+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Multiple opened browser sharing session?

Multiple opened browser sharing session?

3 posts, 0 answered
  1. Sergio
    Sergio avatar
    2 posts
    Registered:
    27 Sep 2010
    27 Sep 2010
    Link to this post
    Hello all,

    we are using Sitefinity CE 3.7 to develop an application portal.
    During some unit testings, we've found that sessions are shared on multiple opened sitefinity's website on one or several browser. For example: on FF 3.6, user opens a tab and accesses te Sitefinity's admin website, logs in and goes to the dashboard (lets call this Session A). The same user , on the same browser instance, opens a new tab (not CTRL+T from the previous tab, but by clicking on the "open new tab" toolbar's button), let's call this Session B.
    Tipically this should open a new Sitefinity's session and ask for login, keeping the 1st opened tab (the original) active and with Session A logged in.

    Question is: after a few clicks on Session B, the user realizes that the logged in session is instead of the logged in user on Session A, meaning that it seams that the same session is shared on the various instances of the browser's tab. This also happens if the user opens a new instance of the whole browser (clicking on the FF shortcut icon, not opening a new browser from the FF's File menu).

    I know that, when opening a tab or a new browser from an original tab or browser, that the "child" tab/browser will inherit the "opener" tab/browser's sessions. BUT this is not the case, as the user open a newly instance of the browser.
    This also happens with IE6+ (of course, the user can open both FF and IE that the sessions are now inherited/shared...)

    Anyone confirms this? Might this be a Sitefinity's feature? IIS mis-configuration? Browser specs? or ... a bug?

    Thanks in advance,

    SCC
  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    27 Sep 2010
    Link to this post
    Hi Sergio,

    Thank you for using our services.

    By default we are not using session state to keep track of the logged in users. We are using Forms Authentication and we save the authentication information in a browser cookie. So when a user requests to login we validate the user credentials and set an authentication cookie for the browser holding the authentication ticket. When the user logs out, or the cookie expires (you can set time out in web.config) authentication cookie is invalidated. Since cookies are valid for the browser you will be authenticated in all instances of the browser until the cookie is invalidated.

    All the best,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Sergio
    Sergio avatar
    2 posts
    Registered:
    27 Sep 2010
    27 Sep 2010
    Link to this post
    Hi Radoslav,

    thanks for the answer.
    I did suspected that was the case, but needed a technical answer/confirmation.

    Thanks once again.

    SCC
Register for webinar
3 posts, 0 answered