I’m just posting this to show how it could be possible, but I STRONGLY suggest you never ever even try to use this technique. It opens up entire worlds of security problems, and any minor convenience you could offer your users will be absolutely annihilated by the problems it causes.

That being said, you can use PHP’s trans_sid (“transparent session ID”) support, where the session ID is automatically embedded into URLs and as hidden form fields. This would allow you to open multiple windows, each with its own session, with no sharing betweeen the windows.

Basically you’d turn off cookie-based sessions and use ONLY the transparent IDs: PHP will automatically modify <a href="..."> to add in the session ID parameter into query strings, and insert hidden form fields as needed. It will not work on JS code and the like, but you can add in the ID yourself there.

However, here’s the problem: Now that session ID is embedded in the URLs and forms, bookmarking a page on your site will tie that bookmark to the particular session in use at the time. Cut ‘n pasting a url to share something will also transmit the user’s session to whoever they send the link to. Clicking on any links to the outside world from your site will transmit the session ID as part of the referer. e.g. you’ve just made session hijacking utterly trivial, because the user will be yelling their session ID from the rooftops everytime they do anything.

simpler solution: Use the browser’s “porn mode” so each window has its own cookie storage, separating each user’s window/session from the others.