I'm reading "PHP and MySQL novice to ninja" book and it says:
In fact, it would be very secure to change the user’s session ID on every page load. However, doing so causes several practical problems. If someone has different pages open in different tabs, or the website uses a technology called Ajax, they effectively get logged out of one tab when they open another!
I can't understand what is going on behind the scenes and why the user gets logged out of previous tab when opens another tab. By generating a new session ID, a new cookie containing the new session ID will be sent to the browser.
So when i open another tab, the session ID will change and a new cookie will be sent to the browser. Why don't the browser use the new cookie to continue being logged in and what exactly happen that the pages get logged out?
Opening a new tab doesn't start a new session if the same site is already open in the same browser. The browser tries to use the existing session. You can observe this behaviour yourself, on this very website even - if you open a new tab (as well as the one where you're reading this) and go to StackOverflow you are not asked to log in again.
But if every request were to generate a new session then it would invalidate the shared session across all already-open open tabs from that site, because they would be relying on the old cookie in the background.