can't firefox natively or with an add on have tabs that are 'private' just like chrome, if so i should think you could do this by using this.

Hi,

Are you saying that chrome can (with an add on) or does (natively) have tabs that are private?

Cause, with my basic php login script that just checks to see if $session['login'] is set, i logged into my site in one chrome tab then accessed the site in another tab and i was still logged in.

Are you referring to Incognito mode (browse in private)?

incognito mode i meant

i haven't tried it, but surely it can't be incognito if it shares cookies/sessions with another tab

Chrome does seem to share the cookie with other incognito tabs (log into a site on one, and you are logged in on another one also), but not with the browser window that is not incognito. So you could have two Chrome instances running, one incognito and one not and log in with the different sets of credentials.

Firefox actually closes down and saves the tabs of the non-private session and won't open up a non-private one until you shut the private one, again any of the private sessions look like they can access the cookie (logging in with one tab means you are logged in on the other ones, even in a new window).

Would portable versions of the browsers ( eg firefox and say another like opera ) aid in anyway ?

So to answer the Original question. Yes to have two browsers be treated as two different sessions you would need to have each browser instance/tab keep a session key (that isn't stored in a cookie) that you pass back to the server with each request and persisted across different requests.

You can't store this session ID in the cookie as then it would be shared between the instances and you can only have one session logged in. If you tried to storing multiple cookies (one for each session) or multiple session keys in the cookie, you would run into the issue that the browser then would not know which cookie or session key belongs to it, unless you are storing the pointer to this key in another manner in each browser instance anyway (so it's easier just to keep the Session key in the first place).

A thread over here sums it up [velocityreviews.com...]
You have three ways:
1. Store session ID in cookie file
2. Store Session ID in the URL (for example,
example.com/HFFKSJ3F35R4W46HR435YFS/myFolder/myPage.aspx
3. Store Session ID in QueryString (for example,
example.com/myFolder/myPage.aspx?SID=HFFKSJ3F35R4W46HR435YFS

I would add a fourth option which would be a (hidden) form element containing the session key, but you can only use that if you are using POST's of the page to navigate to the next one.

Dijkgraaf and others,

thank for the info and pointer to the other doc. I will review and get back to you with a final solution.

BTW... I noticed that my credit union's web site, msufcu.org, is able to allow separate login's from multiple instances of the same browser. In viewing the site source, it appears that they are passing a session id back and forth.

Can anyone verify this?