Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP.NET Session - How to have seperate session for browser's two tab-w

Status
Not open for further replies.
fletchsod

fletchsod

Programmer
Dec 16, 2002
181
I'm having a problem on creating a seperate session for every login.

When you fire up a web-browser, then you opened two tab-windows where the 1st tab-window is for customer login and the 2nd tab-window is for admin login.

Problem is when you made a login (customer) on the 1st tab-window to browse around and use the 2nd tab-window to login (admin). Then you do a logout (customer) on the 1st tab-window (which did a session.abandon();) and later browse the admin area on the 2nd tab-window, I encountered an expired session.

This tell me that the web browser is sharing the session identifier. So, I want to make a seperate session and seperate session identifier for every login (customer or admin) so they remain independent of each other via tab-window.

How do you guys accomplish this in ASP.NET? This script I tried doesn't work as I got the null session when logging in.

Code: 
System.Web.SessionState.SessionIDManager oSessionIdManager = new System.Web.SessionState.SessionIDManager();
string sNewSessionId = oSessionIdManager.CreateSessionID(HttpContext.Current);
bool bRedirected = false;
bool bCookieAdded = true;
oSessionIdManager.SaveSessionID(HttpContext.Current, sNewSessionId, out bRedirected, out bCookieAdded);

Thanks...
 
Sort by date Sort by votes
it doesn't. session is tied to the client via the browser (cookie), not the tab. the server doesn't even know if the browser supports tabbing.

at best you can have the end user open multiple browsers and use 1 browser for each login. This is hacky just typing out the thought though.

I would also raise the question why a single user needs to access the system with multiple accounts simultaneously? if that's the case, why bother with security at all? just have a single account that can do everything.

Jason Meckley
Programmer
Specialty Bakers, Inc.

faq855-7190
faq732-7259
 
Upvote 0 Downvote
Seem that I would have to create a cookieless session instead. Will have to do some researches on how to make it possible.

 
Upvote 0 Downvote
May sound mundane, but why not just make sure that the session objects used by each are named differently? That is User_XXXXXX and Admin_XXXXXX instead of just XXXXXX. Like JMeckley said, the server has no idea on the prospect of supporting tabs...
 
Upvote 0 Downvote
Problem is we both have 1) a javascript idle-timeout that log the user out and 2) when a user manually log out, both of them (either way) is when the session get destroyed and is cleared from the memory which affected the other web-user.

So, cookieless is the best way to go. I have a website in AIX, Apache and PHP which is cookieless session and it worked great!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
294
Makumbi256
Makumbi256
AhmedAzizBarbary
  • Locked
  • Question
How to read data response body after success login razor page ?
Replies
0
Views
413
AhmedAzizBarbary
AhmedAzizBarbary
AhmedAzizBarbary
  • Locked
  • Question
How to pass list of checkboxes not checked on page model razor page?
Replies
0
Views
445
AhmedAzizBarbary
AhmedAzizBarbary
WIREMESH
  • Locked
  • Question
Google Chrome Lost Session
Replies
0
Views
352
WIREMESH
WIREMESH
snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
337
snakehips2000
snakehips2000

Part and Inventory Search

Sponsor

Back
Top