Security :: Maintain Session For Multi User Application?
Oct 25, 2010
I am developing a web application. This application is fully customised based on the user settings. Suppose, application hosted on [URL] and user can signup on the website and it will get the domain like [URL] and for user2 will be [URL] so and so forth. so in this case how would I maintain the session for each user? each user will be representing a single website along with public interface and admin pages.
what I am thinking is to store all the setting (for each user) in the database and then when ever server received request then get the user info from the URL (first time only and after get it from the session) and get user details but I am not very much satisfied with this approach.
View 5 Replies
Similar Messages:
Jan 18, 2011
Our current application is working fine but when you try to misbehave like we found out that When login with same user in multiple tab with different organization(there is a organization dropdown in the master page which sets the cookie whenever it is changed.) in tab one it is org 1 and tab 2 it is org2 , cookie has the later org 2 in it but when we go back in tab1(which had org1) and save the record org 2 will be saved with the record So can some one share some sort of a checklist with us which address these types of problem.
View 3 Replies
Jan 19, 2010
how can i do this? At the moment a user's session is lost whenever they close the browser, but sites like facebook have a 'keep me logged in' option. How does this work exactly and are there any well known ways to do this in .net? i understand part of the way it works is that they store the username in a cookie.
View 4 Replies
Dec 11, 2010
What is the standard way to maintain a stable user session in ASP.NET without worrying about IIS recycles, disconnected users, re-opening browsers and so on. I would like for our users to not have to login except once per month, whatever happens!
Also does it matter if I am using my own login control (not the standard asp.net login control)? If I understand correctly, I think I would need to create an authentication ticket manually.
View 3 Replies
Jul 23, 2010
"Is it possible to have two session modes in a Single Application"?
View 2 Replies
Mar 9, 2010
I am looking at a design pattern which has come up in quite a few of my firm's projects.It has historically functioned correctly, however I have heard some other developers argue that there is a possibility of session corruption using this pattern. I'm looking for insight from other .NET developers here on Stack Overflow. Basically, there's a class -- usually either static or a Singleton pattern, depending largely on the developer who wrote it -- stored in App_Code.This class encapsulates access to the current session via properties.All of these properties take the form of:
[code]...
However,because this is just a static entry to HttpContext.Current.Session,it seems like it should be safe, as it is not fundamentally any different than the Page class encapsulating this in the Session property.As I said,no other site on which my company has worked that used this pattern saw it ever have any issues -- and that includes some pretty large and highly active userbases.But I want to just get a fresh perspective.
Are there potential multi-user issues, race conditions, or other failings/flaws which specifically could cause session corruption in the above pattern?
View 2 Replies
Jan 20, 2011
I need to view users password history in ASP.net application.is there any way to achieve it?
View 3 Replies
Mar 5, 2010
I would like to add this feature to my web application, for the end users to chose the type of the authentication either (windows) or (Forms), and add it in the admin setting. This can be done by changing the authentication type programmatically in the code. how can I do this? Note: The user can use one type at time only.
View 1 Replies
Oct 7, 2010
The above u mention with out session how to maintain the user value in that invitation page?
View 6 Replies
Feb 24, 2010
We are looking to integrate Memcached into our infrastructure, but have a security concern before we do. We run several platforms including ASP.NET and ColdFusion and have many app developers working many little applications across the different platforms. The concern is this: App A places item "dog" into cache.
App B reads item "dog" (or worse: App B updates item "dog")
After this happens, App A either retrieves bad information, or has already had its information viewed, aka "stolen". What we would like to do is make it so that each app can only interact with its own sandbox, and may not interfere with or read other application's data.
View 3 Replies
Apr 19, 2010
in my web application, what i did is when the user login, i check the username and password to the database, if user name and password match then allow to visit next pages and store the user name on Session, now my doubt is more then one user can use the same username and password(if they are friends then they shared their uname and pwd) so, how to avoid multiple use login?
View 2 Replies
Oct 20, 2011
I have text I drop in:
This is My Text
This is Line 2
This is Line 3
I save this into SQL Server, but when I reload it the data comes out as
This is My Text This is Line 2 This is Line 3
How I save it, how I load it, or both?
View 1 Replies
Oct 29, 2010
We have a simple ASP.NET app that uses the ASP.NET SqlMembershipProvider and all is great.
We want to create a second app on the same server, also use the SqlMembershipProvider, but a different "applicationName" so that the user accounts between the two apps are kept separate.
It looks like this would be possible by making the two different app domains (ie they each have their own web.config), but I'm hoping to just put them in different directories so I don't have 3 web.configs (one for each app, and the main one) that all have to be kept synchronized. So what I'm after is:
/web.config
/APP1 (uses membership provider in /web.config, with userlist A)
/APP2 (uses membership provider in /web.config, with userlist B)
It looks simple to define multiple membership providers that use a different 'applicationName' value.
But how do you tell the system.web.authentication node which membership provider to use?
View 2 Replies
Jun 9, 2010
im creating a multi step create user wizard for new members but I run into a problem. If the create of an account is in step 3 how do I capture the values from step 1 and 2. Should I try to pass the values to sessions or is there some other code. Here is some codebehind I tried so far (did not work).
[Code]....
[Code]....
View 1 Replies
Jan 30, 2010
I have two .NET applications X and Y
a. I want to have User A as a common user for both application X and Y.
b. User A can have different roles on X and Y. Eg. Read permission on Y and Write Permission on Y.
How do i configure ASP.NET membership to achieve about functionality.
View 3 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Mar 4, 2010
Hacker's attack the session ID in asp.net application. How can we protect the session identifier from hackers.
View 1 Replies
Oct 26, 2010
I need to maintaing the Session throughout the day? On or before session expires, how do I enforce session throughout the day without giving any session timeout either in IIS or web.config?Note: Default Session Timeout in IIS - 20 minutes.
View 6 Replies
Jul 2, 2010
My 3.5 app uses Forms Authentication. I create an authentication cookie (ticket) with an expiration date of one day. The cookie's IsPersistent is set to True. I do not use any session variables. Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the session and the cookie were independent of each other.
View 3 Replies
Feb 7, 2011
What would be good/scalable user session alternative in following scenario:
users don't have to have cookies enabled URL query string restriction of 255 characters is imposed lot of GET requests (no hidden form fields)application runs on serveral servers (web farm) some users connect over proxy (same IP) users connect over HTTPS 50 000 concurrent users
View 5 Replies
Mar 1, 2011
I have an asp.net application with c# language. I have a common class which maintain the constants and static variables and fields. I also have a login page. If the user logs in successful I set IsLoggedInSuccessfull as a static boolean variable in common class.
My question is: Will this only work for a specific user session or for overall application ?
Edited:
Based on some answers I got another question here.
let say i am using the Static method as Authenticate(User objUser). intention is to call this method when user clicked log in button. where on login button I am let say prepare the User object with certain parameters required for login, then passing to this method. what would be the impact there? let say I have single server for now (no server farm or garden). then there will be the single application level method to authenticate the user, right? and say 10000 user are going to logging in to this site/application then how authenticate() method comes in behaves ? will CLR automatically manage threading there ?
View 5 Replies
Apr 12, 2010
Once user enter credentials i want his name to be appear on top.User should be maintained through out the pages of website until he choose to sign out.And also diff users will have diff access to some parts of website, like only manager can delete the content.
View 1 Replies
May 12, 2010
My web application uses forms authentication. One of my users who uses IE8 says that she always stays logged into the website on her computer. This is even after she closes the browser window and restarts the computer. This only happens on her computer, if she switches computers the same thing won't happen.
I'm baffled by this. Is there a setting in IE that could save her login information and automatically sign her in every time she accesses the website? Is there anything else to look into?
View 5 Replies
May 15, 2010
I'd like to maintain a session state per browser tab.
Is this easy (or even possible) to do in ASP.NET?
Example: A user hits Ctrl-T in firefox 5 times and visits the site in each tab. I'd like each tab to have its own session state on the server
View 2 Replies
Jul 9, 2010
I have two identical applications setup on IIS on different virtual directories (I have done some workaround to ensure that they both have the same application name). Is there a way to share session id across two asp.net web applications?
Since I'm storing the session in StateServer, they should both be getting the same session data, however, a different session id is created everytime I go from application a to applicatino b. Wouldn't this happen in a load balancing scenario as well? Where when I go to www.test.com, it would redirect that request to server a, and then if I hit it again, it would go to server b, but since it's a different web application, it would create a new session id?
View 3 Replies
