i have an application which sets a cookie upon authentication, there is a web browser control within this application to navigate a web application which uses this cookie for authentication.
The problem is, if we have the option 'Delete browsing history on exit' along with cookies checked, then when the last instance of IE is closed, the cookie that is being used by my Web browser control is also deleted, inspite of my web browser control being open.
Any suggestions ?
Unfortunately the cookie store is commonly used by IE and the embedded WebBrowser control. If by any means you delete the IE cookies, the ActiveX's cookies will be deleted as well.
Related
I have a problem with this scenario using FormsAuthentication
I access a website with my login and my password, the system make login using FormsAuthentication. After that I copy the cookies from browser.
I paste the cookies in the other browser and click F5, The system authenticate the user and access, after that I make a logout.
I turn back to the first browser and click F5 and the user remains in the system ignoring the logout in the other browser....
how do I solve this problem?
each browser uses its own cookies to check user status. then logging out of website in one browser doesn't affect your status in others.
so the only way left is to avoid logging in users from different browsers at the same time.
Only one concurrent login per user in Asp.net
http://teknohippy.net/2008/08/21/stopping-aspnet-concurrent-logins/
I want to set a domain-specific cookies for FireFox and Chrome, something equivalent to InternetSetCookie() API, which takes a URL and a cookie name and value and sets it for all browsers. I have already checked that InternetSetCookie() only works for IE. I'm using C# + .NET 4.0 (desktop app) if that is important.
(just to add some clarification, this is kind of a password manager app that stores user's login/password info for his favorite websites and upon clicking a button in the app, it launches user's default browser, goes to login page of that website, submits username/password in POST fields and simply takes user to his home page. Some of these websites send cookies in response to the login page request that I then need to set before making the subsequent login request).
I am developing and intranet web application. In Global.asax file's session_start event I get the domain identity using user.idenity and put it into session value. Now I have a master page where I am accession that session value to show the user name.
I am using windows authentication and identity impersonation true. But after publishing it the user name who first logins in the system gets displayed to everyone.
I am not able to find out the cause. Please suggest.
It's hard to determine the problem without some sample code, but I can guess what's happening.
Are you understanding that opening a new Web browser tab, or just opening the same URL in the same tab may start a new session?
Session state is persisted as a cookie in the client-side (Web browser) and any tab or window within the same browser session (that would end if you close and re-open the browser) shares it. In other words: all tabs or same browser session windows will share the same session state in the server-side.
Our web app currently under development has authentication on all the pages.
We can deny a user access to any particular page but have found that if a user had previously opened the page that they can still access the page via the url. [Even if they log out and log in]
Assuming that the page is coming from client cache [Ctrl F5 in IE kicks in the proper authentication behavior or clearing the client cache]
A lot depends on how we have implemented the authentication but a quick fix on our side would be from within the admin section where we deny access to certain pages that we expire client cache for that page.
Is there a way to do this programmatically.
This would mean that client caching would continue to work as normal for all other users that still had access to the page in question.
You can add this line to your Page base class or any where in a specific page you want to disable caching on.
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Say I have a webbrowsercontrol inside a windows form, and the user logs in to a secure site from the form. If the user were to open IE separately, it would also show them logged in. Is it possible to isolate the windows form's IE instance?
The WebBrowser control is built on top of the WebBrowser ActiveX, which lies on top of the WinInet. So you should be able to affect its behavior through the WinInet API.
You can try calling InternetSetOption WinInet API to set the INTERNET_OPTION_END_BROWSER_SESSION option to end the current session and start new one. To ensure that the call will affect only the current process, use the INTERNET_HANDLE_TYPE_INTERNET handle.
you don't mention your version; the behavior changed from IE7 to IE8.
In IE7 and IE6, you can open multiple windows and authenticate with different userids on one site.
In IE8, your session state is shared across browser sessions.
You can open IE with privacy mode on; this should allow the session to be sandboxed.
IE8 has the command line switch -nomerge, which starts the browser with a new session
When you log into a site, you generally get a cookie passed to your from the server that marks you as "logged in" (VERY oversimplified....). My guess would be to delete the cookies. See here:
How to delete Cookies from windows.form?