The Perils of Tabbed Browsing


Most browsers since IE6 have the ability to have multiple tabbed windows running in the one browser session.  It’s a great feature and very useful when browsing the Internet, but can cause some confusing even insecure behaviour in Apex applications if not coded correctly.
The two situations that are Tab Browsing unfriendly are as follows:
  1.  Pages that branch back to themselves.
  2. Pages that reference session values from other pages.
Situation 1 occurs usually when you have a report and form and the form is set to branch back to itself once the Save or Create buttons are clicked.  To save re-querying the form record, you would think it quite ok submit the page and create a simple branch back to itself (e.g.  f?p=100:1).   Wrong! This is tabbed browsing unfriendly, as if a different record has be opened in another tab in the mean time, then the session values have changed and the page will refresh and display the session values from the other tab where the current tab values are null – very confusing.     Depending on how you’ve coded you application, this may become insecure as you can use tabbed browsing to manipulate session values and change the intended flow of the application.

Situation 2.  I’ve seen some developers do this all the time in their applications; I don’t except where I have a wizard process.  In a Wizard I’ll often share session values between the different pages to save re-querying the database.  This is now also tabbed browsing unfriendly as the user is able to open up two versions of the wizard, both of which will use session values from the latest wizard to be opened.  

Solution.  Don’t share session values from other pages unless you’re sure they will not be affected by tabbed browsing.  If they are ok and you are sharing them, then they should probably be application items.  When branching back to itself, ensure you reset the pk item value and clear the page cache, thus forcing a complete refresh of the session values.

To find which branches are potentially tabbed browsing unfriendly
  •  Go to utilities/branch utilities/Branches per Page report
  • Compute a new column with the following formula:
  • decode(A,substr(B,14,length(A)),'Y','N')
  • Filter the new column to display ‘Y’ and look for branches that have no parameters in them.

To find pages that reference items from other pages:
  • Utlities/Advisor  hit "Deselect All" and check the "Referenced item is on Current Page"


Comments