You must Sign In to post a response.
  • Category: ASP.NET

    How to avoid same session in different machine

    Hi All,

    Currently i am developing a website & i have session problem
    After i log into the website & copy paste the current url in different machine, i am able to view all pages with same session. instead i want it to redirect to login page.

    we use cookieless session. I made some research and tried using regenerateExpiredSessionId. still no use <sessionState mode="InProc" cookieless="true" regenerateExpiredSessionId="true">
    How can we restrict sessions from one machine to another?
    Thanks in advance.
    Techie
  • #764290
    To handle this problem follow below steps
    1. After successful login store UserId in session variable
    2. On each page load check if Session["UID"] == null then re-direct page to login page
    3. so in this way you can check if the user is authenticated or not

    Thanks
    Koolprasd2003
    Editor, DotNetSpider MVM
    Microsoft MVP 2014 [ASP.NET/IIS]

  • #764291
    1. Enable the form authentication in the web.config

    <authentication mode="Forms">
    <forms loginUrl="Default.aspx" timeout="2880" />
    </authentication>

    2. Once the user login you can FormsAuthenticationTicket.

    FormsAuthenticationTicket zFATicketL =
    new FormsAuthenticationTicket(
    1, // version
    this.username.Text.Trim(), // get username from the form
    DateTime.Now, // issue time is now
    DateTime.Now.AddMinutes(nTimeOutPeriodL == 0 ? 10 : nTimeOutPeriodL), // expires in 10 minutes
    false, // cookie is not persistent
    Login_ResponseL.User.CurrentSession //+"#" + aUserL.Id // Current Session Id stored in userData
    );
    HttpCookie aUserCookieL = new HttpCookie(
    FormsAuthentication.FormsCookieName,
    FormsAuthentication.Encrypt(zFATicketL));

    Response.Cookies.Add(aUserCookieL);

    3. In the pages you check the user identity

    FormsIdentity FID = (FormsIdentity)Page.User.Identity;
    FormsAuthenticationTicket aFATicketL = FID.Ticket;

    By Nathan
    Direction is important than speed

  • #764300
    Hi,

    I don't have exact idea how to resolve this, but as per my understand the post the problem is

    You are using CookieLess session, so session object will store in URL of the page, whenever you copy the URL and open in another system based on Session object from URL it fetches the records and showed in your machine.

    To overcome the above issue, why can't you use Cookie based session, so that it will save the session id in Cookie of the system, once you copy the URL and open in another system it won't remain the same values, for sure it's asking Logins.

    --------------------------------------------------------------------------------
    Give respect to your work, Instead of trying to impress your boss.

    N@veen
    Blog : http://naveens-dotnet.blogspot.in/

  • #764304
    Hai Techie,
    If you want that the copy - paste URL should not work in other machines, you can use the URLReferrer which will check the previous URL for the page to redirect and if not found, it can go back and show the login page.
    In the page_Load event, you need to first check the previous URL using the code:

    Uri prevURL = Request.UrlReferrer;

    Now you can put the condition like,
    if(preURL == null)
    {
    // redirect to login page
    }

    Hope it will be helpful to you.

    Regards,
    Pawan Awasthi(DNS MVM)
    +91 8123489140 (whatsApp), +60 14365 1476(Malaysia)
    pawansoftit@gmail.com

  • #764306
    Hi Naveen,

    yes,your understanding is right..
    Using cookie based sessions have certain problem:

    1. Some browsers don't support cookies
    2. User can disable cookies in their system
    3. have security issue as cookies are saved in clear text

    thats is y we prefer cookieless session.
    So still trying out for solution with cookieless session.
    Techie

  • #764307
    Hi Pawan,

    we tried using Request.UrlReferrer but i guess it does not work with https://

    Thanks.
    Techie

  • #764320
    Hai Techie,
    Yes, the Request.UrlReferrer will give NULL if you are using Https for the url. Th e other way could be sending a unique key to the next page and checking.
    Hope it will be helpful to you.

    Regards,
    Pawan Awasthi(DNS MVM)
    +91 8123489140 (whatsApp), +60 14365 1476(Malaysia)
    pawansoftit@gmail.com

  • #764384
    Sometimes its happens because of caching. You can try to disable caching using below code in web.config file:
    <system.webServer>
    <caching enabled="false" />
    </system.webServer>
    Try and let me know, if its works then choose it as best answer.

    If you are unable to do something properly for the first time, call it Version 1.0!

    Thanks & Regards,
    MONOJ BHUINA


Sign In to post your comments