I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.
The web.config file is configured as such:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All"
name="myApplication"/>
</authentication>
The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthenticationTicket As New
FormsAuthenticationTicket(userid, False, 20)
Response.Cookies.Add(New HttpCookie
(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formsAuthenticationTic ket)))
Response.Redirect("Default.aspx", False)
Also, upon logout the following is executed:
FormsAuthentication.SignOut()
The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentication.SignOut is signing off both
sessions since the authentication ticket is shared.
Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?
Thank you in advance for any help.
