Separate webapp session for browser tabs - http

Is there a way to make a web app handle separate sessions for different browser windows/tabs other than having session id inside the URL?
In general form, what are the ways of storing session-id other than cookies and URL parameter?

I think you can try do it by using hidden fields in forms, but you have to create hidden form and make all links act as submit button (with some short JavaScript code setting proper value in fields responsible for target), but IMHO it is not the best solution, because all the requests will be using POST method and get all disadvantages of it.
And as question about other methods here is short list.

In short, no. You don't get any tab information from the client; a new browser window is just another client. The only way to differentiate clients is via cookies or parameters. Maybe you could create a tab-named cookie based on the javascript window object ID or something, but I kind of doubt it.
HTML5 (advert click-through, sorry) has some per-tab local storage options, but that probably won't help you right now.
Not sure if you searched before posting, but I found another question like yours - unanswered, but some good advice in the suggestions.

Related

What happens when we fill User Name and Password fields on a website and click login or submit button?

I am little new to programming (especially to web designing). I have learned that the World Wide Web is based upon a protocol called HTTP. And also each and every item (I mean web pages, images, css & js files etc) are transferred according to the HTTP Requests. So my problem is this.
When we fill a web form (especially a login form like fb) and click ok, login or submit button, What Happens Next? Does it send another http request or does it use some special technique?
Is it safe or does anyone can hack our user names and passwords when that requests are traveling through internet?
It actually depends on the person who made it. They can create an output which would show the values entered or it can be entered to a database for other usage. There's so many things can be done and that would actually depend on the need of the user.
Added for 2nd question:
There are a number of ways to encrypt these data to avoid being hacked. If you use a very basic technique in transferring the values that you submit then there would be a huge possibility that it can be hacked. But, not to worry as there are plenty of ways to be safe.

HTML5 Page Request

I have been searching around for a way to simply request webpages with HTML5. Specifically, I want to do an HTTP(S) request to a different site. It sounds like this is not possible at first due to obvious security reasons, but I have been told this is possible (maybe with WebSockets?).
I don't want to use iframes, unless there is a way to make it so the external site being requested does not know that it is being requested through an iframe.
I've been having a really difficult time finding this information. All I want to do is load a webpage, and display it.
Does anyone have some code they could share, or some suggestions?
Thanks.
Sounds like you are trying to to circumvent Same Origin Policy. Don't do that :)
If it is just the request you want (and nothing else), there are a number of ways to do it, namely with new Image in JavaScript or iframe. The site will know it is in an iframe by checking top.location.href != window.location.href.
funneling all your requests through a proxy might be a solution - the client addresses only the proxy and the actual url to retrieve would be a query string parameter.
best regards, carsten

Fill fields on website

I am opening up a web page from a link button.
My issue is populating this web page with data that I need to be pre-populated in some of the fields on that web page.
Can anyone please assist?
Many thanks in advance
Because this involves cross-domain posting of data, you are limited in the approaches that you can take.
If you can guarantee that this will only be small amounts of data, you could pass it in the QueryString. Another alternative is on the click event of the linkbutton, save the data to disk or a database, and pass a reference in the QueryString. This reference might be a filepath if the sites are hosted together or a table id if the sites have access to the same database.
Neither of these approches are ideal. You should provide more information such as how the domains are related if at all and whether they can be hosted in the same App Pool. Do you control the code for both sites?
Perhaps you are asking how to pass variables via the query string:
http://www.aspnet101.com/2007/07/querystring-results-and-sql-statements/
http://www.codeproject.com/KB/aspnet/QueryString.aspx
That is a very useful skill. Then you can create hyper-links (you "link buttons") with query string variables in them:
http://www.informit.com/articles/article.aspx?p=28493&seqNum=3
Based on the requirements that you have stated in the comments on other answers, you cannot set the form fields on the 3rd party site unless you create some sort of browser addin. If this for an in-house purpose, that you would not need the general public to use, you could create firefox or chrome addin to do this. The addin could read the values off the page the link button is on and then apply them to the following page. You may be able to create a greasemonkey script to do this too.

asp.net url concealment?

In my asp.net 2005 app, I would like conceal the app structure from the user. Currently, the end user can learn intimate details of my web app as they navigate and watch the url change. I don't want the end user to know about my application structure. I would like the browser url to not change if possible. Please advise.
thanks
E.A.
URL rewriting is the only one that can provide any kind of real concealment.
Just moving the requests to AJAX or to frames, means anyone (well, more advanced users) can still see those requests being fired, just not in the address bar.
Simplest solution is to use frames - a single frame that holds your application and is 100% * 100%. The URL will not change though the underlying URL can still be seen via "View Frame info", however only advanced users will even figure that out.
In your pages, make sure that they are contained inside the holding frame.
A couple of possibilities.
1) use AJAX to power everything. This will mean that the user never leaves the home page
2) use postbacks to power everything. In this, you'd have all those pages be user controls which you progrmattically hide or show.
3) URL rewriting (especially if this is asp.net 3.0 or later)
My site uses url parameters to dynamically load ascx files into a single main aspx. So if I get 'page_id=123' on the query string, I load the corresponding ascx. The url changes, but only the query string - the domain part remains the same.
If you want the url to remain precisely the same at all times, then frames (per Oded) or ajax (per Stephen) are probably the only ways to do it.
Short answer: use URL encryption
A simple & straight article: http://devcity.net/PrintArticle.aspx?ArticleID=47
and another article: https://web.archive.org/web/20210610035204/http://aspnet.4guysfromrolla.com/articles/083105-1.aspx
HTH

Can I programmatically tell when a new tab is opened in the browser?

I'm addressing a problem with an ASP .NET web application where I want to avoid using query strings to uniquely identify dynamic content. I want to index the content relative to the opened tab/window that is displaying it. Is this programmatically possible? If so, what is the compatibility of the approach across multiple browsers? Thank you for your help.
No. It's not really any different to the user opening a new browser window, or opening the calculator application to work something out, etc. It happens outside the context of your web page and, short of a browser plugin, you can't get notification of this.
No, it's not possible by "tab" (i.e., browser window instance).
The closest you'll get is to drive new page requests off of session data established in previous requests but that's really a far cry from what you're asking asking for.
I'd tell whomever is "tasking" you with this that they are a moron you can't change the fundamental communication protocols of the web.

Resources