does the same session continue or a new session is created for the same "USER" when

Question

a user logs in from computer 'A' using firefox.

by my understanding, a 'session is created for that user by the server'

now,

without closing the browser tab,

user opens new tab and goes to the same page [that would require him to log in first]

what will happen?

will the server continue the same session, making the code recognize the user?

will the server start a new session for this request and destroy the old session?

consider the same question, but now the user logs in from another browser. what will happen?

Answer 1

The user session is usually kept in a cookie which is created by the web server, but is actually stored on the client. If the two Firefox tabs share the cookies, the session will be shared between them. However, if the two tabs don't share the cookies, there will be a server session created for each of them.

Answer 2

Sessions generally do not persist across browsers. If the user opens a new tab and goes back to the log in page and logs in again or if he gets automatically logged in all depends on how the back-end code is written.

Answer 3

This really all depend on the site programming. But generally you can see tabs sharing session but different browsers not.

Answer 4

The sessions are not shared between browsers and are only shared between tabs (or windows) if the new tab/window is spawned from the current page (unless cookieless session handled via the querystring). When you click a link and say open in a new tab or window or choose to duplicate the current tab/window, both tabs/windows will share the same session. This is browser dependant though and each brower could implement it differently.

It's very easy to test. Create a simple aspx page with a Label and a link back to the current page. In the PageLoad do the following:

if (Session["Test"] != null)
{
    Session["Test"] = (int)(Session["Test"]) + 1;
}
else
{
    Session["Test"] = 1;
}

yourLabel.Text = Session["Test"].ToString();

Then open the page using different methods. Use an href with target=_blank. The href will make a new tab/window and share the session but loading the page any other way shouldn't.

Answer 5

If it's a new tab then the same session will be used (because the browser will provide the same session cookie). If it's a different browser, the cookie will not be present and a new session will be started (the session in the other browser will persist assuming your using a standard session mechanism).

Answer 6

Sessions are based on cookies in which a Session ID is stored. So, it is purely a matter of how the browser stores it's cookies.

Generally, the browsers share cookies between tabs, so with new tab, the Session ID is preserved and new session will not be created.

Two different browsers, however, don't share the cookies, so in another browser, new session is created.

There are also cookieless sessions. In that case, the session ID is stored in URL (such as http://www.server.com?sessionId=12345). So obviously in this case if you open a new tab and type the address without sessionId, a new one is created too.