From 8abb8fd5799c2c161f04fa622f1df2617953d480 Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Fri, 3 Oct 2014 17:11:28 +0100 Subject: [PATCH] Fix MKWS-230 "We're STILL re-using inappropriate SP sessions within the same tab" Correct handling of session tokens (which are randomly generated in each new tab/window, then re-used in that tab/window until it's closed) combined with the hostname and path from the current URL. --- src/mkws-core.js | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/src/mkws-core.js b/src/mkws-core.js index e6ddd88..d88e751 100644 --- a/src/mkws-core.js +++ b/src/mkws-core.js @@ -251,20 +251,21 @@ mkws.pazpar2_url = function() { }; -// We put a session ID in window.name, as it's the only place to keep -// data that is preserved across reloads and within-site navigation. -// pz2.js picks this up and uses it as part of the cookie-name, to -// ensure we get a new session when we need one. +// We put a session token in window.name, as it's the only place to +// keep data that is preserved across reloads and within-site +// navigation. pz2.js picks this up and uses it as part of the +// cookie-name, to ensure we get a new session when we need one. // // We want to use different sessions for different windows/tabs (so // they don't receive each other's messages), different hosts and // different paths on a host (since in general these will // authenticate as different libraries). So the window name needs to -// include a session identifier, the hostname and the path from the -// URL. +// include the hostname and the path from the URL, plus the token. // +var token; if (window.name) { - mkws.log("Using existing window.name '" + window.name + "'"); + token = window.name.replace(/.*\//, ''); + mkws.log("Reusing existing window token '" + token + "'"); } else { // Incredible that the standard JavaScript runtime doesn't define a // unique windowId. Instead, we have to make one up. And since there's @@ -273,12 +274,14 @@ if (window.name) { // fingers. // // Ten chars from 26 alpha-numerics = 36^10 = 3.65e15 combinations. - // At one per second, it will take 116 million years to duplicate a session - var session = Math.random().toString(36).slice(2, 12); - window.name = window.location.hostname + window.location.pathname + '/' + session; - mkws.log("Generated new window.name '" + window.name + "'"); + // At one per second, it will take 116 million years to duplicate a token + token = Math.random().toString(36).slice(2, 12); + mkws.log("Generated new window token '" + token + "'"); } +window.name = window.location.hostname + window.location.pathname + '/' + token; +mkws.log("Using window.name '" + window.name + "'"); + // wrapper to provide local copy of the jQuery object. (function($) { -- 1.7.10.4