Authentication of two users into 1 browser session at the same time.

Authentication of two users into 1 browser session at the same time.

I have a requirement for a system I am building that the authentication be made for two users on 1 session at a time. The use case would be two partners signing a mortgage. So, partner1 logs into the session with a login and a password and then there is a section to add another user, partner2, who logs in and then the authentication is now good for two signers of that mortgage. The prerequisite is that both have already created profiles on the system such that they have logins and passwords.

My question:
1. Does anyone know of a system or application that does this?

2. Any tips on how to handle this?

Platform is django and angular1.

Thank you.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
AFAIK this is not possible. the cookies would overwrite and user sessions are mutually exclusive
Steve BinkCommented:
While I'm sure you could create something like this, the better question is if it is a good idea.

As David Johnson's answer noted, authentication is generally done by saving a cookie.  On the server side, that cookie is associated with a particular user account after authentication is complete.  The server now "knows" that user1 is on session1.  In traditional systems, the authentication of another user will simply re-associated or overwrite the cookie.  In other words, the server will "forget" that user1 is on session1, and "know" that user2 is on session1.  

Coding a system to allow multiple users could be pretty simple - just allow for the server to associate more than one user to a session.  The one-user limitation is a structural/design decision in the application...changing the design is certainly possible.  But look at some of the natural consequences of this.

Assume two users have authenticated, then another action is taken.  Who took the action?  Can your app say, with any certainty, that user1 or user2 clicked a particular button?  You would end up needing to RE-authenticate every individual action to know which user was responsible.  Even worse, what happens if one user walks away?  How do you handle de-authentication?  Even on a non-purposeful level, how do you prevent mistaken clicking from user1 onto user2's material?

I think the closest you could (should?) get to a system like this is one in which the users are authenticated and work in their sessions consecutively.  User1 logs in, does all the work they need to, then logs out.  User2 logs in, etc., etc.  Absent some rather advanced technology to recognize and identify users touching the inputs, this is as much as you could hope for.
Shalom CarmelCTOCommented:
You got confused between authentication which is done by the client (browser with session cookie) and authorization to application objects/processes etc.

Each person logging into your system has an internal representation somewhere in your database(s), and that internal user has access to internal application resources. So both user_1 and user_2 should be able to access the contract independently and from different sessions, and your code should be able to track their access and actions, including signatures.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
alexmac05Author Commented:
Thanks everyone!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.