sunsetsystems wrote on Thursday, July 26, 2007:
This old thread: http://sourceforge.net/forum/forum.php?thread_id=1307624&forum_id=202506 discusses a problem that has been annoying me for a long time… that OpenEMR works poorly, even dangerously, when used in multiple top-level browser windows on the same machine. There is more information about the general issue at http://aranea.zuavra.net/index.php/80/ .
I think I finally have a solution that does not involve extensive code mangling. It takes advantage of the ability of JavaScript to change cookies (and thus the session ID) in the browser.
First, I added a bit of JavaScript to interface/login/login.php to delete the session cookie when a new login occurs. This ensures that a unique session ID is generated for each login (we assume you start each new browser window session with a login).
Then, I added this to interface/main/main_screen.php and other top-level windows:
<script language=‘JavaScript’>
function restoreSession() {
document.cookie = ‘<?php echo session_name() . ‘=’ . session_id(); ?>; path=/’;
return true;
}
</script>
What this does is restore the session cookie’s value to the session ID that was supplied when the window was created. This is meaningful if another OpenEMR window has changed the cookie to its own session ID.
Thus by calling the JavaScript function top.restoreSession(), which can be done from just about anywhere, the correct session ID will be available to your PHP scripts. This you would want to do just before invoking any server-side script that depends on good PHP session data, since the browser sends the session cookie along with every request sent to the web server.
What remains, then, is adding little snippets like “onclick=‘top.restoreSession()’” or “onsubmit=‘return top.restoreSession()’” wherever the web server is invoked. I’m working on that part now. Testing so far is giving very good results.
Of course it’s not totally foolproof. For example the user can hit the Refresh button on their browser to bypass restoreSession(), but it’s a lot better than it was.