Reputation: 335
Session per tab with asp.net mvc and Identity
How can I sign in with a different account per tab in asp.net mvc 5 and Identity?
Is there a configuration that doesn't use cookies?
This is my configuration code:
' Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, .LoginPath = New PathString("/Account/Login") _
})
' Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)
Upvotes: 2
Views: 2068
Answers (1)
Reputation: 239290
This is not possible. The web is stateless: each request is a unique snowflake, unaffected by any other request made before or after. However, since logically some sort of state needs to exist for things like authentication, sessions were created to basically fake a sense of state.
To work, sessions have a server-side and client-side component. On the server, some persistence layer is employed to store user-related data tied to a token that uniquely identifies the particular session. On the client, a cookie is set with that token. When the client makes another request, all the cookies that belong to the particular domain in play are sent along with the request back to the server, which includes the cookie with the session token if one exists. Once the server sees this cookie in the request, it uses the token to look up the session from the persistence layer and restore the state the user had during the previous request.
The point is that this process is dumb. The client blindly sends any cookies the server sets back to the server with each request. And, if the server gets a cookie with a session token it recognizes, it blindly restores the state. There's no consideration for how many tabs are in play or even what the content of the cookie is (the client doesn't know and doesn't care that the cookie is being used to manage a session, authentication, etc.).
Long and short, there's nothing you can do to force a session per tab or window. On the client-side, you can open a different browser (which would not have the cookie holding the session token) or use something like Chrome's incognito mode (which creates a sandboxed browsing experience without any previously set cookies). However, those are choices the user makes, not the website.
Upvotes: 6
Related Questions
- Different ASP.NET Session for each browser tab
- Multiple browser tabs with different sessions mvc
- How to do session management in aspnet identity?
- User is Active in other tab even after logout Asp.net Identity
- Unique session in multiple browser tabs in ASP.NET MVC
- Assign Session Variable during login in MVC
- how to have different Sessions for each tab on IE8
- New session per browser tab/window in ASP.NET MVC 3 app
- How to manage one Session Per Tab?
- How in ASP.NET, do you deal with session and multiple tabs?