Session Hijack problem?

Discussion in 'ASP .Net Security' started by SCG, Jun 28, 2005.

  1. SCG

    SCG Guest

    Hi,

    I am using forms auth.

    I want a support guy to be able to "impersonate" a user by logging on as
    them automatically. This logon manifests itself as a 2nd browser window
    launched on the support guys desktop. I want both browser windows to
    "remember" who they are logged on as.

    So, the support guy logs on, and I store the intenal user id as the forms
    cookie (using say FormsAuthentication.SetAuthCookie(supportGuyId.ToString(),
    False)).

    From then on I can use the HttpContext.Current.User.Identity.Name to get the
    ID of the support guy. Harrah.

    So, from a grid of users I select one and launch a new window (under the
    same IE process which may be the problem...) and this logs me on as the new
    user....doing another
    FormsAuthentication.SetAuthCookie(newUserGuyId.ToString(), False))

    BUT...

    then I go back to the 1st window (support guy) and navigate to another page
    and magically see only the new guys stuff....

    i.e. HttpContext.Current.User.Identity.Name which I use for the "key" on the
    original browser window returns the ID of the user launched in the new
    window!!!

    My question is, "Is HttpContext.Current.User.Identity bound to the (IE6)
    process only?"

    If so, are there any other approaches I could use to get round this short of
    having an invisible Frame on the page holding just the user index.

    Ideally I' like the IE browser to launch in another process, but I believe
    even if I could do that Firefox et al don't take that approach.


    Thanks for any help?
    SCG, Jun 28, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    2,294
    nautonnier
    Jul 11, 2006
  2. richard
    Replies:
    8
    Views:
    435
    Adrienne Boswell
    Nov 21, 2008
  3. Dave

    Hijack Session

    Dave, Jan 8, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    124
    Keith
    Feb 1, 2004
  4. Jim
    Replies:
    2
    Views:
    110
  5. Ian Leitch
    Replies:
    3
    Views:
    89
    Ian Leitch
    Jul 14, 2009
Loading...

Share This Page