How to STOP browsers from sharing session amongst tabs?

On successful login put some value in sessionStorage.setItem('userId',userId) and when ever user open new tab and tries to login check if sessionStorage.getItem('userId') is available if null it means it is a new tab / redirect to login page.

Session storage is tab specific and data are not shared between different tabs. Session storage runs in modern browser.

check this link for details

Try below code

On successful login add this below code

<script>

  if(typeof(Storage) !== "undefined") {
      sessionStorage.setItem("uniqueIdSessionStorage", "xyz");
  }
</script>


sessionStorage.getItem('uniqueIdSessionStorage') // this will be a tab specific you will not get xyz for other tabs.

1) Check if sessionStorage.getItem('uniqueIdSessionStorage') is not null, if null means new tab and new user.

2) On server side always store session attributes like below code

 session.setAttribute("userId"+UniqueValuePerUser,userId);

3) This way you can have multiple login with single session object for every user key will be unique.

4) Pass sessionStorage value server side somehow in request Parameter. One way is to send in url or somewhere hidden in input.

5) Now if you get 12345 value from tab. Then get details from session using below code

String uniqueId= request.getParameter("uniqueId"); // value will be 12345
session.getAttribute("userId"+uniqueId);

and if you get 45678 value from tab then

String uniqueId= request.getParameter("uniqueId"); // value will be 45678
session.getAttribute("userId"+uniqueId) // and other details from session using unique id;

6) This way with unique key in single session you can achieve multiple login but if one logout and you invalidate session other user will also get logged out because session object is one with unique key.

7) Instead of invalidate session remove that particular key from session.

session.removeAttribute("userId"+uniqueId);

Author by

Amit

"Be a good person, but never try to prove it." #SOreadytohelp I am a professional programmer and a Certified Scrum Master (CSM) currently working as Full Stack Java Developer. Technical Skills Java (Core and Advaced), Spring Security, MicroServices, AWS, C, C++, Android, JSP, JavaScript, jQuery, AngularJS, HTML,JSP, PL/SQL, Hibernate etc. Areas of Interest Any kind of programming, R & D which pays enough money Java based Application Development i.e. Core Java, J2EE, J2ME, JNI, Web Development Software designing and Solution analysis for cloud plateforms. Have knowledge of AWS architecture but can work on Azure or Google cloud too if case 1 above is true :). Web Services and Microservices Development. Web application security and related frameworks and projects like prevention against OWASP's Top 10 vulnerabilities. Algorithm optimization, fine tuning, research & development.

Updated on June 05, 2022