We have a ASP.Net system, when the user logs in he gets a cookie that includes the user name.
This works fine, when there is a single user using the machine.
Where we have problems is when a user is testing the system having many browsers open and logging in with many id's.
In this case all browser instances will be logged in with the last user to log in.
Is there are way to be logged in with different users to different browser instances / tabs.
Yes you can do this as long as each browser is different.
It won't work if you open 4 copies of IE, but it will work if you open one copy of IE, one of Firefox, one of Chrome, one of Safari. Cookies are saved per browser, not per browser window.
Related
Is it possible to clear browsing data, cookies, active logins, etc. behind the scenes(programatically) on chrome custom tabs?
My goal is to have the user be prompted to login every time they open the custom tab (instead of being logged in automatically)
Shared cookie jar and permissions model so users don't have to log in to sites they are already connected to, or re-grant permissions they have already granted.
Chrome Custom Tabs is the Chrome browser (via the Chrome service and custom Intents) and thus the cache, cookies, etc.. are shared (actually the same).
The answer is no, you can not programmatically clear the data of Chrome.
Note: Right now there is no support of creating an Incognito-based Custom Tab
I would issue the user a transient/session cookie so it does not get persisted if you wish to forced a re-login on the start of every new session.
"My goal is to have the user be prompted to login every time they open the custom tab (instead of being logged in automatically)"
As of now July 2020, on appauth's request builder you can use the method setPrompt(AuthorizationRequest.Prompt.LOGIN)
This will prompt the user to login every time.
If this method isn't provided and let's say there is some persistence needed (to log the user in automatically after they have logged in). If the server issues cookies to do this Currently it is a challenge to log the user out using an endpoint
I am Working in asp.net and C# .
I have an application where user logs in to enter the application,if a user opens the application in a browser and logs in,and if user opens the application in some other browser in the same system they should be logged in as well.The same should happen within the same browser in different tabs and also in the different instance of same browser in which user was Previously logged in.please give me Your suggesions.....
You can't share session between multiple browsers.
But session between multiple tabs of a same browser instance is already shared.
The answer is, as stated above, that you can't share Sessions between 2 different browsers as each browser will necessarily start a new session.
If you want a way to allow the user to log in once and stay signed in even if he opens a different browser, then you would have to rely on his IP address since this is the ONLY indicator that the user that logged in Chrome 2 secs ago, may be the same user that's logging in from Firefox now. This is just to give you an example but this is obviously flawed because different users behind the same gateway will all have the same IP.
What you want to do would work only if the application you develop is inside an Intranet and you know for sure that every user will have a unique internal IP address but then the whole point of authenticating users may be achieved through more efficient ways, like Integrated Windows Auth, etc.
You can share session between two browsers ,we have implemented such a project couple of years back .
The technique used was to write a custom browser which instead of storing cookies in local machine stored it in a in a public server
so that when one guy logs in the cookie & other local data associated with the session is shared with the server and thus with all browser instances ,browsers instances cookie is modified to match with the server details ,So it behaves as if the session is shared .
some websites have issue with using different ip that could be solved by using a common proxy server .
but if you can't use custom browsers then it will be difficult but could still try with plugins that follow the above mentioned method
Hope this helps
While a web page -which needs login- is opened in my browser,
if I close browser and re-open, I have to write username password again.
But, sometimes when I close browser and re-open for the same page, it isn't needed username and password again?
Is it about Session, Cookie? If yes, why are there different conditions?
What do you think?
Gokturk
Its depend on which they session state management technique are used. basically there are 3 state management can used in asp.net
Asp.Net state management
i think webpage using Cookies with some Expiry period. if its session then when u close the
browser then session will be cleared. (InProc Mode).
Cookie will expire for mentioned period, if u able to relogin after browser closed then the cookie is checked for your credentials.
for the different condition following the reasons will make point of it
if u cleared your browser data (sessions, cookies, etc)
u may clicked rememberd password, which would stored in Browser cache.
So it definitely seems the web site only allows session-based, non-persistant cookies. My guess (as I've seen this on my system as well), the browser is closed, but the process hasn't died off. When you open a "new" browser, it's picking up the existing process with all of the session information still valid. To confirm this, each you close the browser, check Task Manager to ensure iexplore.exe, chrome.exe or firefox.exe are completely missing before starting a new session.
I have a ASP.NET website.
Here's what happens:
I open the site and log in.
I open another window of the same site in IE.
When I do that, it takes me to the page which is suppose to be shown when session expires.
So, can you please let me know how to ensure that Session ID does not expire when we open the site in another browser window?
Thanks!
The session is not expiring because you've opened a new window; the new window must not have the cookie used to store the session-id. Most of the time, these cookies are transient or "session" based cookies.
Session cookies may or may not be shared between browser windows, depending on the browser and how you open the new window. For ex., in IE 9, a new window launched using Javascript, Ctrl+N, or Ctrl+T will share session cookies. However, a new window launched by going to File / New Session will not share session cookies.
You also wont see cookies shared between different browsers (for ex., IE and Firefox).
To add a somewhat more simple answer to Michael's excellent response - the short answer thus is "You can't directly achieve this".
But what you CAN do is implement tracking within your application so that you are always aware of what a user's last action was, and no matter what session they come in on, forcibly keep them in your designated workflow.
To achieve that, however, you have to basically ignore session variables (which may be a good idea anyway ;)) and the like and implement a framework that constantly tracks a users behavior, current location and any other related information. There's obviously a lot of overhead involved but that's the only way I know of to ensure that a certain user will always end up where you desire them to end up when they log in from different browsers, machines, etc.
I have an issue with sessions. My web site is implementing a logged users console, which register a new user each time it logs in. If I try to open 2 pages within the same web explorer, it fails because the method first ask if the user is already connected for not registering it twice.
This method take as parameter the sessionID, which is provided by .net
My question is: In the same browser (or in the same computer, localhost), the sessionID it's always the same or when is it generated?
By default, new tabs or new windows in a browser will share the same process and therefore the same temporary session cookies for a domain.
To open a new session in IE, choose File > New Session.
SessionID will be the same for the same browser.
On a different browser (or a different computer) you'll get a different SessionID.
Thats kinda how it is all over the internet, not just with asp.net, because of the way Cookies work.
For example you'll notice that you can't log into amazon or ebay using different accounts within the same browser.
SessionId is same per browser. You can check it by logging in to yahoo, the first page will ask for the user name and password, if you open the second page it will directly take you to your email account.
Depends of the browser being used and how it's being used, as stated already the session is shared across the same browser on modern browsers by default. Older browsers such as IE before 8 used to share the session across windows by default as well unless the user opened a new instance of IE outside of the browsers interface (i.e. Start Menu/Shortcut).