How can I prevent all Firefox browser instances from using the same authentication cookie?
https://stackoverflow.com/questions/815930
-
03-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I implemented Forms authentication by creating Default.aspx and custom login page named login.aspx. If unauthenticated users brows to Default.aspx, they are redirected to login.aspx, and only if match is found for the supplied credentials, is user redirected to default.aspx.
But when using Firefox, it appears all browser instances use the same authentication cookie instance, and thus if user in browser B1 logs in as user U1, then all browser instances visiting that web application will be logged in as user U1. So if for example browser instance B1 requests Default.aspx for the first time, it will immediately be granted access.
If, after I logged in as user U1, I surf to
login.aspxand log in using different username (say user U2), then on postbacks all browser(previously logged in as user U1) will now be logged in as user U2.
How can I prevent this sort of behavior so that each browser instance would receive its own authentication cookie?
Solution
Each browser instance will have its own set of cookies. And history. And bookmarks. Because each running instance will need to be attached to its own profile.
Any given instance can have multiple tabs and windows open however. And those will share cookies. If that doesn't work for you, then don't use cookies...
If you just want this to make testing easier, why not set up a separate testing profile and launch a separate instance of Firefox attached to that?
OTHER TIPS
A quick experiment showed me what Shog9 is implying. Start Firefox. Then start another "instance" of Firefox. Then look in Task Manager, and you'll see that you only have a single firefox.exe process running.
I presume he means that you have never actually seen two instances of Firefox. You've only seen the same instance running two windows. Naturally, those share the same cookies.
I presume this implies that in order to actually have separate instances, they'll have to run under separate logins or perhaps user profiles, and they will have separate sets of cookies.
EDIT: some resources on profiles in FireFox:
I second that your question is vaguely worded. Firefox allows you to have an arbitrary number of cookie sets. Each set must be part of a Firefox profile. Each profile can have an arbitrary number of windows and processes open (note, to avoid joining an existing process you must use no-remote).
I think you have been using multiple windows with the same profile, which are expected to share a cookie set.
