会话ID共享问题 [英] Session ID Sharing Issue
问题描述
我最近一直在使用在proc会话中使用的asp.net webforms开发一个网站,我注意到会话ID在浏览器标签之间共享。所以我想知道你会在以下情况下做些什么:
问题:在一个浏览器问题中有多个不同用户登录
用户打开浏览器选项卡1,使用user1登录 - 存储在会话中
用户打开浏览器选项卡2,使用user2登录 - 存储在会话中
在此阶段,会话信息现在指向user2,因为会话ID在浏览器选项卡之间共享
用户尝试在选项卡1上执行操作,突然他们有user2信息
如何在标签1中提醒用户用户已更改或如何强制tab1用户注销?
感谢所有让我知道上述问题的替代方案或最佳做法的人
I've recently been developing a website using asp.net webforms that uses in proc sessions and I noticed that session ids are shared amongst browser tabs. So I was wondering what you would do for the following situations:
Problem: Multiple logins with different users in the one browser problem
User opens browser tab 1, logins with "user1" - store in session
User opens browser tab 2, logins with "user2" - store in session
At this stage session information is now pointing to "user2" because of how session id is shared amongst browser tabs
User tries an action on tab 1 and suddenly they have "user2" information
How do you alert the user in tab 1 that the user has changed or how do force tab1 user to logout?
Appreciate anyone letting me know of any alternatives or best practices for the above problem
推荐答案
一种方法是使用cookie会话ID在个人浏览器请求的URL中发送的会话ID较少。因此,允许2个并发用户在不同的选项卡中使用该应用程序。
如果您确定从用户2登录后退出用户1,那么方法是你可以维护用户的映射表和asp.net会话ID。用户2登录时,用户1的会话ID将被用户2的会话ID替换,映射表中的比较将显示用户1必须注销。
One alternative would be using the cookie less session where in the session ID is sent in the URL for individual browser requests. So 2 concurrent users will be allowed to use the application in different tabs.
If you are sure of logging out the user 1 since user 2 has logged in, then one way is that you can maintain a mapping table of users and the asp.net session ID. The moment user 2 logs in, the session ID of user 1 will be replaced with user 2's session ID and a comparison in mapping table will reveal that user 1 must be logged out.
你有要理解会话值存储在服务器代码中而不是存储在浏览器中..
所以所有选项卡都将具有最后更新的会话值...
添加一个条件,如果session不为null,则不允许创建一个新的session实例。
谢谢。
karthik
You have to understand that Session values are stored in the server code not in the browser..
so all the tabs will be having the last updated session values...
add a condition that, if session is not null then dont allow to create a new instance of session.
Thanks.
karthik
这与Switch Account非常相似
This is very much similar to "Switch Account"
这篇关于会话ID共享问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
