Sessions in a popup window

[Raffi]

We have an application that runs in a popup window with custom menus,
toolbars etc. The application uses session cookies. We would prefer for
the session cookies to be valid only in the popup window. In other
words, if the user cuts and pastes the URL into the opener address bar,
the session should not be valid (the application should not run) in the
opener window. Is there any way to enforce this behavior with the
window.open method or otherwise?

Thanks,
Raffi

 

[shimmyshack]

no there isnt really, not in the days of greasemonkey, what about those
people using firefox who have their settings to open all windows in a
new tab.
However, since an open window has an "opener" you could try chatting
between them at intervals.
What exactly are you trying to protect by doing this? The code to your
webpage because you are also locking down the right click, a freebie
proxy server will reveal all your data, even if you use SSL, so youve
already lost that fight.
Anything that is downloaded to your clients user-agent is immediately
vunerable to alteration, cookies can be played around with, and your
webcode itself can be filtered proxied, altered using greasemonkey
saved to hard disk using an injected iframe etc...
protection of web source is like keeping water from running through
your cupped hands. I have some super-glue if you think it will help.