473,397 Members | 2,084 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,397 software developers and data experts.

Multiple sessions and forms-based authentication

Rob
I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.

The web.config file is configured as such:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All"
name="myApplication"/>
</authentication>

The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthenticationTicket As New
FormsAuthenticationTicket(userid, False, 20)
Response.Cookies.Add(New HttpCookie
(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formsAuthenticationTic ket)))
Response.Redirect("Default.aspx", False)

Also, upon logout the following is executed:
FormsAuthentication.SignOut()

The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentication.SignOut is signing off both
sessions since the authentication ticket is shared.

Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?

Thank you in advance for any help.

Nov 18 '05 #1
1 3464
Hi Rob,

Your question got posted twice and some people have responded to the other
post.

In addition to using your newsgroup reader to find the other posting of
your question, you can also use this URL (you will need to remove the line
breaks):
http://www.google.com/groups?hl=en&l...UTF-8&oe=UTF-8
&selm=072401c3d398%24502f4230%24a501280a%40phx. gbl

If you need further assistance, please post to the other thread.

Thank you, Mike
Microsoft, ASP.NET Support Professional

Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computerís security.

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Rob" <de******@serenitynow.com>
Sender: "Rob" <de******@serenitynow.com>
Subject: Multiple sessions and forms-based authentication
Date: Mon, 5 Jan 2004 07:08:56 -0800
Lines: 42
Message-ID: <00****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcPTndakSlo6YCAlShuLqB8beer4Xg==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199717
NNTP-Posting-Host: tk2msftngxa09.phx.gbl 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.

The web.config file is configured as such:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All"
name="myApplication"/>
</authentication>

The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthenticationTicket As New
FormsAuthenticationTicket(userid, False, 20)
Response.Cookies.Add(New HttpCookie
(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formsAuthenticationTic ket)))
Response.Redirect("Default.aspx", False)

Also, upon logout the following is executed:
FormsAuthentication.SignOut()

The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentication.SignOut is signing off both
sessions since the authentication ticket is shared.

Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?

Thank you in advance for any help.


Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

13
by: jing_li | last post by:
Hi, you all, I am a newbee for php and I need your help. One of my coworker and I are both developing a webpage for our project using php. We have a copy of the same files in different location...
4
by: john | last post by:
How do u guys handle multiple sessions?? i.e, opening different browser windows by running iexplore.exe or clicking IE icons and opening the application. My sessions are mixing up. what i mean is...
7
by: Quinonez | last post by:
here is the set up. 7 page form all get set to sessions 8th page sessions are called and results displayed for user to see this is the php script for page 8 <? ksort($_SESSION); foreach...
2
by: yoelgold | last post by:
Hi I want to start writing a new site. It will include 3 forms that will collect information from the user. I know how to keep the info in sessions etc. my question is about the design of the...
16
by: noah | last post by:
Does PHP have a feature to associate Cookie sessions with a persistent database connection that will allow a single transaction across multiple HTTP requests? Here is how I imagine my process: I...
11
by: Ohaya | last post by:
Hi, I'm trying to understand a situation where ASP seems to be "blocking" of "queuing" requests. This is on a Win2K Advanced Server, with IIS5. I've seen some posts (e.g.,...
0
by: RonNanko | last post by:
Hi, let me first explain what my problem is all about: I have a third-party application, which does not allow multiple instances of itself. As I need to run the application in multiple instances...
18
by: Gleep | last post by:
I've searched google intensely on this topic and it seems noone really knows how to approch this. The goal I don't want clients to give out their usernames and passwords to friends, since the site...
3
Atli
by: Atli | last post by:
Introduction: Sessions are one of the simplest and more powerful tools in a web developers arsenal. This tool is invaluable in dynamic web page development and it is one of those things every...
1
by: Bluejay906 | last post by:
This is another one of the endless oddities about this Access application that I have inherited. This one has me stumped. The users found that if they have two sessions of the application running,...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
0
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.