473,840 Members | 1,465 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Multiple sessions and forms-based authentication

Rob
I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.

The web.config file is configured as such:
<authenticati on mode="Forms">
<forms loginUrl="Login .aspx" protection="All "
name="myApplica tion"/>
</authentication>

The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthentica tionTicket As New
FormsAuthentica tionTicket(user id, False, 20)
Response.Cookie s.Add(New HttpCookie
(FormsAuthentic ation.FormsCook ieName,
FormsAuthentica tion.Encrypt(fo rmsAuthenticati onTicket)))
Response.Redire ct("Default.asp x", False)

Also, upon logout the following is executed:
FormsAuthentica tion.SignOut()

The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentica tion.SignOut is signing off both
sessions since the authentication ticket is shared.

Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?

Thank you in advance for any help.

Nov 18 '05 #1
1 3520
Hi Rob,

Your question got posted twice and some people have responded to the other
post.

In addition to using your newsgroup reader to find the other posting of
your question, you can also use this URL (you will need to remove the line
breaks):
http://www.google.com/groups?hl=en&l...UTF-8&oe=UTF-8
&selm=072401c3d 398%24502f4230% 24a501280a%40ph x.gbl

If you need further assistance, please post to the other thread.

Thank you, Mike
Microsoft, ASP.NET Support Professional

Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security.

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Rob" <de******@seren itynow.com>
Sender: "Rob" <de******@seren itynow.com>
Subject: Multiple sessions and forms-based authentication
Date: Mon, 5 Jan 2004 07:08:56 -0800
Lines: 42
Message-ID: <00************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcPTndakSlo6YCA lShuLqB8beer4Xg ==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
Path: cpmsftngxa07.ph x.gbl
Xref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:1997 17
NNTP-Posting-Host: tk2msftngxa09.p hx.gbl 10.40.1.161
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet

I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.

The web.config file is configured as such:
<authenticati on mode="Forms">
<forms loginUrl="Login .aspx" protection="All "
name="myApplica tion"/>
</authentication>

The Login.aspx page validates a user id and password by
reading a database table, and if valid, it generates the
authentication ticket, creates a cookie, adds the cookie
to the response, and redirects the user to the
default.aspx :
Dim formsAuthentica tionTicket As New
FormsAuthentica tionTicket(user id, False, 20)
Response.Cookie s.Add(New HttpCookie
(FormsAuthentic ation.FormsCook ieName,
FormsAuthentica tion.Encrypt(fo rmsAuthenticati onTicket)))
Response.Redire ct("Default.asp x", False)

Also, upon logout the following is executed:
FormsAuthentica tion.SignOut()

The problem is that if a user has successfully logged on,
and starts another session for this same application, a
authentication ticket and cookie exist, so that the user
does not have to log on for the second session (the user
wants to log on as a different user). We wish to force a
login for each session. Also related problem is that if
a user has 2 sessions running, and logs off one session,
the FormsAuthentica tion.SignOut is signing off both
sessions since the authentication ticket is shared.

Is it possible with forms-based authentication to have
multiple logged on sessions (separate authentication
tickets)?

Thank you in advance for any help.


Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

13
12056
by: jing_li | last post by:
Hi, you all, I am a newbee for php and I need your help. One of my coworker and I are both developing a webpage for our project using php. We have a copy of the same files in different location on the server (in our own accounts on the same machine). When I am testing both versions of our program using the same browser (IE on Windows or Konqueror on Linux) the session variables will mix up and only the latest selection or options will...
4
31203
by: john | last post by:
How do u guys handle multiple sessions?? i.e, opening different browser windows by running iexplore.exe or clicking IE icons and opening the application. My sessions are mixing up. what i mean is suppose i log in my site using username "test". At this time I set $_SESSION="test". And I use $_SESSION inside my application to print the username. Now if I open another browser & log in with "another test" the session
7
2452
by: Quinonez | last post by:
here is the set up. 7 page form all get set to sessions 8th page sessions are called and results displayed for user to see this is the php script for page 8 <? ksort($_SESSION); foreach ($_SESSION as $page=>$_POST) { echo "<div class=\"h3\">$page</div><br>"; foreach ($_POST as $field=>$value)
2
1884
by: yoelgold | last post by:
Hi I want to start writing a new site. It will include 3 forms that will collect information from the user. I know how to keep the info in sessions etc. my question is about the design of the server side php files. I don't want to design all three forms in one big file, id rather have a separate php file for each form. Say I have a file form1.php which creates the initial form, should I say (form1 action="form1.php") and have the form...
16
7530
by: noah | last post by:
Does PHP have a feature to associate Cookie sessions with a persistent database connection that will allow a single transaction across multiple HTTP requests? Here is how I imagine my process: I have an series of interactive HTML forms. The user begins a Cookie session. A database connection is opened and a transaction is begun. After the user goes through any number of pages where they update the database they finish on a page where...
11
4984
by: Ohaya | last post by:
Hi, I'm trying to understand a situation where ASP seems to be "blocking" of "queuing" requests. This is on a Win2K Advanced Server, with IIS5. I've seen some posts (e.g., http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=Tidy7IDbDHA.2108%40cpmsftngxa06.phx.gbl) that indicate that ASP will queue up requests when they come in with the same "session".
0
2100
by: RonNanko | last post by:
Hi, let me first explain what my problem is all about: I have a third-party application, which does not allow multiple instances of itself. As I need to run the application in multiple instances (it is processing data, a job which can be neatly parallelized) I have created five user accounts on my XP Home system, log in as every one of these users and launch the application in each session, which works fine. (BTW: is the number of users...
18
3404
by: Gleep | last post by:
I've searched google intensely on this topic and it seems noone really knows how to approch this. The goal I don't want clients to give out their usernames and passwords to friends, since the site relies on subscrption fees. Sessions ID's are matched between the browser and the server. So a users can login with same username and password and those sessions are tracked individually. Some suggest create table fields with the session ID...
3
28342
Atli
by: Atli | last post by:
Introduction: Sessions are one of the simplest and more powerful tools in a web developers arsenal. This tool is invaluable in dynamic web page development and it is one of those things every developer needs to know how to use. This article explains the basics of PHP Sessions. Assumptions: Basic PHP knowledge is required (variables, arrays and such) HTML Forms. What are Sessions? Sessions are a way of storing data. When developing...
1
1669
by: Bluejay906 | last post by:
This is another one of the endless oddities about this Access application that I have inherited. This one has me stumped. The users found that if they have two sessions of the application running, both on forms that have a data backend (i.e. that is getting data from a table or a query), the forms update faster than if they have only one session open. I have seen it several times now over a couple of days. At first, I thought that the users...
0
10914
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
10656
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10299
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9434
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7022
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5684
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5872
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4495
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4071
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.