Multiple sessions and forms-based authentication

G

Guest

I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine

The web.config file is configured as such
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" name="myApplication"/></authentication

The Login.aspx page validates a user id and password by reading a database table and, if valid, generates the authentication ticket, creates a cookie, adds the cookie to the response, and redirects the user to the default.aspx
Dim formsAuthentication As New FormsAuthentication(userid, False, 20
Response.Cookies.Add(New HttpCookie (FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(formsAuthenticaitonTicket))
Response.Redirect("Default.aspx", False

The problem is that if a user has successfully logged on, and starts another session for this same application, an authentication ticket and cookie exist, so that the user does not have to log on for the second session (the user wants to log on as a different user). We wish to force a login for each session

Is it possible with forms-based authentication to have multiple logged on sessions (separate authentication tickets)

Thank you in advance for any help.
 
J

John Saunders

Rob said:
I have an ASP.NET application that uses forms-based authentication. A
Click to expand...
user wishes to be able to run multiple sessions of this application
simultaneously from the user's client machine.
The web.config file is configured as such:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All"
Click to expand...
name="myApplication"/> said:
The Login.aspx page validates a user id and password by reading a database
Click to expand...
table and, if valid, generates the authentication ticket, creates a cookie,
adds the cookie to the response, and redirects the user to the default.aspx
:
Dim formsAuthentication As New FormsAuthentication(userid, False, 20)
Response.Cookies.Add(New HttpCookie (FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(formsAuthenticaitonTicket)))
Response.Redirect("Default.aspx", False)

The problem is that if a user has successfully logged on, and starts
Click to expand...
another session for this same application, an authentication ticket and
cookie exist, so that the user does not have to log on for the second
session (the user wants to log on as a different user). We wish to force a
login for each session.
Is it possible with forms-based authentication to have multiple logged on
Click to expand...
sessions (separate authentication tickets)?
Thank you in advance for any help.
Click to expand...

This is possible, though I thought it wasn't. I just tested it:

1) Logged into a site using Forms Authentication
2) Started a new browser and logged into the same site with a different
username
3) Used the "profile" page of both browsers to confirm I had different user
names

Note that I started a new browser by clicking the Internet icon on my quick
launch bar (WinXP), not by using File->New->Window (Ctrl-N). I think that
the latter will create a new window in the same session.
 
S

Scott

I think IE will do this automatically if you start a new instance (not CTRL-N).

Is there any way to do this in Mozilla (or Firefox)? It seems to be that IE does the right thing
when starting a new instance, however Mozilla it seems like Mozilla always uses a "global" session
cookie.

Scott


Rob said:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to
Click to expand...
run multiple sessions of this application simultaneously from the user's client machine.
The web.config file is configured as such:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All"
Click to expand...
name="myApplication"/> said:
The Login.aspx page validates a user id and password by reading a database table and, if valid,
Click to expand...
generates the authentication ticket, creates a cookie, adds the cookie to the response, and
redirects the user to the default.aspx :
Dim formsAuthentication As New FormsAuthentication(userid, False, 20)
Response.Cookies.Add(New HttpCookie (FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(formsAuthenticaitonTicket)))
Response.Redirect("Default.aspx", False)

The problem is that if a user has successfully logged on, and starts another session for this same
Click to expand...
application, an authentication ticket and cookie exist, so that the user does not have to log on for
the second session (the user wants to log on as a different user). We wish to force a login for
each session.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Multiple sessions and forms-based authentication 5
Session times out in less time than I set 9
Forms Authentication - how to read timeout? 1
Forms Authentication non-persistent cookie not expiring after closingthe browser 3
Forms authentication cookie handling question (C#) 4
Forms Authentication Redirecting to Login 1
A little problem with Forms authentication :-( 3
not enforcing authentication on some page 2

Top