2

I've developed an app in laravel and sentry2 as ACL. Login occurs through SAML.

Whenever a user logs in from SAML is redirected to my app where I check server variables, and if credentials are correct I let him pass to the site with sentry.

My issue occurs when I try to log in with the same account in two different browsers. Looks like when I log in in the second browser the existing session in the other browser gets overrided.

I've found out this looking into sessions table: http://pastebin.com/6iEnRkEs

Any ideas? Will appreciate your help on this very much.

Thanks a lot! Pablo

EDIT: The idea would be that the app work like gmail/fb that allows the user to be logged in both browsers at the same time.

Gustavo Straube
  • 3,744
  • 6
  • 39
  • 62
Pablo Rebolini
  • 33
  • 5

1 Answers1

1

It's correct the way it is.

Different browsers different sessions. This is a security feature/matter every single app should enforce.

If you log in a different browser how could Laravel tell if it's not a different person login in from a different computer in the same network? Log someone off in this case it's also the correct thing to do, because if some kind of exploit is happening, user will see something is wrong and, maybe, change his/her password.

Some (ie: banking) also do: different browser tabs, different sessions, but this is not the Laravel case.

Antonio Carlos Ribeiro
  • 86,191
  • 22
  • 213
  • 204