Subject AW: AW: [firebird-support] Terminal Server
Author Steffen Heil

> There are several COPIES running,

right, the server does not load the same exe-file more than once into

> but they share the same set of cookies.

However, this is wrong. Every TS connection has it's own windows session and
it's own processes.
IF you php server shares sessions between these, it's not IE's fault, it's
your php servers configuration.
IF the server associates session to clients by ip, then this will be the
case. If it uses cookies, this will not happen.

Even multiple IE instances started on their own (NOT spawned by ctrl-n) will
have their own session. Period.
A am using this every day. One session to my dev-CMS logged in as admin, and
another session not logged in at all.
And this is a terminal server and it works.

> I am going to have to get the users to log onto TS individually and then
log into the application - I think. That takes some time, but they will just
have to put up with extra minutes on serving times :) ( A 'user' will go
into an interview room and call a client - currently login and call takes
seconds because the browser is left open on a generic login )

You can, but this is not necessary.

> > Actually it is absolutely possible to get an unique connection
> > identifier and maybe even the clients name (but I believe, that would
> > need some hacks), but not though the browser and php sessions from the
> > server. I would consider THIS a security lack.
> As you can see from the first two points. UserId is not a sufficient check
that the information should be available at a particular location
> ;) Different userid's for different areas is just not practical ;(

I am not talking about userids. I am talking about ts connection ids. Every
connection has some connection information associated with it, which you can
query, as soon as you have the connection id. Search msdn library online for
terminal services api. Some of the information provided should be the client
name, but you should at least get the clients ip that way.

> Forget it - the whole point of the last four years work was to get OS
independent / browser independent operation.

Right, I didn't recommend that either, I just wanted to mention that it IS

> I just don't know how to tell the customer that I can't supply a system
that meets their requirements on a Terminals Server System.

Right, once again. I think, there will be no os-independent way to detect
the clients ip, if it is hidden behind a terminal server using php. So you
need to tell your client that he needs something plattform dependent OR
mustn't use terminal servers inbetween.

However, the ActiveX would only need to be a very small component and would
only need to be included in those login requests, that come from the ip of
the terminal server. If you client has such requirements, I might be worth
that little tradeoff.

> At least we did say that making that end work would be down to them ;) but
now I have to say why it won't :(

Much fun.