Kincl.net_NO_SPAM_> wrote in message news:<3fbd7022@news.gvsu.edu>...
>

>> I would say it's not even possible then.

>
> No. It's possible. As Adi said, you need complex session
> processing for that. BTW, I don't mean disabling "Open new window"
> option of browser---I mean if the user opens a new window, then prompt
> a error message or force log off.
>
> My bank ( [url]http://www.icicibank.com/[/url] )have such option. They won't
> allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
> "Open link in new window". If you do so, then they will force log off
> telling that it's for security purpose.

Which information do they use for this? IPs can change (Proxy!) and
browsers can change.

Regards,
Matthias

[R. Rajesh Jeba Anbiah]

Matthias Esken <muelleimer2003nospam@usenetverwaltung.org> wrote in message news:<bpll7c.1a4.1@usenet.esken.de>...

> [email]ng4rrjanbiah@rediffmail.com[/email] (R. Rajesh Jeba Anbiah) schrieb:
>

> > Eric Kincl <Eric@Kincl.net_NO_SPAM_> wrote in message news:<3fbd7022@news.gvsu.edu>...
> >

> >> I would say it's not even possible then.

> >
> > No. It's possible. As Adi said, you need complex session
> > processing for that. BTW, I don't mean disabling "Open new window"
> > option of browser---I mean if the user opens a new window, then prompt
> > a error message or force log off.
> >
> > My bank ( [url]http://www.icicibank.com/[/url] )have such option. They won't
> > allow you to use "Stop button", or "Refresh button" or "Ctrl+N" or
> > "Open link in new window". If you do so, then they will force log off
> > telling that it's for security purpose.

>
> Which information do they use for this?

I don't know about their implementation. The pages are in JSP. I
think, they're doing this with session. Also, their system is somewhat
buggy---sometimes the system fails to recognize the use of "Stop
button" or "Refresh button" or "Ctrl+N"...

Here is my simple, quick (but buggy) solution:

<?php
session_start();
header('Cache-Control: no-store, no-cache, must-revalidate'); //don't
cache the page

if (isset($_SESSION[$_SERVER['PHP_SELF']]))
{
echo 'Error: You cannot see a page more than once or open more
than one window.';
}
else //no problem...
{
$_SESSION[$_SERVER['PHP_SELF']] = 1;
echo 'Hello, World!.';
//show other contents...
}
?>

---
"There are two kinds of people, those who do the work and those who
take the credit. Try to be in the first group; there is less
competition there."---Indira Gandhi
Email: rrjanbiah-at-Y!com