Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 676
  • Last Modified:

Session Problem

I am trying to develop a website using asp.net.There is a login page this site.By login we can enter to website.Usually by coping this url and paste it in another browser window,it will directly entered to the site without any validation.How can i avoid this.What i need is i want to make it like  banks website.If we do the same operation in a bank site,that will show u an error page.How do they handle this???
0
vivekpv10
Asked:
vivekpv10
  • 5
  • 3
  • 3
  • +6
1 Solution
 
HugoHiaslCommented:
This does only work for browser windows on the same machine because the session is maintained by a cookie. Do you need to make it impossible to have the same page open twice on the same machine?
0
 
vivekpv10Author Commented:
what i need is if a user is login in a machine,i dont want to make it available in another browser window.it is because of security reason.There i want to show a error page.How i can i do this using session.I want to make it this session only for one browser window at a time.I want to detect it and show a error page if he trying to login by just pasting the url of login user.
0
 
ikraammominCommented:
Hi,

Please disable cookies in browser. For session management, don't use cookies, you can use url rewriting.

Thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
CyberSoftCommented:
If you open a new tab or a new browser window from the same browser the user is already logged into the same session will used - hence copying and pasting the URL in the new tab/window will mean the user is already logged in (shared session).

Some browser like IE8 allow you to create a NEW session (see File -> New Session on the menubar).

HTH
0
 
vivekpv10Author Commented:
that i am asking..how can we avoid that..
0
 
CyberSoftCommented:
You can't avoid that - that's how the browser tabs and new windows from the same browser works. But why would you want to prevent that - it's the same user anyway ?
0
 
vivekpv10Author Commented:
Hai CyberSoft..u just try the same scenario in a bank  site..you can't able to do like that.So there is a solution for this issue.
0
 
CyberSoftCommented:
Well the only way you'll achieve that is by not storing the logged in user's session thereby making the application force a login on every page. Good luck selling that to client. Besides banks won't use web application's inhouse besides internet banking facilities offered to it's customers.
0
 
vivekpv10Author Commented:
but i think it is possible to process the url so that we can identify wether it coming from login page or directly pasted the url..
0
 
jet-blackCommented:
You should use sessions.
When the user logins, simply set a variable in session indicating the user state.
Then every page load simply check this variable and redirect the user to login page if it is necessary.
http://msdn.microsoft.com/en-us/library/ms972429.aspx
0
 
Rajkumar GsSoftware EngineerCommented:
Do you have this check in Page_Load event.?

if (!HttpContext.Current.User.Identity.IsAuthenticated) {
      return;
}

OR

if (!Request.IsAuthenticated) {
      return;
}

Raj
0
 
Rajkumar GsSoftware EngineerCommented:
Sorry, I mean this check

if (!HttpContext.Current.User.Identity.IsAuthenticated)
        {
            Response.Redirect("login.aspx");
        }

OR

        if (!Request.IsAuthenticated)
        {
            Response.Redirect("login.aspx");
        }

If not put it in Page_load and plz check

Raj
0
 
jet-blackCommented:
Also, you can allow the user that visit the site with one browser at the same time.
You need to store the user's ID, the date of last login,  IP, browser version, browser name, etc. to database.
Every page refresh, update the value of the last login date. By doing this, lets say max of 5 minutes ot inactive, the access from another browser will be denied if the user didn't logout first.
0
 
vbturboCommented:
Hello

Im sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings


http://stackoverflow.com/questions/1226574/disable-copy-paste-into-html-form-using-javascript


To make use of this in order to disable pasting:

<input type="text" onpaste="return false;" />


// Register onpaste on inputs and textareas in browsers that don't
// natively support it.
(function () {
    var onload = window.onload;
 
    window.onload = function () {
        if (typeof onload == "function") {
            onload.apply(this, arguments);
        }
 
        var fields = [];
        var inputs = document.getElementsByTagName("input");
        var textareas = document.getElementsByTagName("textarea");
 
        for (var i = 0; i < inputs.length; i++) {
            fields.push(inputs[i]);
        }
 
        for (var i = 0; i < textareas.length; i++) {
            fields.push(textareas[i]);
        }
 
        for (var i = 0; i < fields.length; i++) {
            var field = fields[i];
 
            if (typeof field.onpaste != "function" && !!field.getAttribute("onpaste")) {
                field.onpaste = eval("(function () { " + field.getAttribute("onpaste") + " })");
            }
 
            if (typeof field.onpaste == "function") {
                var oninput = field.oninput;
 
                field.oninput = function () {
                    if (typeof oninput == "function") {
                        oninput.apply(this, arguments);
                    }
 
                    if (typeof this.previousValue == "undefined") {
                        this.previousValue = this.value;
                    }
 
                    var pasted = (Math.abs(this.previousValue.length - this.value.length) > 1 && this.value != "");
 
                    if (pasted && !this.onpaste.apply(this, arguments)) {
                        this.value = this.previousValue;
                    }
 
                    this.previousValue = this.value;
                };
 
                if (field.addEventListener) {
                    field.addEventListener("input", field.oninput, false);
                } else if (field.attachEvent) {
                    field.attachEvent("oninput", field.oninput);
                }
            }
        }
    }
})();

vbturbo
0
 
vbturboCommented:
sorry , it should say

Hello

Im not sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings
0
 
Chinmay PatelEnterprise ArchitectCommented:
Hi vivekpv10, 
Some really interesting answers I saw here and I can't stop .... leave it... some might get offended.
And @people who have really provided some good answers I have no intentions to hijack this thread, just putting my in my 2 cents.
1. experts who have mentioned that it is a default browser behavior are absolutely right it is a curse that we have to live with.
2. You can try to check for Request.UrlReferrer if it is not the login page you can redirect the request to home page but this is not a full-proof solution.
Hope this helps.
Regards,
Chinmay



0
 
vbturboCommented:
vivekpv10:

pls disregard my comment , i just discovered that i am in a  wrong thread

vbturbo
0
 
Ted BouskillSenior Software DeveloperCommented:
ASP.NET has a very powerful feature called "Form Based Authentication" that makes this trivial to do.  I can get a secure form based authentication site running in less than an hour.  Are you using it?
0
 
vivekpv10Author Commented:
Its correct..Request.UrlReferrer is a way to  overcome this issue..
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 3
  • 3
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now