New tab using url_target="_blank" uses same session #1629

gbrandt · 2023-07-24T22:48:57Z

If I have a button that opens a new page on the same app, or the app itself, it uses the same session and any changes on the new tab reflect in the original tab.

Code example to reproduce the issue:

Start the app, click the new tab button. Any action to increase the value in the first tab are also shown in the second tab

import flet as ft


def main(page: ft.Page):
    page.title = "Flet counter example"
    page.vertical_alignment = ft.MainAxisAlignment.CENTER

    txt_number = ft.TextField(value="0", text_align="right", width=100)

    def minus_click(e):
        txt_number.value = str(int(txt_number.value) - 1)
        page.update()

    def plus_click(e):
        txt_number.value = str(int(txt_number.value) + 1)
        page.update()

    page.add(
        ft.Row(
            [
                ft.IconButton(ft.icons.REMOVE, on_click=minus_click),
                txt_number,
                ft.IconButton(ft.icons.ADD, on_click=plus_click),
            ],
            alignment=ft.MainAxisAlignment.CENTER,
        )
    )

    page.add(ft.ElevatedButton("new tab", url="http://127.0.0.1:3000", url_target="_blank"))


ft.app(target=main, view=ft.WEB_BROWSER)

Describe the results you received:

Any action to increase the value in the first tab are also shown in the second tab

Describe the results you expected:

The new tab should start a new session, not use the existing session. If I just open a new tab and type the address in the URL, a new session is started.

Additional information you deem important (e.g. issue happens only occasionally):

Flet version (pip show flet):

Name: flet
Version: 0.8.2
Summary: Flet for Python - easily build interactive multi-platform apps in Python
Home-page: 
Author: Appveyor Systems Inc.

Operating system:

macOS, tested in Safari and Firefox

Additional environment details:

The text was updated successfully, but these errors were encountered:

FeodorFitsner · 2023-07-25T00:42:01Z

I found this which looks like our case: https://stackoverflow.com/questions/20879714/how-to-prevent-sessionstorage-being-inherited-when-using-target-blank-window

I could be mistaken, but url_launcher, the package we use in Flet to follow URLs, uses window.open. Someone suggests adding 'noopener=true' which could be a solution. We can try that. Let's mark this issue as a bug.

FeodorFitsner · 2023-07-25T01:09:22Z

...and this could be a solution from a different angle - store session data in window.name. Could work for Flet as it stores only session ID in a tab session.

Fix #1629

We've been storing sessionID in window.name because of #1629. However, `window.name` is not preserved in mobile Safari during OAuth session. It looks like Flutter has fixed that in launchUrl() (https://github.com/flutter/packages/blob/main/packages/url_launcher/url_launcher_web/lib/url_launcher_web.dart#L87) https://stackoverflow.com/a/73821739/1435891

* Fix "_FletSocketServer__receive_loop_task" error on Linux Fix #2781 * Replace deprecated `datetime.utcnow()` with `datetime.now(UTC)` Fix #2827 * Fix a call to `self.__executor.shutdown` for Python 3.8 Fix #2825 * Use `timezone.utc` instead of `datetime.UTC` * Add client IP and user agent to a session ID To make session ID hijacking harder * Generate crypto-strong strings * Flet version bumped to 0.21.2 * Ensure control exists in _process_remove_command * Store session ID in SessionStorage instead of window.name We've been storing sessionID in window.name because of #1629. However, `window.name` is not preserved in mobile Safari during OAuth session. It looks like Flutter has fixed that in launchUrl() (https://github.com/flutter/packages/blob/main/packages/url_launcher/url_launcher_web/lib/url_launcher_web.dart#L87) https://stackoverflow.com/a/73821739/1435891 * Changelog updated

* Added `page.debug` and `page.platform_brightness` props Close flet-dev#1649, close flet-dev#1630 * Store session ID in `window.name` Fix flet-dev#1629 * Do not assign random port on Windows with `--ios` flag Fix flet-dev#1620 * Update local_connection.py * Build Android QR

* Fix "_FletSocketServer__receive_loop_task" error on Linux Fix flet-dev#2781 * Replace deprecated `datetime.utcnow()` with `datetime.now(UTC)` Fix flet-dev#2827 * Fix a call to `self.__executor.shutdown` for Python 3.8 Fix flet-dev#2825 * Use `timezone.utc` instead of `datetime.UTC` * Add client IP and user agent to a session ID To make session ID hijacking harder * Generate crypto-strong strings * Flet version bumped to 0.21.2 * Ensure control exists in _process_remove_command * Store session ID in SessionStorage instead of window.name We've been storing sessionID in window.name because of flet-dev#1629. However, `window.name` is not preserved in mobile Safari during OAuth session. It looks like Flutter has fixed that in launchUrl() (https://github.com/flutter/packages/blob/main/packages/url_launcher/url_launcher_web/lib/url_launcher_web.dart#L87) https://stackoverflow.com/a/73821739/1435891 * Changelog updated

FeodorFitsner added the bug Something isn't working label Jul 25, 2023

FeodorFitsner added a commit that referenced this issue Jul 27, 2023

Store session ID in window.name

4f97f06

Fix #1629

FeodorFitsner closed this as completed in eb209ed Aug 2, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New tab using url_target="_blank" uses same session #1629

New tab using url_target="_blank" uses same session #1629

gbrandt commented Jul 24, 2023

FeodorFitsner commented Jul 25, 2023

FeodorFitsner commented Jul 25, 2023

New tab using url_target="_blank" uses same session #1629

New tab using url_target="_blank" uses same session #1629

Comments

gbrandt commented Jul 24, 2023

FeodorFitsner commented Jul 25, 2023

FeodorFitsner commented Jul 25, 2023