From 9044b6413fbc87b25dded1f1ecd32f4b6b971a77 Mon Sep 17 00:00:00 2001
From: Mike Taylor <mike@indexdata.com>
Date: Fri, 3 Oct 2014 17:00:43 +0100
Subject: [PATCH] Towards better cookie names.

---
 src/mkws-core.js |   29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/src/mkws-core.js b/src/mkws-core.js
index 718c350..d8ca560 100644
--- a/src/mkws-core.js
+++ b/src/mkws-core.js
@@ -109,20 +109,31 @@ mkws.log = function(string) {
 };
 
 
-// Incredible that the standard JavaScript runtime doesn't define a
-// unique windowId. Instead, we have to make one up. And since there's
-// no global area shared between windows, the best we can do for
-// ensuring uniqueness is generating a random ID and crossing our
-// fingers. We stash this in window.name, as it's the only place to
-// keep data that is preserved across reloads and within-site
-// navigation. pz2.js picks this up and uses it as part of the
-// cookie-name, to ensure each tab gets its own session.
+// We put a session ID in window.name, as it's the only place to keep
+// data that is preserved across reloads and within-site navigation.
+// pz2.js picks this up and uses it as part of the cookie-name, to
+// ensure we get a new session when we need one.
+//
+// We want to use different sessions for different windows/tabs (so
+// they don't receive each other's messages), different hosts and
+// different paths on a host (since in general these will
+// authenticate as different libraries). So the window name needs to
+// include a session identifier, the hostname and the path from the
+// URL.
+//
 if (window.name) {
   mkws.log("Using existing window.name '" + window.name + "'");
 } else {
+  // Incredible that the standard JavaScript runtime doesn't define a
+  // unique windowId. Instead, we have to make one up. And since there's
+  // no global area shared between windows, the best we can do for
+  // ensuring uniqueness is generating a random ID and crossing our
+  // fingers.
+  //
   // Ten chars from 26 alpha-numerics = 36^10 = 3.65e15 combinations.
   // At one per second, it will take 116 million years to duplicate a session
-  window.name = Math.random().toString(36).slice(2, 12);
+  var session = Math.random().toString(36).slice(2, 12);
+  window.name = window.location.hostname + window.location.pathname + '/' + session;
   mkws.log("Generated new window.name '" + window.name + "'");
 }
 
-- 
1.7.10.4