By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,963 Members | 1,261 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,963 IT Pros & Developers. It's quick & easy.

Multiple sessions and forms-based authentication

P: n/a
Rob
I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.

The web.config file is configured as such:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All"
name="myApplication"/>
</authentication>

The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthenticationTicket As New
FormsAuthenticationTicket(userid, False, 20)
Response.Cookies.Add(New HttpCookie
(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formsAuthenticationTic ket)))
Response.Redirect("Default.aspx", False)

Also, upon logout the following is executed:
FormsAuthentication.SignOut()

The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentication.SignOut is signing off both
sessions since the authentication ticket is shared.

Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?

Thank you in advance for any help.

Nov 18 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi Rob,

Your question got posted twice and some people have responded to the other
post.

In addition to using your newsgroup reader to find the other posting of
your question, you can also use this URL (you will need to remove the line
breaks):
http://www.google.com/groups?hl=en&l...UTF-8&oe=UTF-8
&selm=072401c3d398%24502f4230%24a501280a%40phx. gbl

If you need further assistance, please post to the other thread.

Thank you, Mike
Microsoft, ASP.NET Support Professional

Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computerís security.

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Rob" <de******@serenitynow.com>
Sender: "Rob" <de******@serenitynow.com>
Subject: Multiple sessions and forms-based authentication
Date: Mon, 5 Jan 2004 07:08:56 -0800
Lines: 42
Message-ID: <00****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcPTndakSlo6YCAlShuLqB8beer4Xg==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199717
NNTP-Posting-Host: tk2msftngxa09.phx.gbl 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.

The web.config file is configured as such:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All"
name="myApplication"/>
</authentication>

The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthenticationTicket As New
FormsAuthenticationTicket(userid, False, 20)
Response.Cookies.Add(New HttpCookie
(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(formsAuthenticationTic ket)))
Response.Redirect("Default.aspx", False)

Also, upon logout the following is executed:
FormsAuthentication.SignOut()

The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentication.SignOut is signing off both
sessions since the authentication ticket is shared.

Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?

Thank you in advance for any help.


Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.