Two user sessions

Discussion in 'ASP .Net' started by Andy, Aug 30, 2007.

  1. Andy

    Andy Guest

    I have an admin section of my asp.net 2 application, and I want to be
    able to automatically login as a different user (Forms Authentication)
    whilst keeping my current session going too. The problem is that if I
    open a new browser window (via a hyperlink using target="_blank")
    from my app and automatically login, the original session is also
    reset to the new one (ie all session variables that store info about
    the user are set to the new user). The url of my hyperlink to the new
    browser is a full, absolute URL.

    If however, I launch a new browser window via the IE shortcut, I can
    have two simultaneous sessions going fine.

    Does anyone have any ideas how I can solve this?

    Thanks, Andy
     
    Andy, Aug 30, 2007
    #1
    1. Advertising

  2. Andy

    Steve Guest

    Have you tried using target="new"?


    Steve C.
    MCSD,MCAD,MCSE,MCP+I,CNE,CNA,CCNA


    Andy wrote:
    > I have an admin section of my asp.net 2 application, and I want to be
    > able to automatically login as a different user (Forms Authentication)
    > whilst keeping my current session going too. The problem is that if I
    > open a new browser window (via a hyperlink using target="_blank")
    > from my app and automatically login, the original session is also
    > reset to the new one (ie all session variables that store info about
    > the user are set to the new user). The url of my hyperlink to the new
    > browser is a full, absolute URL.
    >
    > If however, I launch a new browser window via the IE shortcut, I can
    > have two simultaneous sessions going fine.
    >
    > Does anyone have any ideas how I can solve this?
    >
    > Thanks, Andy
    >
     
    Steve, Aug 30, 2007
    #2
    1. Advertising

  3. Andy

    Hans Kesting Guest

    > I have an admin section of my asp.net 2 application, and I want to be
    > able to automatically login as a different user (Forms Authentication)
    > whilst keeping my current session going too. The problem is that if I
    > open a new browser window (via a hyperlink using target="_blank")
    > from my app and automatically login, the original session is also
    > reset to the new one (ie all session variables that store info about
    > the user are set to the new user). The url of my hyperlink to the new
    > browser is a full, absolute URL.
    >
    > If however, I launch a new browser window via the IE shortcut, I can
    > have two simultaneous sessions going fine.
    >
    > Does anyone have any ideas how I can solve this?
    >
    > Thanks, Andy
    >


    I don't think you can do it. If you open a new IE window from with IE
    (Menu: File | New Window, or javascript window.open, or target=_blank),
    then that new window shares it's cookies (and thus it's session) with the
    original window.
    Only when you start a new IE instance will you get a separate cookiecontainer.
    The fact that you use a "complete url" has nothing to do with this.

    Maybe you can use different URLs as in 'admin.company.com' vs
    'www.company.com', as cookies depend on the hostname.

    Hans Kestin
     
    Hans Kesting, Aug 30, 2007
    #3
  4. Andy

    BillE Guest

    Everybody who uses session variables has to deal with this, since sessions
    are also shared between tabs in IE7, so if a user opens an application in a
    new tab it will share the session with the same application in the first
    tab.

    What I do is generate a random number which I call the instanceID whenever
    the first page in the application is opened. Then I pass the instanceID in
    the querystring everytime I open a new page. Each page checks for the
    instanceID in the querystring - if there is no instanceID in the
    querystring, it gets bounced to the first page, which generates an
    instanceID. This would happen if somebody opens the app in a new tab, or
    uses Ctrl-N to open a new browser in the same session.

    Then I have a class to store my session variables in, which has properties
    setting or returning the values of requested variables. The first page in
    the app creates an instance of the class as a session object variable,
    naming the object variable something like "sessVAR_12345", where 12345 is
    the instanceID. Then whenever I need to get or set the value of a session
    variable, I retreive it from the appropriate class instance. When a page
    gets the instanceID from the querystring, it concatenates it with "sessVAR_"
    to get the name of the appropriate session variable representing the session
    variable container class.

    Once I got it set up, this runs smoothly, but I have read that storing class
    instances in session variables uses inordinate amounts of memory on the
    server, so if anybody has a better way of managing session variables I would
    be glad to hear about it.

    Bill


    "Andy" <> wrote in message
    news:...
    >I have an admin section of my asp.net 2 application, and I want to be
    > able to automatically login as a different user (Forms Authentication)
    > whilst keeping my current session going too. The problem is that if I
    > open a new browser window (via a hyperlink using target="_blank")
    > from my app and automatically login, the original session is also
    > reset to the new one (ie all session variables that store info about
    > the user are set to the new user). The url of my hyperlink to the new
    > browser is a full, absolute URL.
    >
    > If however, I launch a new browser window via the IE shortcut, I can
    > have two simultaneous sessions going fine.
    >
    > Does anyone have any ideas how I can solve this?
    >
    > Thanks, Andy
    >
     
    BillE, Aug 30, 2007
    #4
  5. Andy

    bruce barker Guest

    this can be done with cookieless sessions, but not with cookie based
    sessions. this is because opening a new browser window from a link or
    javascript shares the same cookies as the opener.

    with cookieless session, just don't include the sessionid in the link url.

    -- bruce (sqlwork.com)

    Andy wrote:
    > I have an admin section of my asp.net 2 application, and I want to be
    > able to automatically login as a different user (Forms Authentication)
    > whilst keeping my current session going too. The problem is that if I
    > open a new browser window (via a hyperlink using target="_blank")
    > from my app and automatically login, the original session is also
    > reset to the new one (ie all session variables that store info about
    > the user are set to the new user). The url of my hyperlink to the new
    > browser is a full, absolute URL.
    >
    > If however, I launch a new browser window via the IE shortcut, I can
    > have two simultaneous sessions going fine.
    >
    > Does anyone have any ideas how I can solve this?
    >
    > Thanks, Andy
    >
     
    bruce barker, Aug 30, 2007
    #5
  6. Andy

    Andy Guest

    Thanks for your replies, I think as Hans suggested, I'll set up a sub
    domain pointing to the same web application. Andy
     
    Andy, Aug 31, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Cox [Microsoft MVP]

    Re: Relationship between IIS Sessions and ASP.NET Sessions?

    Ken Cox [Microsoft MVP], Aug 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    5,372
    Luther Miller
    Aug 8, 2003
  2. michel carriere
    Replies:
    2
    Views:
    905
    michel carriere
    Dec 18, 2003
  3. GenxLogic
    Replies:
    3
    Views:
    1,286
    andrewmcdonagh
    Dec 6, 2006
  4. scottymo
    Replies:
    3
    Views:
    706
    Dominick Baier
    Sep 30, 2006
  5. Bookham Measures

    Moving from ASP Sessions to Database Sessions

    Bookham Measures, Jul 23, 2007, in forum: ASP General
    Replies:
    19
    Views:
    569
    Bookham Measures
    Aug 23, 2007
Loading...

Share This Page