How to differ sessions in browser-tabs?

Question

In a web-application implemented in java using JSP and Servlets; if I store information in the user session, this information is shared from all the tabs from the same brows

Answer 1

Note: The solution here needs to be done at application design stage. It would be difficult to engineer this in later.

Use a hidden field to pass around the session identifier.

For this to work each page must include a form:

Every action on your side, including navigation, POSTs the form back (setting the action as appropriate). For "unsafe" requests, you could include another parameter, say containing a JSON value of the data to be submitted:

As there are no cookies, each tab will be independent and will have no knowledge of other sessions in the same browser.

Lots of advantages, particularly when it comes to security:

• No reliance on JavaScript or HTML5.
• Inherently protects against CSRF.
• No reliance on cookies, so protects against POODLE.
• Not vulnerable to session fixation.
• Can prevent back button use, which is desirable when you want users to follow a set path through your site (which means logic bugs that can sometimes be attacked by out-of-order requests, can be prevented).

Some disadvantages:

• Back button functionality may be desired.
• Not very effective with caching as every action is a POST.

Further information here.