I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.
The web.config file is configured as such:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All"
name="myApplication"/>
</authentication>
The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthenticationTicket As New
FormsAuthenticationTicket(userid, False, 20)
Response.Cookies.Add(New HttpCookie
(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formsAuthenticationTic ket)))
Response.Redirect("Default.aspx", False)
Also, upon logout the following is executed:
FormsAuthentication.SignOut()
The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentication.SignOut is signing off both
sessions since the authentication ticket is shared.
Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?
Thank you in advance for any help. 1 3465
Hi Rob,
Your question got posted twice and some people have responded to the other
post.
In addition to using your newsgroup reader to find the other posting of
your question, you can also use this URL (you will need to remove the line
breaks): http://www.google.com/groups?hl=en&l...UTF-8&oe=UTF-8
&selm=072401c3d398%24502f4230%24a501280a%40phx. gbl
If you need further assistance, please post to the other thread.
Thank you, Mike
Microsoft, ASP.NET Support Professional
Microsoft highly recommends to all of our customers that they visit the http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security.
This posting is provided "AS IS", with no warranties, and confers no rights.
-------------------- Content-Class: urn:content-classes:message From: "Rob" <de******@serenitynow.com> Sender: "Rob" <de******@serenitynow.com> Subject: Multiple sessions and forms-based authentication Date: Mon, 5 Jan 2004 07:08:56 -0800 Lines: 42 Message-ID: <00****************************@phx.gbl> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Newsreader: Microsoft CDO for Windows 2000 Thread-Index: AcPTndakSlo6YCAlShuLqB8beer4Xg== X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Newsgroups: microsoft.public.dotnet.framework.aspnet Path: cpmsftngxa07.phx.gbl Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199717 NNTP-Posting-Host: tk2msftngxa09.phx.gbl 10.40.1.161 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine.
The web.config file is configured as such: <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" name="myApplication"/> </authentication>
The Login.aspx page validates a user id and password by reading a database table, and if valid, it generates the authentication ticket, creates a cookie, adds the cookie to the response, and redirects the user to the default.aspx : Dim formsAuthenticationTicket As New FormsAuthenticationTicket(userid, False, 20) Response.Cookies.Add(New HttpCookie (FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(formsAuthenticationTic ket))) Response.Redirect("Default.aspx", False)
Also, upon logout the following is executed: FormsAuthentication.SignOut()
The problem is that if a user has successfully logged on, and starts another session for this same application, a authentication ticket and cookie exist, so that the user does not have to log on for the second session (the user wants to log on as a different user). We wish to force a login for each session. Also related problem is that if a user has 2 sessions running, and logs off one session, the FormsAuthentication.SignOut is signing off both sessions since the authentication ticket is shared.
Is it possible with forms-based authentication to have multiple logged on sessions (separate authentication tickets)?
Thank you in advance for any help.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: jing_li |
last post by:
Hi, you all,
I am a newbee for php and I need your help. One of my coworker and I
are both developing a webpage for our project using php. We have a
copy of the same files in different location...
|
by: john |
last post by:
How do u guys handle multiple sessions??
i.e, opening different browser windows by running
iexplore.exe or clicking IE icons and opening the application. My
sessions are mixing up.
what i mean is...
|
by: Quinonez |
last post by:
here is the set up.
7 page form all get set to sessions
8th page sessions are called and results displayed for user to see
this is the php script for page 8
<?
ksort($_SESSION);
foreach...
|
by: yoelgold |
last post by:
Hi
I want to start writing a new site. It will include 3 forms that will
collect information from the user. I know how to keep the info in
sessions etc. my question is about the design of the...
|
by: noah |
last post by:
Does PHP have a feature to associate Cookie sessions with a persistent
database connection that will allow a single transaction across
multiple HTTP requests?
Here is how I imagine my process: I...
|
by: Ohaya |
last post by:
Hi,
I'm trying to understand a situation where ASP seems to be "blocking" of
"queuing" requests. This is on a Win2K Advanced Server, with IIS5.
I've seen some posts (e.g.,...
|
by: RonNanko |
last post by:
Hi,
let me first explain what my problem is all about: I have a third-party
application, which does not allow multiple instances of itself. As I
need to run the application in multiple instances...
|
by: Gleep |
last post by:
I've searched google intensely on this topic and it seems noone really knows how to approch this.
The goal I don't want clients to give out their usernames and passwords to friends, since the site...
|
by: Atli |
last post by:
Introduction:
Sessions are one of the simplest and more powerful tools in a web developers arsenal. This tool is invaluable in dynamic web page development and it is one of those things every...
|
by: Bluejay906 |
last post by:
This is another one of the endless oddities about this Access application that I have inherited. This one has me stumped. The users found that if they have two sessions of the application running,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |