I have a custom module that opens a new browser on the click of a link button.  If user clicks new window open then refreshes dnn (3.3.5), authentication is lost and user is logged out.  This can easily be replicated by adding a button to the dnn file manager, clicking to open the new window, then clicking "refresh" on dnn file manager.  What is happening and how can I prevent it?

Javascript to open the window is called via:
<span style="CURSOR: hand" onclick="return launchUpload();"><img id="dnn_ctr411_fileManager_lnkUpload" name="lnkUpload" src="/desktopmodules/mymodule/images/ToolBarUploadEnabled.gif" alt="Upload" border="0" /><span id="dnn_ctr411_fileManager_lblUpload" class="Normal">Upload </span>

Javascript to open the window is typical:

<script language="javascript">
function launchUpload(){
 var strBar = 'directories=no,location=no,menubar=no,titlebar=no,toolbar=no,scrollbars=no,width=480,height=370,resizeable=no';
 var strLoc = 'http://url/desktopmodules/customModule/viewCtrlXl.aspx';
 var winEdit = open(strLoc,'newWindow',strBar);}
</script>