Solved

Session Problem

Posted on 2010-09-20
21
671 Views
Last Modified: 2013-11-07
I am trying to develop a website using asp.net.There is a login page this site.By login we can enter to website.Usually by coping this url and paste it in another browser window,it will directly entered to the site without any validation.How can i avoid this.What i need is i want to make it like  banks website.If we do the same operation in a bank site,that will show u an error page.How do they handle this???
0
Comment
Question by:vivekpv10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +6
21 Comments
 
LVL 12

Expert Comment

by:HugoHiasl
ID: 33715154
This does only work for browser windows on the same machine because the session is maintained by a cookie. Do you need to make it impossible to have the same page open twice on the same machine?
0
 
LVL 5

Author Comment

by:vivekpv10
ID: 33715219
what i need is if a user is login in a machine,i dont want to make it available in another browser window.it is because of security reason.There i want to show a error page.How i can i do this using session.I want to make it this session only for one browser window at a time.I want to detect it and show a error page if he trying to login by just pasting the url of login user.
0
 

Expert Comment

by:ikraammomin
ID: 33715287
Hi,

Please disable cookies in browser. For session management, don't use cookies, you can use url rewriting.

Thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:CyberSoft
ID: 33741933
If you open a new tab or a new browser window from the same browser the user is already logged into the same session will used - hence copying and pasting the URL in the new tab/window will mean the user is already logged in (shared session).

Some browser like IE8 allow you to create a NEW session (see File -> New Session on the menubar).

HTH
0
 
LVL 5

Author Comment

by:vivekpv10
ID: 33744736
that i am asking..how can we avoid that..
0
 
LVL 3

Expert Comment

by:CyberSoft
ID: 33744938
You can't avoid that - that's how the browser tabs and new windows from the same browser works. But why would you want to prevent that - it's the same user anyway ?
0
 
LVL 5

Author Comment

by:vivekpv10
ID: 33750874
Hai CyberSoft..u just try the same scenario in a bank  site..you can't able to do like that.So there is a solution for this issue.
0
 
LVL 3

Expert Comment

by:CyberSoft
ID: 33751569
Well the only way you'll achieve that is by not storing the logged in user's session thereby making the application force a login on every page. Good luck selling that to client. Besides banks won't use web application's inhouse besides internet banking facilities offered to it's customers.
0
 
LVL 5

Author Comment

by:vivekpv10
ID: 33752465
but i think it is possible to process the url so that we can identify wether it coming from login page or directly pasted the url..
0
 
LVL 12

Expert Comment

by:jet-black
ID: 33764065
You should use sessions.
When the user logins, simply set a variable in session indicating the user state.
Then every page load simply check this variable and redirect the user to login page if it is necessary.
http://msdn.microsoft.com/en-us/library/ms972429.aspx
0
 
LVL 23

Expert Comment

by:Rajkumar Gs
ID: 33764075
Do you have this check in Page_Load event.?

if (!HttpContext.Current.User.Identity.IsAuthenticated) {
      return;
}

OR

if (!Request.IsAuthenticated) {
      return;
}

Raj
0
 
LVL 23

Expert Comment

by:Rajkumar Gs
ID: 33764084
Sorry, I mean this check

if (!HttpContext.Current.User.Identity.IsAuthenticated)
        {
            Response.Redirect("login.aspx");
        }

OR

        if (!Request.IsAuthenticated)
        {
            Response.Redirect("login.aspx");
        }

If not put it in Page_load and plz check

Raj
0
 
LVL 12

Expert Comment

by:jet-black
ID: 33764094
Also, you can allow the user that visit the site with one browser at the same time.
You need to store the user's ID, the date of last login,  IP, browser version, browser name, etc. to database.
Every page refresh, update the value of the last login date. By doing this, lets say max of 5 minutes ot inactive, the access from another browser will be denied if the user didn't logout first.
0
 
LVL 18

Expert Comment

by:vbturbo
ID: 33764185
Hello

Im sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings


http://stackoverflow.com/questions/1226574/disable-copy-paste-into-html-form-using-javascript


To make use of this in order to disable pasting:

<input type="text" onpaste="return false;" />


// Register onpaste on inputs and textareas in browsers that don't
// natively support it.
(function () {
    var onload = window.onload;
 
    window.onload = function () {
        if (typeof onload == "function") {
            onload.apply(this, arguments);
        }
 
        var fields = [];
        var inputs = document.getElementsByTagName("input");
        var textareas = document.getElementsByTagName("textarea");
 
        for (var i = 0; i < inputs.length; i++) {
            fields.push(inputs[i]);
        }
 
        for (var i = 0; i < textareas.length; i++) {
            fields.push(textareas[i]);
        }
 
        for (var i = 0; i < fields.length; i++) {
            var field = fields[i];
 
            if (typeof field.onpaste != "function" && !!field.getAttribute("onpaste")) {
                field.onpaste = eval("(function () { " + field.getAttribute("onpaste") + " })");
            }
 
            if (typeof field.onpaste == "function") {
                var oninput = field.oninput;
 
                field.oninput = function () {
                    if (typeof oninput == "function") {
                        oninput.apply(this, arguments);
                    }
 
                    if (typeof this.previousValue == "undefined") {
                        this.previousValue = this.value;
                    }
 
                    var pasted = (Math.abs(this.previousValue.length - this.value.length) > 1 && this.value != "");
 
                    if (pasted && !this.onpaste.apply(this, arguments)) {
                        this.value = this.previousValue;
                    }
 
                    this.previousValue = this.value;
                };
 
                if (field.addEventListener) {
                    field.addEventListener("input", field.oninput, false);
                } else if (field.attachEvent) {
                    field.attachEvent("oninput", field.oninput);
                }
            }
        }
    }
})();

vbturbo
0
 
LVL 18

Expert Comment

by:vbturbo
ID: 33764188
sorry , it should say

Hello

Im not sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings
0
 
LVL 27

Accepted Solution

by:
Chinmay Patel earned 500 total points
ID: 33764884
Hi vivekpv10, 
Some really interesting answers I saw here and I can't stop .... leave it... some might get offended.
And @people who have really provided some good answers I have no intentions to hijack this thread, just putting my in my 2 cents.
1. experts who have mentioned that it is a default browser behavior are absolutely right it is a curse that we have to live with.
2. You can try to check for Request.UrlReferrer if it is not the login page you can redirect the request to home page but this is not a full-proof solution.
Hope this helps.
Regards,
Chinmay



0
 
LVL 18

Expert Comment

by:vbturbo
ID: 33765623
vivekpv10:

pls disregard my comment , i just discovered that i am in a  wrong thread

vbturbo
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33766062
ASP.NET has a very powerful feature called "Form Based Authentication" that makes this trivial to do.  I can get a secure form based authentication site running in less than an hour.  Are you using it?
0
 
LVL 5

Author Closing Comment

by:vivekpv10
ID: 33775791
Its correct..Request.UrlReferrer is a way to  overcome this issue..
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Form Data Disappears Using Back Button 4 66
c# ftp code 3 56
sql connection error null reference exception 9 29
.NET universe documentation poster 2 22
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question