Sync client model with server session

[Jonob]

I'm not even sure if this is possible, but I am going to put it out there to see if anyone with more knowledge than me has an answer.

 

Apologies in advance for the wall of text.

 

I have an Adobe Flex app that works off an amfphp stack with a mysql backend. Basically, flex (which runs in flash) is a statefull application (i.e. it stores various variables client-side), and it consumes php services to CRUD the database. I am using the php $_SESSION superglobal to store various params on the server, which are set on login. For example, one of the vars that is stored is a company_id, which maps to the id field in the company table. This var is used in almost every query.

 

The same var maps to the flex model: model.company.id, which is also stored client-side. If user swaps to a different company on client, then the client model is updated, and a php service is called to udpate the session variable on the server. The benefit of this is that I dont need to pass the company_id through to the php services for every database operation, because it already exists in the server $_SESSION. This all works 100%.

 

However, there is one small issue, and thats if user opens up two tabs in the same browser. It seems that $_SESSION vars are per browser, and not per tab. So, assume that a user opens up Company A in tab 1, and then opens a second tab, logs into the app, and opens up Company B. Server session is now set to Company B (for both tabs!), so Tab 2 will work fine: client model and server are both set to Company B. But tab 1 doesnt know this - Client is still set to Company A, and user thinks that he is getting information on Company A, when in fact all the services are retrieving information on Company B, and he has no way of knowing that.

 

I am not sure of the best way around this; these are a few that I have thought of:

 

1. Include the model.company.id with every request, and never use the server side session. This would entail a LOT of re-coding.

 

2. Prevent user from logging in more than once with same session_id. Store user_id, session_id and last_action_time in session table. If an existing session is found from a user, then prevent login in second tab. This would seem to be an OK solution, with one exception: I have no idea how to tell if a user has logged off if he has just closed the browser without actually clicking the log-off button?

 

Any ideas on the above, or other suggestions?