ASP.net c# Avoid open the same window twice

Question

I'm developing a web application. I have a small problem with sessions when a user open the same window in the same session.

For example: Now, the user open the page user and he select a user I store this object in session (Session["user"] = user), if he open the same window in another tab browser and he select other user I override the session value (Session"["user"] = user).....

I'm thinking solutions:

Avoid that the user can open the same window in the same PC
Create unique id for each page opened by the user

What do you think? Wich is the better solution?

Thanks for your help and best regards,

You can't read out [this](http://stackoverflow.com/questions/368653/how-to-differ-sessions-in-browser-tabs) — Emmanuel N, Apr 26 '12 at 15:23
Why do you care? If the user opens up two tabs to use your application and the second tab replaces a session variable used by the first, so what? I wouldn't try and avoid this, it seems like a reasonable use of a web app. — Jamie Dixon, Apr 26 '12 at 15:18
I know! but the user update the data from the first tab and the value of the session is of the second! — user1016800, Apr 26 '12 at 15:20
@EmmanuelN I kind of agree except the first question was "What do you think?". I've answered that question. I think I've also implicitly answered the second question: "Which is the better solution?" and to me, neither of those solutions are good or any better than the other. — Jamie Dixon, Apr 26 '12 at 15:27

score 0 · Answer 1 · answered Apr 26 '12 at 15:32

I don't think you can prevent a user from opening the same page in two different tabs or browsers. So, if you need do make sure each window is a distinct "session" in your application, you'll need some kind of unique ID, perhaps stored in a hidden HTML input.

Symeon Breen · Answer 2 · 2012-04-30T15:16:18.660

0

In this instance you have to use cookieless sessions - in web.config in system.web

<sessionState mode="InProc" timeout="20" cookieless="UseUri" />

what this does is insert a session id into the url so you get something like, www.host.com/(abc15284dndhjkdm)/app.aspx. thisis then unique per tab and so the user can have uniqie session per tab.

Edit: - here is the code for the aspx pages i show at web3.adprs.net/test/test1.aspx i mention below

Test1.aspx

<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="test1.aspx.vb" Inherits="WebApplication4.test1" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server">
    <title></title> </head>
     <body>
        <form id="form1" runat="server">
        <div>
        Enter User <asp:TextBox ID="user" runat="server"></asp:TextBox>
        <asp:Button ID="go" runat="server" Text="Go" />
        </div>
        </form>
    </body></html>

Test1.aspx.vb

Public Class test1
    Inherits System.Web.UI.Page

    Private Sub go_Click(sender As Object, e As System.EventArgs) Handles go.Click
        Session("user") = user.Text
        Response.Redirect("test2.aspx")
    End Sub
End Class

Test2.aspx

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    Your user from session is <%=Session("user").ToString%>
    </div>
    </form>
</body>
</html>

web.config

<?xml version="1.0"?>
<configuration>
  <system.web>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
    <sessionState mode="InProc" timeout="20" cookieless="UseUri" />
  </system.web>
  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

HTH

edited Apr 30 '12 at 15:16

answered Apr 26 '12 at 15:48

Symeon Breen

1,531
11
25

Thanks for your response. I just checked it but allways put the same id in the url. – user1016800 Apr 26 '12 at 16:30
Did you make the web.config change - this is standard asp.net functionality i have many sites that are set up with thousands of users many of whom will log in on seperate tabs and it works ok. If you open a new tab to www.site.com/main.aspx, it will see you dont have a session token in the url and send a redirect to www.site.com/{uniqueid}/main.aspx. Maybe you are copying and pasting the full url into the new tab, you should only go to the url without the token. – Symeon Breen Apr 26 '12 at 18:32
Yes I did but when I open the same page with the same session de uniqueid is the same.... – user1016800 Apr 27 '12 at 06:30
sorry - i dont understand - what page url did you open originally and what do you open in the second tab ? As i said this is the standard asp.net methodology as produced by microsoft for handling this common situation, so it would normally work ok. – Symeon Breen Apr 27 '12 at 07:25
1

I explain my steps, I enter to my app, I login with my user and password, in the url i can view a unique id, then i go to users page, then I open a new tab, enter to my app, go to user (I'm logged already). I check the ID's of the tabs and both are the same! – user1016800 Apr 27 '12 at 11:20
Are you using basic authentication, or asp.net membership , or something else to login ? – Symeon Breen Apr 27 '12 at 13:11
My own authentication, I read login and password and I check with a database. – user1016800 Apr 27 '12 at 13:33
Hi Ok - i have done a little example site - go to web3.adprs.net/test/test1.aspx and type in a name, and press go, then open another tab to web3.adprs.net/test/test1.aspx and type in another name and press go, visit the first tab and press f5, it should remain the same as you entered for that session - the session is keyed to the unique id in the url. As I said this is standard asp.net functionality for this very circumstance. If it is not working for you there must be a very specific circumstance, and it would help me to understand what this is. HTH :) – Symeon Breen Apr 30 '12 at 08:38
Thanks! I don't know why in my project doesn't work. I'm going to try again. – user1016800 Apr 30 '12 at 13:47

score 0 · Answer 3 · edited May 23 '17 at 12:17

Thanks all for your responses.

I read the post How to differ sessions in browser-tabs? and I found severals solutions to generate unique id per tab.

The solutions are:

https://sites.google.com/site/sarittechworld/track-client-windows
https://github.com/chrisdew/subsession
Implement my own unique id per page

I'm going to review them and I tell you the result.

If somebody knows another solution, allways is wellcome!

Best regards,

ASP.net c# Avoid open the same window twice

3 Answers3

Linked