Reputation: 131
prevent Shared session with multiple browser windows
I am developing asp.net application. When I debug my web application on local host, it takes two different session id for two different browser windows. But when I publish it on server and open application on my computer session is shared with all browser windows. I want two different users to login in two different browser. Is it possible? If not than what is the reason it is taking two different sessions for my local host and one when I publish it on server
Many Thanks,
Ni
Upvotes: 3
Views: 5912
Answers (2)
Reputation: 13
Interesting problem. I have an ASP.NET application. To enable multiple sessions in different windows, I use different collections stored in session variables labeled by an applicaition generated session number to hold the context of each window. A bit of code, but it works.
Upvotes: 0
Reputation:
That's by design, and there's nothing you can do about it. You cannot login to the same site with two different accounts at the same time, regardless if you're using 2 windows or 2 tabs in the same window (assuming same browser type/vendor).
You would have to develop the site specifically to support managing more than one different accounts at the same time (Google does it, but with limitations). The way I see that done is by defining a record for the USER and separate records for ACCOUNTS that belong to that user. Then you can have the user login, and ASK them - per page - which account they want to manage, maintain that state - per PAGE - and have some kind of account-switch mechanism (e.g. dropdown) so that they can switch accounts. Again, this would be per page, involving viewstate (or similar mechanism), and session would still be shared.
Another way to make this possible is to have some kind of account identifier in URL; e.g.
http://mysite.com/account-1234/default.aspx
http://mysite.com/account-5678/default.aspx
This would allow a single user to manage multiple accounts. If you would want to maintain separate logins, you would have to authorize based on the account-id part in URL, and you would have to maintain separate auth cookies (with different cookie names; e.g. "auth-1243" and "auth-5678") - which means you'd have to do some work at auth level. And, again, the session would be shared, so you wouldn't be able to store a single account-specific data in it (it would have to be in "account" collection, retrieved based on the id from the cookie). The URL requested would always have to match the cookie, or you would probably use cookie-path to create that restriction.
I personally like the second option, and I think it's doable; only I would probably use URL-ENCODED email address in the URL, as that's easier to remember (even though longer), or username (if you manage those on your site, since those would be unique). +1
Upvotes: 3
Related Questions
- Different ASP.NET Session for each browser tab
- Way around ASP.NET session being shared across multiple tab windows
- sharing session between different browsers
- How to prevent sharing user defined session in multiple tabs?
- How to prevent multiple browser windows from sharing the same session in asp.net
- Separate sessions once opening the same web page on two different tabs of the same browser Asp.net C#
- How to prevent user to login from multiple location or from different browser in same pc
- how to maintain session for 2 different browsers?
- How to avoid the session sharing between the tabs in IE8
- Server session handle in multiple browsers in asp.net?