Prevent Multiple User Logging Into The Same Domain Using The Same Browser?
Jul 10, 2010
So its a ASP.NET problem where two users using the same machine, same browser:
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id.
We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
View 3 Replies
Similar Messages:
Jul 12, 2010
Two users using the same machine, same browser.
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id. We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
View 1 Replies
Dec 16, 2010
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
View 2 Replies
Feb 1, 2011
I am using standard ASP.net security and want to how I go about prventing the same user from logging in twice.
If the user is already logged in and they log in again what I want to happen is for them to cancel the previous session and log that session out.
Can this be written into the webconfig file as part of the membership profile? I have tried to find this and it does not seem to be possible.
View 6 Replies
Jul 23, 2010
I am using asp.net membership and the login control. I would like to prevent a user from logging in with the same use rname if they are already logged in. I would like to place code in the LoggingIn or Authenticate event of the login control to check whether the user is login and prevent them from logging in again. Any ideas on the best way to do this?
View 22 Replies
Sep 20, 2010
We use windows authentication. User opens our website in tab1 and does some action but with out clicking on save he opens a new tab tab2 and opens the same website again. Now, if the user session in tab1 is active i need to warn users that the he is already logged on to application in some other browser and go to some log out page. But if the user session in tab1 is timed out then he must be able to continue with the website in tab2 as usual, but if he tries to do anything in tab1 he should go to session expired page.
I tried implementing it in following way.
I have a hidden field in each page which will be set to unique Id using GUID.NewID().
when user requests for a page the following code is executed.
[Code]....
View 1 Replies
Mar 25, 2010
I have ASP.net application that is basically a data entry screen for a physical inspection process. The users want to be able to have multiple browser windows open and enter data from multiple inspections concurrently. At first I was using cookie based sessions, and obviously this blew up.I switched to using cookie-less sessions, which stores the session in the URL and in testing this seemed to resolve the problem. Each browser window/tab had a different session ID, and data entered in one did not clobber data entered in the other.
However my users are more efficient at breaking things than I expected and it seems that they're still managing to get the same session between browsers sometimes. I think that they're copying/pasting the address from one tab to the other in order to open the application, but I haven't been able to verify this yet (they're at another location so I can't easily ask them).Other than telling them don't copy and paste, or convince them to only enter one at a time, how can I prevent this situation from occurring?
View 5 Replies
Mar 5, 2013
How to prevent multiple browser windows opening in asp.net ...
View 1 Replies
Mar 6, 2013
Preventing user to open duplicate web application,while it is running .....
View 1 Replies
Jun 16, 2015
How to prevent multiple user to be logged in at a time using a user id ?
After login in to website, the same user id not login in any other system it gives alert msg User Alrdy Login.. and also i have another query If user do not click logout and directly close browser..
View 1 Replies
Jul 1, 2013
I am build Web site using asp.net 4.0 c# ... There are a forum on my website where user can save his personal details. my problem is that when user submit his detail in database and again refresh URL (f5), event again arise and request go to server, double entry saved in database. How I can handle it.
View 1 Replies
Jun 19, 2010
I want to prevent multiple user login for same user in asp.net.. How can I achieve. Note: I want to control without database concepts
View 2 Replies
Apr 8, 2010
how to prevent multiple user to be logged in at a time using a user id ?
I searched the internet and found some ways but somehow they do not work in these situations:
If javascript in brower is turned off.
If user do not click logout and directly close brower.
View 4 Replies
Jan 26, 2010
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.
I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
Am I missing a trick, is there a better way to prevent the same username logging on from multiple different locations?
View 2 Replies
Jul 17, 2015
I just want to detect who came to login into site and if same login already logged in ,if same login previously exits then we need to logout the previous session , how to do it using asp.net c#
View 1 Replies
Mar 4, 2010
I am using VSTS 2008 + C# + .Net 3.5 + Silverlight 3.0 + ASP.Net to develop a Silverlight application (a video media player) in browser and the function is simple, just use MediaElement to play a remote video file.The remote server is Windows Server 2008 + IIS 7.0 + IIS Media Bit Rate Throttling Control.Since the request media URL can be discovered (e.g. from traffic sniffer), and I want to know how to prevent from download directly from the Url? i.e. I want end user to use my Silverlight media player application in browser to play the file, prevent them from download to local directly. Any easy and quick solution or reference code/documents?
View 5 Replies
Jun 2, 2010
My application is windows authenticated. The application pulls JUST the userName from the current windows account. Then I provide site access to this user depending on his account privileges. If his userName belongs to the admins list he is directed to admin screens. If his username belongs to users list he is directed to users screens. I handle this security in C# and some SQL tables(No membership provider and no Active directory security in the app).
I need to be able to prevent multiple concurrent logins for the same userName.
View 4 Replies
May 7, 2015
I want to implement Login session , in which one user can login from one device only ..and if on other device try to login with same ID the First Device get an Alert..
View 1 Replies
Jul 17, 2010
I am implementing strightforward membership provider. I do not want new users to be able to login without being approved.
I have tried the setting on the registration wizard called DisableCreatedUser="True" and this does not work.
I also set LoginCreatedUser to False, and the user still gets logged in.
If I look in the SQL membership table, 'IsApproved' is set to 0 for the account, but they can still login.
View 9 Replies
Feb 17, 2011
I have also installed SSL on a subdomain. I have put payment page under this sub domain.
View 4 Replies
Nov 18, 2010
I have <script src="bla"></script> that can be loaded in several domains.
I want to know if there is a way to control the domains it will be loaded on.
To clarify: My script is server-side rendered, so basically I can return empty string if the requested domain is invalid.
This is to prevent from other sites embedding my script.
View 3 Replies
Jul 28, 2010
I have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
View 2 Replies
Jul 6, 2010
I'm debugging some unexpected behavior and while tracing in to the .NET framework I see a bunch of stuff like this:
if (Logging.On) {
Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_n_certs_after_filtering, filteredCerts.Count));
...
}
But (as expected by default) the execution steps right over these. Is there some way to turn on the logging? Or is that just something that the framework developers can do while making special builds of the framework?
View 1 Replies
Jan 12, 2011
below written question :
1.) What is the name of the OS process in which App Domain resides.
2.)if suppose There are Three Windows application hosted on a same envoirment and two instance is working for each application at a Time, means now total instance are six .what will happen among the below written cases :
a.) There will be six different app domain in a single OS process
b.) There will three app domain(one for each application) in a single OS process and some Parallel thread will be executed in each app domain for another instance.
c.) There will be Three OS process corresponding to each application.
3.) If eveything will remain same except there are three web application in place of windows in point 2, will there be any change in functioning.
View 1 Replies
Mar 16, 2010
I've set up two ASP.NET applications on a machine, their web.config files contain the same applicationName value in AspNetSqlMembershipProvider item so they share users and roles.
The problem sequence is:
user logs into application A,opens new tab in a browser logs into application B, his login in application A is signed out and vice versa.
Should I use a different approach to sharing login information between two applications?
View 2 Replies