How to identify the browser tab that sent a request?

[jhsachs]

I need to be able to identify the  browser tab that sent each request the server receives.

 

I originally planned to do this by passing an ID back from each web page. However, I found that when the user leaves a web page by clicking a non-form button or a link, this causes huge problems. The ID really has to be returned via POST to prevent users from using it inappropriately, and the prospect of making a button or link do a POST is not appealing.

 

Is there any other technique I can use? I've examined all of the superglobals, but I didn't find anything that would work.

[kicken]

There is no way to identify a particular tab (or window for that matter) which made a request using just standard request variables.  What you need to do is inject something that will work as the identifier into the request via either the url or post parameters.  As you've experienced though, this is not fool-proof as users can do things that cause the ID to get lost (or shared).

 

Why do you need to know which tab or window it was?  Your app really shouldn't care about that kind of information.

 

[jhsachs]

Why do you need to know...?

 

My client's customers have been experiencing mysterious and upsetting malfunctions which, I finally figured out, are caused by accessing the web site through two tabs at once.

 

The site uses session variable to maintain status information. A user visits the site, starts a session, and does a considerable amount of work, which adds information to the session variables. Then the user starts another session, which wipes the session variables clean. Then they return to the first session and load a page which expects to find all the information which was added by the pages which had to be used to get there... and it's all gone.

 

We'd be happy if we could either keep the two sessions separate or prevent the user from starting the second one. Without being able to distinguish between the tabs, though, it's impossible to do either one of those things.

 

I've pretty much decided to do what you said -- pass a token from page to page -- but it won't be pretty.

[kicken]

or prevent the user from starting the second one.

 

You could do that.  Store some value in the session to indicate that one is in progress, and if that value is present show an error message saying they can only have one active session at a time.

 

From the usability point of view though it may be nicer to have it written to support multiple tabs by either moving the data out of the session or passing on a unique token.

 

[jhsachs]

I'm working on this now. The tricky part is making all of the links and non-form buttons pass a token via POST. I've figured out how to do that, but like I said, it ain't pretty.

 

From the usability point of view though it may be nicer to have it written to support multiple tabs by either moving the data out of the session or passing on a unique token.

 

Actually it's a toss-up. The web site's purpose really doesn't admit any sensible reason to do that. If anyone tries, it's either because they don't understand what they're doing, or they're trying to do it just to see if they can, or they're trying (probably without hope of success) to pull a fast one on the site owner.

 

I haven't decided which way to do it, though. The design is virtually the same either way; I don't have to choose a design until I'm almost done.