Regenerate session when duplicate Openemr's tab


(Amiel Elboim) #1

Hi.

I’ve found strange behavior of the system. When you duplicate a tab in the browser, the session (and cookie) are regenerated with same data. So if you logout from first tab you are still connected in the second tab.
This is caused because of a ‘session_regenerate_id’ function in the top of main_screen.php file.
I haven’t found a similar behavior in other systems.
I think it can cause security problems because a logout command doesn’t delete all the open sessions.

Why does it work that way?

Thanks
Amiel


(Brady Miller) #2

hi @amiel ,
This was done to support the ‘Open in New Window’ feature in the Patient List. So, when a tab is created, it is treated as a completely separate session (or else the patient_id and encounter_id and a bunch of other session stuff will clash and turn into a patient safety issue).
-brady


(Amiel Elboim) #3

O.k. makes sense.
Thanks.