Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Two user sessions

Reply
Thread Tools

Two user sessions

 
 
Andy
Guest
Posts: n/a
 
      08-30-2007
I have an admin section of my asp.net 2 application, and I want to be
able to automatically login as a different user (Forms Authentication)
whilst keeping my current session going too. The problem is that if I
open a new browser window (via a hyperlink using target="_blank")
from my app and automatically login, the original session is also
reset to the new one (ie all session variables that store info about
the user are set to the new user). The url of my hyperlink to the new
browser is a full, absolute URL.

If however, I launch a new browser window via the IE shortcut, I can
have two simultaneous sessions going fine.

Does anyone have any ideas how I can solve this?

Thanks, Andy

 
Reply With Quote
 
 
 
 
Steve
Guest
Posts: n/a
 
      08-30-2007
Have you tried using target="new"?


Steve C.
MCSD,MCAD,MCSE,MCP+I,CNE,CNA,CCNA


Andy wrote:
> I have an admin section of my asp.net 2 application, and I want to be
> able to automatically login as a different user (Forms Authentication)
> whilst keeping my current session going too. The problem is that if I
> open a new browser window (via a hyperlink using target="_blank")
> from my app and automatically login, the original session is also
> reset to the new one (ie all session variables that store info about
> the user are set to the new user). The url of my hyperlink to the new
> browser is a full, absolute URL.
>
> If however, I launch a new browser window via the IE shortcut, I can
> have two simultaneous sessions going fine.
>
> Does anyone have any ideas how I can solve this?
>
> Thanks, Andy
>

 
Reply With Quote
 
 
 
 
Hans Kesting
Guest
Posts: n/a
 
      08-30-2007
> I have an admin section of my asp.net 2 application, and I want to be
> able to automatically login as a different user (Forms Authentication)
> whilst keeping my current session going too. The problem is that if I
> open a new browser window (via a hyperlink using target="_blank")
> from my app and automatically login, the original session is also
> reset to the new one (ie all session variables that store info about
> the user are set to the new user). The url of my hyperlink to the new
> browser is a full, absolute URL.
>
> If however, I launch a new browser window via the IE shortcut, I can
> have two simultaneous sessions going fine.
>
> Does anyone have any ideas how I can solve this?
>
> Thanks, Andy
>


I don't think you can do it. If you open a new IE window from with IE
(Menu: File | New Window, or javascript window.open, or target=_blank),
then that new window shares it's cookies (and thus it's session) with the
original window.
Only when you start a new IE instance will you get a separate cookiecontainer.
The fact that you use a "complete url" has nothing to do with this.

Maybe you can use different URLs as in 'admin.company.com' vs
'www.company.com', as cookies depend on the hostname.

Hans Kestin


 
Reply With Quote
 
BillE
Guest
Posts: n/a
 
      08-30-2007
Everybody who uses session variables has to deal with this, since sessions
are also shared between tabs in IE7, so if a user opens an application in a
new tab it will share the session with the same application in the first
tab.

What I do is generate a random number which I call the instanceID whenever
the first page in the application is opened. Then I pass the instanceID in
the querystring everytime I open a new page. Each page checks for the
instanceID in the querystring - if there is no instanceID in the
querystring, it gets bounced to the first page, which generates an
instanceID. This would happen if somebody opens the app in a new tab, or
uses Ctrl-N to open a new browser in the same session.

Then I have a class to store my session variables in, which has properties
setting or returning the values of requested variables. The first page in
the app creates an instance of the class as a session object variable,
naming the object variable something like "sessVAR_12345", where 12345 is
the instanceID. Then whenever I need to get or set the value of a session
variable, I retreive it from the appropriate class instance. When a page
gets the instanceID from the querystring, it concatenates it with "sessVAR_"
to get the name of the appropriate session variable representing the session
variable container class.

Once I got it set up, this runs smoothly, but I have read that storing class
instances in session variables uses inordinate amounts of memory on the
server, so if anybody has a better way of managing session variables I would
be glad to hear about it.

Bill


"Andy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have an admin section of my asp.net 2 application, and I want to be
> able to automatically login as a different user (Forms Authentication)
> whilst keeping my current session going too. The problem is that if I
> open a new browser window (via a hyperlink using target="_blank")
> from my app and automatically login, the original session is also
> reset to the new one (ie all session variables that store info about
> the user are set to the new user). The url of my hyperlink to the new
> browser is a full, absolute URL.
>
> If however, I launch a new browser window via the IE shortcut, I can
> have two simultaneous sessions going fine.
>
> Does anyone have any ideas how I can solve this?
>
> Thanks, Andy
>



 
Reply With Quote
 
bruce barker
Guest
Posts: n/a
 
      08-30-2007
this can be done with cookieless sessions, but not with cookie based
sessions. this is because opening a new browser window from a link or
javascript shares the same cookies as the opener.

with cookieless session, just don't include the sessionid in the link url.

-- bruce (sqlwork.com)

Andy wrote:
> I have an admin section of my asp.net 2 application, and I want to be
> able to automatically login as a different user (Forms Authentication)
> whilst keeping my current session going too. The problem is that if I
> open a new browser window (via a hyperlink using target="_blank")
> from my app and automatically login, the original session is also
> reset to the new one (ie all session variables that store info about
> the user are set to the new user). The url of my hyperlink to the new
> browser is a full, absolute URL.
>
> If however, I launch a new browser window via the IE shortcut, I can
> have two simultaneous sessions going fine.
>
> Does anyone have any ideas how I can solve this?
>
> Thanks, Andy
>

 
Reply With Quote
 
Andy
Guest
Posts: n/a
 
      08-31-2007
Thanks for your replies, I think as Hans suggested, I'll set up a sub
domain pointing to the same web application. Andy

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving from ASP Sessions to Database Sessions Bookham Measures ASP General 19 08-23-2007 03:51 PM
How to compare two SOAP Envelope or two Document or two XML files GenxLogic Java 3 12-06-2006 08:41 PM
Cookieless Sessions (Sessions Without Cookies) and Security scottymo ASP .Net Security 3 09-29-2006 11:00 PM
two simultaneous tomcat sessions for the same user michel carriere Java 2 12-18-2003 05:07 AM
Re: Relationship between IIS Sessions and ASP.NET Sessions? Ken Cox [Microsoft MVP] ASP .Net 1 08-08-2003 03:22 PM



Advertisments