Hi Rob,
Your question got posted twice and some people have responded to the other
post.
In addition to using your newsgroup reader to find the other posting of
your question, you can also use this URL (you will need to remove the line
breaks):
http://www.google.com/groups?hl=en&l...UTF-8&oe=UTF-8
&selm=072401c3d398%24502f4230%24a501280a%40phx. gbl
If you need further assistance, please post to the other thread.
Thank you, Mike
Microsoft, ASP.NET Support Professional
Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security.
This posting is provided "AS IS", with no warranties, and confers no rights.
--------------------[color=blue]
> Content-Class: urn:content-classes:message
> From: "Rob" <delacruz@serenitynow.com>
> Sender: "Rob" <delacruz@serenitynow.com>
> Subject: Multiple sessions and forms-based authentication
> Date: Mon, 5 Jan 2004 07:08:56 -0800
> Lines: 42
> Message-ID: <000501c3d39d$d6a48be0$a101280a@phx.gbl>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Thread-Index: AcPTndakSlo6YCAlShuLqB8beer4Xg==
> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
> Newsgroups: microsoft.public.dotnet.framework.aspnet
> Path: cpmsftngxa07.phx.gbl
> Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199717
> NNTP-Posting-Host: tk2msftngxa09.phx.gbl 10.40.1.161
> X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
> I have an ASP.NET application that uses forms-based
> authentication. A user wishes to be able to run multiple
> sessions of this application simultaneously from the
> user's client machine.
>
> The web.config file is configured as such:
> <authentication mode="Forms">
> <forms loginUrl="Login.aspx" protection="All"
> name="myApplication"/>
> </authentication>
>
> The Login.aspx page validates a user id and password by
> reading a database table, and if valid, it generates the
> authentication ticket, creates a cookie, adds the cookie
> to the response, and redirects the user to the
> default.aspx :
> Dim formsAuthenticationTicket As New
> FormsAuthenticationTicket(userid, False, 20)
> Response.Cookies.Add(New HttpCookie
> (FormsAuthentication.FormsCookieName,
> FormsAuthentication.Encrypt(formsAuthenticationTic ket)))
> Response.Redirect("Default.aspx", False)
>
> Also, upon logout the following is executed:
> FormsAuthentication.SignOut()
>
> The problem is that if a user has successfully logged on,
> and starts another session for this same application, a
> authentication ticket and cookie exist, so that the user
> does not have to log on for the second session (the user
> wants to log on as a different user). We wish to force a
> login for each session. Also related problem is that if
> a user has 2 sessions running, and logs off one session,
> the FormsAuthentication.SignOut is signing off both
> sessions since the authentication ticket is shared.
>
> Is it possible with forms-based authentication to have
> multiple logged on sessions (separate authentication
> tickets)?
>
> Thank you in advance for any help.
>
>[/color]
