# asp mvc : handling different session for different tabs in web application



## dashang (Mar 15, 2015)

How can i use different session in different tabs in  asp net  mvc. I want session Id to be available in that Tab only. and session should get expired in 14min.
       and also session should sustain in both tabs differently . I know it can be done by getting tab id from browser but dont know how ? i tried this Get an unique session in each browser tab | jgauffin's coding den    
but it didnt worked out . Any suggestion ?


----------



## Desmond (Mar 15, 2015)

I don't think you can maintain separate sessions for separate tabs. This has nothing to do with ASP, it's a browser issue.

You can do that with different browser windows though.


----------



## dashang (Mar 16, 2015)

Well there are some examples, like bank sites, irctc.co.in site etc which doesnt share same session between tabs


----------



## Desmond (Mar 16, 2015)

[strike]Wait a sec.

HTTP Sessions are unique to the requests that the server receives. Therefore, it should be possible in theory to send two different requests (possibly GET) from two different tabs and maintain two different sessions.

I am not familiar with ASP, therefore I cannot be sure how this is implemented. I will try to demo it using Java Servlets and let you know in sometime.[/strike]

Scratch that, it does not work. I just tested. It has something to do with cookies. Whenever you make a request to the server for the first time, the browser gets the session id and creates a cookie. Now, when you access the same URL again from another tab, it reads the stored cookie and and passes it with the request.

- - - Updated - - -

I disabled cookies on my server and now I am getting different session Ids for different tabs. You should try the same and see if it works for you.

I am not familiar with ASP, therefore I cannot help you with how to do that. There should probably be some attribute in whatever the ASP equivalent of the Context configuration file is.

- - - Updated - - -

Here's what I found:

With cookies:

Tab 1:

```
Session id is 0FCBBCC243224434979AD88CF19A8F84
Encoded URL is *localhost:8080/RequestDemo/Index.jsp
```

Tab 2:

```
Session id is 0FCBBCC243224434979AD88CF19A8F84
Encoded URL is *localhost:8080/RequestDemo/Index.jsp
```

Tab 3:

```
Session id is 0FCBBCC243224434979AD88CF19A8F84
Encoded URL is *localhost:8080/RequestDemo/Index.jsp
```

After disabling cookies:

Tab 1:

```
Session id is B382D2824A92A2D1D628BC071366D0C2
Encoded URL is *localhost:8080/RequestDemo/Index.jsp;jsessionid=B382D2824A92A2D1D628BC071366D0C2
```

Tab 2:

```
Session id is 0FCBBCC243224434979AD88CF19A8F84
Encoded URL is *localhost:8080/RequestDemo/Index.jsp;jsessionid=0FCBBCC243224434979AD88CF19A8F84
```

Tab 3:

```
Session id is CCC38E298162EC8C23E5AAF451CC9D38
Encoded URL is *localhost:8080/RequestDemo/Index.jsp;jsessionid=CCC38E298162EC8C23E5AAF451CC9D38
```


----------



## dashang (Mar 30, 2015)

i made some changes and now URL seems to be this :  *localhost:59581/(S(hkbcdzijjyd3ou2ba5qq3zct))/SearchAvailability

' hkbcdzijjyd3ou2ba5qq3zct ' changes with different tabs . 

what i  did is added following code in web.config :
<system.web>
    <sessionState timeout="15" cookieless="true" regenerateExpiredSessionId="false" />
  </system.web>



Now there is another problem, and  P.S. : i am using SignalR also .
        The thing with Timer  . I want each session to be associated a timer . That time has timeout period  and has timer function which automatically executes when timer has elapsed 14min. Till this is working fine. I have defined timer in MyHub of SignalR. but now how do i stop timer when user logoff?

- - - Updated - - -

when i start timer , it is done using object of MyHub class. But when i want to stop i dont have that object reference. Its gone.what to do?
-NEED TO HAVE PER TIMER PER SESSION_ID 
-WHEN USER CLOSES TAB then to its TIMER SHOULD GET STOP

here is the code: 

  public class MyHub : Hub
    {
        CuePOSStagingEntities db = new CuePOSStagingEntities();
        public Timer timer1;
        public static int session_warning_time = 14;
        public static int session_expiration_time = 15;
        public DateTime last_activity;
        public void InitTimer(int SelectedCompany)
        {
            //if (IsStop==true)
            //{
            //    timer1.Stop();
            //}
            timer1 = new Timer();
           // timer1.Elapsed += new ElapsedEventHandler(check_session);
            timer1.Elapsed += new ElapsedEventHandler((sender, e) => check_session(sender, e, SelectedCompany));
            timer1.Interval = 60000; // in miliseconds
            timer1.Start();
            timer1.Enabled = true;
            last_activity = DateTime.UtcNow;
        }


----------



## Desmond (Mar 30, 2015)

dashang said:


> i made some changes and now URL seems to be this :  *localhost:59581/(S(hkbcdzijjyd3ou2ba5qq3zct))/SearchAvailability
> 
> ' hkbcdzijjyd3ou2ba5qq3zct ' changes with different tabs .
> 
> ...



Everything gone over my head.  Lol

Please tell in simpler terms what you need.

- - - Updated - - -

But AFAIK,

Session timeouts are set by the server as part of the HTTP response.

The HTTP Reponse has a "Keep-alive" header which has the syntax:


```
Keep-Alive: timeout=15, max=100
```

Where "timeout" is the time in seconds how long the connection is to be maintained and "max" is maximum no. of connections that the server will entertain over that host (I think). The server will force close the connection if any of these values exceed.

You should be able to set both these values in your server configuration. I don't think you need a Timer object to create session-timeouts. You could timeout programmatically while creating the response in your code itself.


----------



## bikramjitkar (Apr 1, 2015)

dashang said:


> i made some changes and now URL seems to be this :  *localhost:59581/(S(hkbcdzijjyd3ou2ba5qq3zct))/SearchAvailability
> 
> ' hkbcdzijjyd3ou2ba5qq3zct ' changes with different tabs .
> 
> ...



I'm a Windows dev and haven't used SignalR much, but that code just doesn't look right. You shouldn't have to use timers for maintaining session time, as Desmond said. This stuff should be handled in the web config or Global.asax.


----------

