How to differ sessions in browser-tabs?

Question

In a web-application implemented in java using JSP and Servlets; if I store information in the user session, this information is shared from all the tabs from the same brows

Answer 1

I've been reading this post because I thought I wanted to do the same thing. I have a similar situation for an application I'm working on. And really it's a matter of testing more than practicality.

After reading these answers, especially the one given by Michael Borgwardt, I realized the work flow that needs to exist:

1. If the user navigates to the login screen, check for an existing session. If one exists bypass the login screen and send them to the welcome screen.
2. If the user (in my case) navigates to the enrollment screen, check for an existing session. If one exists, let the user know you're going to log that session out. If they agree, log out, and begin enrollment.

This will solve the problem of user's seeing "another user's" data in their session. They aren't really seeing "another user's" data in their session, they're really seeing the data from the only session they have open. Clearly this causes for some interesting data as some operations overwrite some session data and not others so you have a combination of data in that single session.

Now, to address the testing issue. The only viable approach would be to leverage Preprocessor Directives to determine if cookie-less sessions should be used. See, by building in a specific configuration for a specific environment I'm able to make some assumptions about the environment and what it's used for. This would allow me to technically have two users logged in at the same time and the tester could test multiple scenarios from the same browser session without ever logging out of any of those server sessions.

However, this approach has some serious caveats. Not least of which is the fact that what the tester is testing is not what's going to run in production.

So I think I've got to say, this is ultimately a bad idea.