如果登录到另一个浏览器，如何使一个用户的会话失效 [英] How to expire a session of one user if he logged in to another browser

问题描述

我有一个网站，用户可以登录任何浏览器（主要是IE11和Firefox）访问这个网站。



如果用户首先登录到IE11然后登录到Firefox，然后回到IE11并想要做任何动作，那么用户应该从IE11浏览器重定向到登录页面。基本上用户旧会话应该过期，并且应该始终在最近的会话上。如何在ASP.Net中实现这一点。请建议

解决方案

首先，会话。两个浏览器的会话不相关，并单独支持。不，您无法在浏览器中检测到某些会话是在另一个浏览器中启动的：通常，浏览器不知道任何有关不同浏览器及其连接的信息。试想一下：如果其他一些用户连接并加载了一些页面，该怎么办？有什么区别？



但是，身份验证显然与会话不同，但通常取决于会话。您可以在数据库中保留身份验证状态。是的，当会话结束时，您应该结束用户的身份验证状态，但您有兴趣处理不同的情况：使用不同浏览器连接的同一用户。正如我刚试图解释的那样，它与其他用户连接时的情况没有什么不同。当第二用户尝试使用相同的凭据进行身份验证时，会发生什么变化。由于您的持久身份验证状态显示已经过身份验证的情况，您可以阻止冗余身份验证并拒绝访问。由于这种情况是100％确定且可靠地检测到，这将真正给你合理的行为，与你的使会议到期的想法相反。

-SA

Hi,

I have a website where user can login to any browser(Mostly IE11 & Firefox) to access this website.

if user logged in to IE11 first and then logged into Firefox, and come backto IE11 and want to do any action then user should be redirect to Login page from IE11 browser. Basically users old session should be expired and should be on latest session always. How to achieve that in ASP.Net. Please suggest

解决方案

First, the sessions. The sessions for two browsers are unrelated and are supported separately. No, you cannot detect in browser that some session is started in another browser: generally, a browser "does not know" anything about a different browser and its connection. Just think about it: what if some other user connected and loaded some page; what's the difference?

But authentication, obviously, is not the same as the session, but it normally depends on sessions. You can persist the authentication status in, say, your database. Yes, when the session is ended, you should end the authenticated state for the user, but you are interested in handling of the different situation: the same user connected using a different browser. As I just tried to explain, it is no different from the situation when some other user has connected. What makes the difference is event when this "second" user tries to authenticate with the same credentials. As you have your persistent authentication state showing the "already authenticated" situation, you can prevent "redundant" authentication and deny the access. As this situation is 100% certain and reliably detected, this will really give you reasonable behavior, in contrast to your idea to "expire the session".

—SA

这篇关于如果登录到另一个浏览器，如何使一个用户的会话失效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！