Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.5.1, 1.5.2
-
None
Description
Using default window mode on Chrome (equates to LAZY?), if a clickable URL ends in ?&dswid=XYZ, opening that link in a new tab clones the old tab's window.name and dswid, instead of generating a new id.
I had this (very confusing) problem in my application when a urlrewrite outbound-rule accidentally used &dswid=XYZ instead of ?dswid=XYZ, but for simple applications it is easiest to reproduce like this:
1. visit a page URL which ends with ?dswid=XYZ
2. use the javascript console to check window.name
3. edit the URL so that it ends with ?&dswid=XYZ
4. paste the edited URL into a fresh browser tab (where window.name is empty)
5. use the javascript console to check window.name for the new tab
Both tabs have the same window.name, which leads to all window-based scopes in the session being shared for future requests in the affected tabs.
I haven't dug into the code too closely, but I suspect windowhandler.js is setting window.name when it sees &dswid in the URL, instead of triggering a lazy redirect as I think it should.