Prevent Multiple User Logging Into The Same Domain Using The Same Browser?
Jul 10, 2010
So its a ASP.NET problem where two users using the same machine, same browser:
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id.
We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
User 1 logs in the domain. User 1 changes some data without saving it. User 2 logs in the domain in a separate tab. User 1 switches back to his tab and saves the data. User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id. We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
I am using asp.net membership and the login control. I would like to prevent a user from logging in with the same use rname if they are already logged in. I would like to place code in the LoggingIn or Authenticate event of the login control to check whether the user is login and prevent them from logging in again. Any ideas on the best way to do this?
We use windows authentication. User opens our website in tab1 and does some action but with out clicking on save he opens a new tab tab2 and opens the same website again. Now, if the user session in tab1 is active i need to warn users that the he is already logged on to application in some other browser and go to some log out page. But if the user session in tab1 is timed out then he must be able to continue with the website in tab2 as usual, but if he tries to do anything in tab1 he should go to session expired page. I tried implementing it in following way.
I have a hidden field in each page which will be set to unique Id using GUID.NewID(). when user requests for a page the following code is executed.
I have ASP.net application that is basically a data entry screen for a physical inspection process. The users want to be able to have multiple browser windows open and enter data from multiple inspections concurrently. At first I was using cookie based sessions, and obviously this blew up.I switched to using cookie-less sessions, which stores the session in the URL and in testing this seemed to resolve the problem. Each browser window/tab had a different session ID, and data entered in one did not clobber data entered in the other.
However my users are more efficient at breaking things than I expected and it seems that they're still managing to get the same session between browsers sometimes. I think that they're copying/pasting the address from one tab to the other in order to open the application, but I haven't been able to verify this yet (they're at another location so I can't easily ask them).Other than telling them don't copy and paste, or convince them to only enter one at a time, how can I prevent this situation from occurring?
How to prevent multiple user to be logged in at a time using a user id ?
After login in to website, the same user id not login in any other system it gives alert msg User Alrdy Login.. and also i have another query If user do not click logout and directly close browser..
I am build Web site using asp.net 4.0 c# ... There are a forum on my website where user can save his personal details. my problem is that when user submit his detail in database and again refresh URL (f5), event again arise and request go to server, double entry saved in database. How I can handle it.
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.
I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
Am I missing a trick, is there a better way to prevent the same username logging on from multiple different locations?
I just want to detect who came to login into site and if same login already logged in ,if same login previously exits then we need to logout the previous session , how to do it using asp.net c#
I am using VSTS 2008 + C# + .Net 3.5 + Silverlight 3.0 + ASP.Net to develop a Silverlight application (a video media player) in browser and the function is simple, just use MediaElement to play a remote video file.The remote server is Windows Server 2008 + IIS 7.0 + IIS Media Bit Rate Throttling Control.Since the request media URL can be discovered (e.g. from traffic sniffer), and I want to know how to prevent from download directly from the Url? i.e. I want end user to use my Silverlight media player application in browser to play the file, prevent them from download to local directly. Any easy and quick solution or reference code/documents?
My application is windows authenticated. The application pulls JUST the userName from the current windows account. Then I provide site access to this user depending on his account privileges. If his userName belongs to the admins list he is directed to admin screens. If his username belongs to users list he is directed to users screens. I handle this security in C# and some SQL tables(No membership provider and no Active directory security in the app).
I need to be able to prevent multiple concurrent logins for the same userName.
I want to implement Login session , in which one user can login from one device only ..and if on other device try to login with same ID the First Device get an Alert..
I have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
I'm debugging some unexpected behavior and while tracing in to the .NET framework I see a bunch of stuff like this:
if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_n_certs_after_filtering, filteredCerts.Count)); ... }
But (as expected by default) the execution steps right over these. Is there some way to turn on the logging? Or is that just something that the framework developers can do while making special builds of the framework?
1.) What is the name of the OS process in which App Domain resides.
2.)if suppose There are Three Windows application hosted on a same envoirment and two instance is working for each application at a Time, means now total instance are six .what will happen among the below written cases :
a.) There will be six different app domain in a single OS process
b.) There will three app domain(one for each application) in a single OS process and some Parallel thread will be executed in each app domain for another instance.
c.) There will be Three OS process corresponding to each application.
3.) If eveything will remain same except there are three web application in place of windows in point 2, will there be any change in functioning.
I've set up two ASP.NET applications on a machine, their web.config files contain the same applicationName value in AspNetSqlMembershipProvider item so they share users and roles.
The problem sequence is:
user logs into application A,opens new tab in a browser logs into application B, his login in application A is signed out and vice versa.
Should I use a different approach to sharing login information between two applications?
