Question
I have an asp.net website that can be logged in from two different websites. Upon logging in, the website will make a call to database and create an session variable to determine which data to load something like Account_ID. The session variable will be used throughout the website to determine which data to show to the user.
The problem starts when a user logins with two different accounts at the same time on same browser using two tabs. My understanding is the session variables might be messed up and the website shows wrong data (i.e. The first tab show second user's data after second user logged in).
The user shouldn't do that but I have no way to prevent the user from doing this at the moment. So how do I prevent this? The website is running on ASP.Net 4 and has custom login procedures but uses form authentication.
Solution
You need to hide the Login links and form while the user is authenticated. This way the user will not be able to login for the second time without first logging out.
You should not prevent two people logging in from the same machine because in real world you might not be able to detect it is the same machine (for example, if two people are behind the same router).
https://stackoverflow.com/questions/16792123
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian