0

We have an application developed in Asp.Net MVC which uses session and Cookies. Which is declared in Web.config as - 

<sessionState cookieless="true" regenerateExpiredSessionId="true" timeout="20"/>

Observation is, if we login in Chrome it generates a token in URL as 

http://localhost:34343/(S(ypr1jdz2lk5ysiqearcracfj))/Home/Index

If the same url is copied in new Chrome window or in Internet explored, user still logged in and can see the home page.

In this case, we want user to logout and redirect to login page again if he copies the link from one browser to another browser window.

Can you please help with some references on this? Thank You!

Babasaheb
  • 41
  • 1
  • 9

1 Answers1

0

which uses session and Cookies.

You do not use cookies in your apllication because of this setting

cookieless="true"

URL contains sessionID and you can see it (S(ypr1jdz2lk5ysiqearcracfj)). If you send this url via another browser, your server application uses this parameter to find session and identificate user. If you change the settigns to

<sessionState cookieless="false" regenerateExpiredSessionId="true" timeout="20"/>

SessionID will be store in cookies and cannot be shared between different browsers. Of course if you start new window of the same browser, user will be still logged in.

Ivan R.
  • 1,875
  • 1
  • 13
  • 11
  • Hi Ivran, I am facing the same issue. I understand your comments but we have similar architecture/config settings and still want to achive this i.e. on opening of new browser window or new browser then new session should started. Any workaround to implement this? – Oxygen Dec 07 '19 at 14:46
  • It's called a session cookie, also known as an in-memory cookie, transient cookie or non-persistent cookie. https://stackoverflow.com/questions/4500591/how-to-create-a-non-persistent-in-memory-http-cookie-in-c – Ivan R. Dec 12 '19 at 16:26