J
Jurjen de Groot
Hello,
I'm currently maintaining a web-application wich is 'secured' using
FormAuthentication.
When the user is authenticated I set then Authentication-Cooke using :
FormsAuthentication.SetAuthCookie( UserName, false)
and redirect the user to the correct page.
In the global.asax (Application_AuthenticateRequest) a check is performed to
see if the request isAuthenticated (Request.IsAuthenticated), if so, the
cookie is retrieved and used (if empty it's being filled with
role-information), all is well so far.
If the user then starts a new instance of IE7 and tries to logon to as a
different user, things go bad, the user can login using another user
account, is then validated, and subsequently the request.IsAuthenticated is
still true the in global.asax and the app will pick up the cookie wich
belongs to the previous user.
Is it at all possible to have multiple users using the same webapplication
on the same machine in different IE windows ? and if so, could you show me
how or point me to some resource on this ? and how dangerous can this be,
what if the user doesn't create a new instance of IE7 but uses CTRL+N to
create a new windows, won't Sessions get mixed up ?
TIA,
Jurjen.
I'm currently maintaining a web-application wich is 'secured' using
FormAuthentication.
When the user is authenticated I set then Authentication-Cooke using :
FormsAuthentication.SetAuthCookie( UserName, false)
and redirect the user to the correct page.
In the global.asax (Application_AuthenticateRequest) a check is performed to
see if the request isAuthenticated (Request.IsAuthenticated), if so, the
cookie is retrieved and used (if empty it's being filled with
role-information), all is well so far.
If the user then starts a new instance of IE7 and tries to logon to as a
different user, things go bad, the user can login using another user
account, is then validated, and subsequently the request.IsAuthenticated is
still true the in global.asax and the app will pick up the cookie wich
belongs to the previous user.
Is it at all possible to have multiple users using the same webapplication
on the same machine in different IE windows ? and if so, could you show me
how or point me to some resource on this ? and how dangerous can this be,
what if the user doesn't create a new instance of IE7 but uses CTRL+N to
create a new windows, won't Sessions get mixed up ?
TIA,
Jurjen.