Authentication of two users into 1 browser session at the same time.

Authentication of two users into 1 browser session at the same time.

I have a requirement for a system I am building that the authentication be made for two users on 1 session at a time. The use case would be two partners signing a mortgage. So, partner1 logs into the session with a login and a password and then there is a section to add another user, partner2, who logs in and then the authentication is now good for two signers of that mortgage. The prerequisite is that both have already created profiles on the system such that they have logins and passwords.

My question:
1. Does anyone know of a system or application that does this?

2. Any tips on how to handle this?

Platform is django and angular1.

Thank you.
Who is Participating?
You got confused between authentication which is done by the client (browser with session cookie) and authorization to application objects/processes etc.

Each person logging into your system has an internal representation somewhere in your database(s), and that internal user has access to internal application resources. So both user_1 and user_2 should be able to access the contract independently and from different sessions, and your code should be able to track their access and actions, including signatures.
David Johnson, CD, MVPOwnerCommented:
AFAIK this is not possible. the cookies would overwrite and user sessions are mutually exclusive
Steve BinkCommented:
While I'm sure you could create something like this, the better question is if it is a good idea.

As David Johnson's answer noted, authentication is generally done by saving a cookie.  On the server side, that cookie is associated with a particular user account after authentication is complete.  The server now "knows" that user1 is on session1.  In traditional systems, the authentication of another user will simply re-associated or overwrite the cookie.  In other words, the server will "forget" that user1 is on session1, and "know" that user2 is on session1.  

Coding a system to allow multiple users could be pretty simple - just allow for the server to associate more than one user to a session.  The one-user limitation is a structural/design decision in the application...changing the design is certainly possible.  But look at some of the natural consequences of this.

Assume two users have authenticated, then another action is taken.  Who took the action?  Can your app say, with any certainty, that user1 or user2 clicked a particular button?  You would end up needing to RE-authenticate every individual action to know which user was responsible.  Even worse, what happens if one user walks away?  How do you handle de-authentication?  Even on a non-purposeful level, how do you prevent mistaken clicking from user1 onto user2's material?

I think the closest you could (should?) get to a system like this is one in which the users are authenticated and work in their sessions consecutively.  User1 logs in, does all the work they need to, then logs out.  User2 logs in, etc., etc.  Absent some rather advanced technology to recognize and identify users touching the inputs, this is as much as you could hope for.
alexmac05Author Commented:
Thanks everyone!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.