views:

32

answers:

1

I have an application written in MVC that uses your regular .Net Forms Authentication. There's nothing particularly new or exciting going on with it.

My client has now asked that users be able to log in to the app on the same machine but in different browsers, or different tabs within the same browser. To my mind, he's asking for a scope change to have authentication moved to cookieless instead of its current design.

Not having had any experience with doing this in MVC, I'm curious to know before I get started how much hurt I'm in for by trying this. Are there better ways to do it? What should I consider?

Any advice appreciated.

+2  A: 

in different browsers

This should be easy because different browsers do not share cookies.

or different tabs within the same browser

That's a little bit more difficult, because the same cookies are used browser-wide, so there is no difference between the tabs.

You can try adding some authentication token to all links like:

http://site.com/home?token=afdaewdf4393cffjedcifa
http://site.com/account?token=afdaewdf4393cffjedcifa

and so on.

It's relatively easy to have the same parameter in all MVC-generated links, because the same parameter is automatically copied into other links as the user navigates between views (MVC by design).

Developer Art
Is that just a simple matter of changing the authentication mode's forms key setting to "cookieless" instead of "forms"?
Phil.Wheeler
@Phil.Wheeler: I don't believe it would be so easy but not excluded. Why don't you try it out and report here whether this worked?
Developer Art
@Developer Art: Looks like just setting the Web.Config works fine for basic use, but things like Ajax and Forms Authentication become a little more complex. I'll have to do some more investigation.
Phil.Wheeler
@Phil.Wheeler: Good to know, thank you.
Developer Art