tags:

views:

313

answers:

3
+4  Q: 

How to prevent multiple browser windows from sharing the same session in asp.net.

I have ASP.net application that is basically a data entry screen for a physical inspection process. The users want to be able to have multiple browser windows open and enter data from multiple inspections concurrently. At first I was using cookie based sessions, and obviously this blew up.

I switched to using cookie-less sessions, which stores the session in the URL and in testing this seemed to resolve the problem. Each browser window/tab had a different session ID, and data entered in one did not clobber data entered in the other.

However my users are more efficient at breaking things than I expected and it seems that they're still managing to get the same session between browsers sometimes. I think that they're copying/pasting the address from one tab to the other in order to open the application, but I haven't been able to verify this yet (they're at another location so I can't easily ask them).

Other than telling them don't copy and paste, or convince them to only enter one at a time, how can I prevent this situation from occurring?

+1  A: 

Think of using ViewState instead of Session, since ViewState renders state information to the client (HTML page). I'm not sure if you'll ever be able to gain detailed control over the browser's session behavior, because the session ID is maintained by the browser the way the manufactured did it. So ViewState does what you want more reliably (formerly: is more secure), also to keep it working on further versions of browsers.

Cheers Matthias

Mudu  2010-03-25 16:56:02
Just to clarify, by 'secure', I'm guessing you don't mean from an hacker attack perspective.
keyboardP  2010-03-25 16:58:55
No, not at all, you're right. I edited the post.
Mudu  2010-03-26 07:00:26
A: 

Must the users be logged in with different accounts to access different physical inspections? It seems to me that as long as the PhysicalInspectionID is part of the URL, then there should be no problem in editing multiple physical inspections at the same time.

E.g.,

http://inspections.mydomain.com/edit/23

Of course, if they copy the URL, they will get a duplicate of the other window, but this will teach them not to do that. Instead, they open another window and browse to the proper inspection (or add a new one) via the UI.

RedFilter  2010-03-25 16:59:49
A: 

Create a new sessionId when the request has no referer. That solves the copy-paste url problem. Store the sessionId in the url like you did.

Mika Kolari  2010-03-26 07:18:55

related questions

Make Browser Window Blink in Task Bar
Large File Download
Browser's Default CSS
Disable browser 'Save Password' functionality
What's the simplest way to decremement a date in Javascript by 1 day?
Browser scrollbar
Limitations of screen readers.
Version detection with Silverlight
Best way to fix CSS/JS drop-down problem in IE7 when page includes Google Map
Recommendations for browser add-on tools to help with development
Hyperlinks displaced on IE7
Building Standalone Applications in JavaScript
HTML differences between browsers
Browser Sync accross many machines
Getting selected text in a browser, cross-platform.
How to get PNG transparency working in browsers that don't natively support it?
Best WYSIWYG CSS editor?
Javascript events
Preferred way to use favicons?
IE6: To support or not to support.
Getting the text from a drop-down box
Other browsers
Drag and Drop to a hosted Browser control
How can I tell if a web client is blocking ads?
How can I determine a web user's time zone?