Form Based Authentication Issue

[Frank Walsh]

Can anyone tell me if this is possible in asp.net, I want to use form-based
authentication to authenticate my users, however a employee of the company
is attempting to be logged in as administrator and as a client in two
browser windows. When the FormsAuthentication.Signout is called on one of
the windows, it kills both authentications for both browser windows. When
the user attempts to do something in the other window, they are directed to
the login screen. I'm assuming my cookie is being replaced by the second
login, and then destroyed, i'm wondering if i can somehow make the
form-based authentication specific to the browser window as I am assuming a
new browser window means a new session is being created.

Thank You,

Frank Walsh
(e-mail address removed)

 

[Karl Seguin]

Frank:
I think you're right about why it's working the way it is (shared cookies by
browser). ASP.Net 2.0 will have cookieless formsauthentication (similar to
the current implementation of cookieless sessions). The only real
solution I can think of is that you bake your own cookieless code, using Url
Rewriting. Certainly not ideal, not sure I'd go through the trouble unless
absolutely necessary.

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)

 

[Guest]

I think it has a lot to do with how the client is opening the multiple
browsers. If you lauch two windows seperately, for example double click on
the internet explorer icon on the desktop twice to get two open windows, you
should not see this problem. We use forms authentication and I have multiple
windows open with seperate logins in each window and none of them ever
interferre with the others. However if the client opens one window then hits
Crtl-N or Clicks on the File menu-> New Window, the new window will open
however it will share the same "session" (shared cookies, shared history,
etc) which I think is causing the problem you are referring to.

 

[Ben Amada]

Frank:
I think you're right about why it's working the way it is (shared cookies
by browser). ASP.Net 2.0 will have cookieless formsauthentication
(similar to the current implementation of cookieless sessions). The
only real solution I can think of is that you bake your own cookieless
code, using Url Rewriting. Certainly not ideal, not sure I'd go through
the trouble unless absolutely necessary.

Karl

Karl,

Just curious, but do you know how 2.0's cookieless forms authentication
differs from the current (v1.1) cookieless sessions?

Thanks!
Ben

 

[Karl Seguin]

Looks like there are some pre-built solutions for 1.1:
http://www.codeproject.com/aspnet/cookieless.asp

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)

 

[Karl Seguin]

AFAIK it's pretty much the same except one applies to the sessionid the
other to the auth cookie. Configured in web.config also..

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)

 

[Ben Amada]

AFAIK it's pretty much the same except one applies to the sessionid the
other to the auth cookie. Configured in web.config also..

Karl

ok -- thanks!