login twice on the same web-app on one machine ?

Discussion in 'ASP .Net Security' started by Jurjen de Groot, Jun 18, 2008.

  1. Hello,

    I'm currently maintaining a web-application wich is 'secured' using
    FormAuthentication.
    When the user is authenticated I set then Authentication-Cooke using :

    FormsAuthentication.SetAuthCookie( UserName, false)

    and redirect the user to the correct page.

    In the global.asax (Application_AuthenticateRequest) a check is performed to
    see if the request isAuthenticated (Request.IsAuthenticated), if so, the
    cookie is retrieved and used (if empty it's being filled with
    role-information), all is well so far.

    If the user then starts a new instance of IE7 and tries to logon to as a
    different user, things go bad, the user can login using another user
    account, is then validated, and subsequently the request.IsAuthenticated is
    still true the in global.asax and the app will pick up the cookie wich
    belongs to the previous user.

    Is it at all possible to have multiple users using the same webapplication
    on the same machine in different IE windows ? and if so, could you show me
    how or point me to some resource on this ? and how dangerous can this be,
    what if the user doesn't create a new instance of IE7 but uses CTRL+N to
    create a new windows, won't Sessions get mixed up ?


    TIA,
    Jurjen.
    Jurjen de Groot, Jun 18, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lawrance
    Replies:
    0
    Views:
    446
    Lawrance
    Nov 30, 2003
  2. UJ
    Replies:
    2
    Views:
    421
  3. Balaji
    Replies:
    7
    Views:
    464
    Nicole Calinoiu
    Apr 28, 2006
  4. =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=

    Same app in IIS twice?

    =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?=, Mar 11, 2007, in forum: ASP .Net
    Replies:
    5
    Views:
    302
    Steven Cheng[MSFT]
    Mar 12, 2007
  5. Rajesh.V

    Same user twice in the same aspx..

    Rajesh.V, Aug 6, 2003, in forum: ASP .Net Web Controls
    Replies:
    0
    Views:
    129
    Rajesh.V
    Aug 6, 2003
Loading...

Share This Page