Session Problem
I am trying to develop a website using asp.net.There is a login page this site.By login we can enter to website.Usually by coping this url and paste it in another browser window,it will directly entered to the site without any validation.How can i avoid this.What i need is i want to make it like banks website.If we do the same operation in a bank site,that will show u an error page.How do they handle this???
This does only work for browser windows on the same machine because the session is maintained by a cookie. Do you need to make it impossible to have the same page open twice on the same machine?
ASKER
what i need is if a user is login in a machine,i dont want to make it available in another browser window.it is because of security reason.There i want to show a error page.How i can i do this using session.I want to make it this session only for one browser window at a time.I want to detect it and show a error page if he trying to login by just pasting the url of login user.
Hi,
Please disable cookies in browser. For session management, don't use cookies, you can use url rewriting.
Thanks
Please disable cookies in browser. For session management, don't use cookies, you can use url rewriting.
Thanks
If you open a new tab or a new browser window from the same browser the user is already logged into the same session will used - hence copying and pasting the URL in the new tab/window will mean the user is already logged in (shared session).
Some browser like IE8 allow you to create a NEW session (see File -> New Session on the menubar).
HTH
Some browser like IE8 allow you to create a NEW session (see File -> New Session on the menubar).
HTH
ASKER
that i am asking..how can we avoid that..
You can't avoid that - that's how the browser tabs and new windows from the same browser works. But why would you want to prevent that - it's the same user anyway ?
ASKER
Hai CyberSoft..u just try the same scenario in a bank site..you can't able to do like that.So there is a solution for this issue.
Well the only way you'll achieve that is by not storing the logged in user's session thereby making the application force a login on every page. Good luck selling that to client. Besides banks won't use web application's inhouse besides internet banking facilities offered to it's customers.
ASKER
but i think it is possible to process the url so that we can identify wether it coming from login page or directly pasted the url..
You should use sessions.
When the user logins, simply set a variable in session indicating the user state.
Then every page load simply check this variable and redirect the user to login page if it is necessary.
http://msdn.microsoft.com/en-us/library/ms972429.aspx
When the user logins, simply set a variable in session indicating the user state.
Then every page load simply check this variable and redirect the user to login page if it is necessary.
http://msdn.microsoft.com/en-us/library/ms972429.aspx
Do you have this check in Page_Load event.?
if (!HttpContext.Current.User
return;
}
OR
if (!Request.IsAuthenticated)
return;
}
Raj
if (!HttpContext.Current.User
return;
}
OR
if (!Request.IsAuthenticated)
return;
}
Raj
Sorry, I mean this check
if (!HttpContext.Current.User
{
Response.Redirect("login.a
}
OR
if (!Request.IsAuthenticated)
{
Response.Redirect("login.a
}
If not put it in Page_load and plz check
Raj
if (!HttpContext.Current.User
{
Response.Redirect("login.a
}
OR
if (!Request.IsAuthenticated)
{
Response.Redirect("login.a
}
If not put it in Page_load and plz check
Raj
Also, you can allow the user that visit the site with one browser at the same time.
You need to store the user's ID, the date of last login, IP, browser version, browser name, etc. to database.
Every page refresh, update the value of the last login date. By doing this, lets say max of 5 minutes ot inactive, the access from another browser will be denied if the user didn't logout first.
You need to store the user's ID, the date of last login, IP, browser version, browser name, etc. to database.
Every page refresh, update the value of the last login date. By doing this, lets say max of 5 minutes ot inactive, the access from another browser will be denied if the user didn't logout first.
Hello
Im sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings
http://stackoverflow.com/questions/1226574/disable-copy-paste-into-html-form-using-javascript
To make use of this in order to disable pasting:
<input type="text" onpaste="return false;" />
// Register onpaste on inputs and textareas in browsers that don't
// natively support it.
(function () {
var onload = window.onload;
window.onload = function () {
if (typeof onload == "function") {
onload.apply(this, arguments);
}
var fields = [];
var inputs = document.getElementsByTagN
var textareas = document.getElementsByTagN
for (var i = 0; i < inputs.length; i++) {
fields.push(inputs[i]);
}
for (var i = 0; i < textareas.length; i++) {
fields.push(textareas[i]);
}
for (var i = 0; i < fields.length; i++) {
var field = fields[i];
if (typeof field.onpaste != "function" && !!field.getAttribute("onpa
field.onpaste = eval("(function () { " + field.getAttribute("onpast
}
if (typeof field.onpaste == "function") {
var oninput = field.oninput;
field.oninput = function () {
if (typeof oninput == "function") {
oninput.apply(this, arguments);
}
if (typeof this.previousValue == "undefined") {
this.previousValue = this.value;
}
var pasted = (Math.abs(this.previousVal
if (pasted && !this.onpaste.apply(this, arguments)) {
this.value = this.previousValue;
}
this.previousValue = this.value;
};
if (field.addEventListener) {
field.addEventListener("in
} else if (field.attachEvent) {
field.attachEvent("oninput
}
}
}
}
})();
vbturbo
Im sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings
http://stackoverflow.com/questions/1226574/disable-copy-paste-into-html-form-using-javascript
To make use of this in order to disable pasting:
<input type="text" onpaste="return false;" />
// Register onpaste on inputs and textareas in browsers that don't
// natively support it.
(function () {
var onload = window.onload;
window.onload = function () {
if (typeof onload == "function") {
onload.apply(this, arguments);
}
var fields = [];
var inputs = document.getElementsByTagN
var textareas = document.getElementsByTagN
for (var i = 0; i < inputs.length; i++) {
fields.push(inputs[i]);
}
for (var i = 0; i < textareas.length; i++) {
fields.push(textareas[i]);
}
for (var i = 0; i < fields.length; i++) {
var field = fields[i];
if (typeof field.onpaste != "function" && !!field.getAttribute("onpa
field.onpaste = eval("(function () { " + field.getAttribute("onpast
}
if (typeof field.onpaste == "function") {
var oninput = field.oninput;
field.oninput = function () {
if (typeof oninput == "function") {
oninput.apply(this, arguments);
}
if (typeof this.previousValue == "undefined") {
this.previousValue = this.value;
}
var pasted = (Math.abs(this.previousVal
if (pasted && !this.onpaste.apply(this, arguments)) {
this.value = this.previousValue;
}
this.previousValue = this.value;
};
if (field.addEventListener) {
field.addEventListener("in
} else if (field.attachEvent) {
field.attachEvent("oninput
}
}
}
}
})();
vbturbo
sorry , it should say
Hello
Im not sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings
Hello
Im not sure if this link here covers your entire question, but i will at least prevent copy / paste of entire strings
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
vivekpv10:
pls disregard my comment , i just discovered that i am in a wrong thread
vbturbo
pls disregard my comment , i just discovered that i am in a wrong thread
vbturbo
ASP.NET has a very powerful feature called "Form Based Authentication" that makes this trivial to do. I can get a secure form based authentication site running in less than an hour. Are you using it?
ASKER
Its correct..Request.UrlReferr