Two user sessions

  • Thread starter Thread starter Andy
  • Start date Start date
A

Andy

I have an admin section of my asp.net 2 application, and I want to be
able to automatically login as a different user (Forms Authentication)
whilst keeping my current session going too. The problem is that if I
open a new browser window (via a hyperlink using target="_blank")
from my app and automatically login, the original session is also
reset to the new one (ie all session variables that store info about
the user are set to the new user). The url of my hyperlink to the new
browser is a full, absolute URL.

If however, I launch a new browser window via the IE shortcut, I can
have two simultaneous sessions going fine.

Does anyone have any ideas how I can solve this?

Thanks, Andy
 
I have an admin section of my asp.net 2 application, and I want to be
able to automatically login as a different user (Forms Authentication)
whilst keeping my current session going too. The problem is that if I
open a new browser window (via a hyperlink using target="_blank")
from my app and automatically login, the original session is also
reset to the new one (ie all session variables that store info about
the user are set to the new user). The url of my hyperlink to the new
browser is a full, absolute URL.

If however, I launch a new browser window via the IE shortcut, I can
have two simultaneous sessions going fine.

Does anyone have any ideas how I can solve this?

Thanks, Andy
Click to expand...

I don't think you can do it. If you open a new IE window from with IE
(Menu: File | New Window, or javascript window.open, or target=_blank),
then that new window shares it's cookies (and thus it's session) with the
original window.
Only when you start a new IE instance will you get a separate cookiecontainer.
The fact that you use a "complete url" has nothing to do with this.

Maybe you can use different URLs as in 'admin.company.com' vs
'www.company.com', as cookies depend on the hostname.

Hans Kestin
 
Everybody who uses session variables has to deal with this, since sessions
are also shared between tabs in IE7, so if a user opens an application in a
new tab it will share the session with the same application in the first
tab.

What I do is generate a random number which I call the instanceID whenever
the first page in the application is opened. Then I pass the instanceID in
the querystring everytime I open a new page. Each page checks for the
instanceID in the querystring - if there is no instanceID in the
querystring, it gets bounced to the first page, which generates an
instanceID. This would happen if somebody opens the app in a new tab, or
uses Ctrl-N to open a new browser in the same session.

Then I have a class to store my session variables in, which has properties
setting or returning the values of requested variables. The first page in
the app creates an instance of the class as a session object variable,
naming the object variable something like "sessVAR_12345", where 12345 is
the instanceID. Then whenever I need to get or set the value of a session
variable, I retreive it from the appropriate class instance. When a page
gets the instanceID from the querystring, it concatenates it with "sessVAR_"
to get the name of the appropriate session variable representing the session
variable container class.

Once I got it set up, this runs smoothly, but I have read that storing class
instances in session variables uses inordinate amounts of memory on the
server, so if anybody has a better way of managing session variables I would
be glad to hear about it.

Bill
 
this can be done with cookieless sessions, but not with cookie based
sessions. this is because opening a new browser window from a link or
javascript shares the same cookies as the opener.

with cookieless session, just don't include the sessionid in the link url.

-- bruce (sqlwork.com)
 
Thanks for your replies, I think as Hans suggested, I'll set up a sub
domain pointing to the same web application. Andy
 
Back
Top