Multiple sessions and forms-based authentication

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine

The web.config file is configured as such
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" name="myApplication"/></authentication

The Login.aspx page validates a user id and password by reading a database table and, if valid, generates the authentication ticket, creates a cookie, adds the cookie to the response, and redirects the user to the default.aspx
Dim formsAuthentication As New FormsAuthentication(userid, False, 20
Response.Cookies.Add(New HttpCookie (FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(formsAuthenticaitonTicket))
Response.Redirect("Default.aspx", False

The problem is that if a user has successfully logged on, and starts another session for this same application, an authentication ticket and cookie exist, so that the user does not have to log on for the second session (the user wants to log on as a different user). We wish to force a login for each session

Is it possible with forms-based authentication to have multiple logged on sessions (separate authentication tickets)

Thank you in advance for any help.
 
Rob said:
I have an ASP.NET application that uses forms-based authentication. A
Click to expand...
user wishes to be able to run multiple sessions of this application
simultaneously from the user's client machine.
The web.config file is configured as such:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All"
Click to expand...
name="myApplication"/> said:
The Login.aspx page validates a user id and password by reading a database
Click to expand...
table and, if valid, generates the authentication ticket, creates a cookie,
adds the cookie to the response, and redirects the user to the default.aspx
:
Dim formsAuthentication As New FormsAuthentication(userid, False, 20)
Response.Cookies.Add(New HttpCookie (FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(formsAuthenticaitonTicket)))
Response.Redirect("Default.aspx", False)

The problem is that if a user has successfully logged on, and starts
Click to expand...
another session for this same application, an authentication ticket and
cookie exist, so that the user does not have to log on for the second
session (the user wants to log on as a different user). We wish to force a
login for each session.
Is it possible with forms-based authentication to have multiple logged on
Click to expand...
sessions (separate authentication tickets)?
Thank you in advance for any help.
Click to expand...

This is possible, though I thought it wasn't. I just tested it:

1) Logged into a site using Forms Authentication
2) Started a new browser and logged into the same site with a different
username
3) Used the "profile" page of both browsers to confirm I had different user
names

Note that I started a new browser by clicking the Internet icon on my quick
launch bar (WinXP), not by using File->New->Window (Ctrl-N). I think that
the latter will create a new window in the same session.
 
I think IE will do this automatically if you start a new instance (not CTRL-N).

Is there any way to do this in Mozilla (or Firefox)? It seems to be that IE does the right thing
when starting a new instance, however Mozilla it seems like Mozilla always uses a "global" session
cookie.

Scott


Rob said:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to
Click to expand...
run multiple sessions of this application simultaneously from the user's client machine.
The web.config file is configured as such:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All"
Click to expand...
name="myApplication"/> said:
The Login.aspx page validates a user id and password by reading a database table and, if valid,
Click to expand...
generates the authentication ticket, creates a cookie, adds the cookie to the response, and
redirects the user to the default.aspx :
Dim formsAuthentication As New FormsAuthentication(userid, False, 20)
Response.Cookies.Add(New HttpCookie (FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(formsAuthenticaitonTicket)))
Response.Redirect("Default.aspx", False)

The problem is that if a user has successfully logged on, and starts another session for this same
Click to expand...
application, an authentication ticket and cookie exist, so that the user does not have to log on for
the second session (the user wants to log on as a different user). We wish to force a login for
each session.
 
Back
Top