Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Using Modules a...Using Modules a...Preventing sessions in multiple browser tabsPreventing sessions in multiple browser tabs
Previous
 
Next
New Post
4/14/2011 12:51 PM
 
Chad Hensley

Joined: 7/30/2004
Posts: 71
We are having problems with users opening multiple browser tabs.  The main issue is when they run a search in one browser tab and select a record, then go to the other browser and do the same thing with another record, the first tab is now using the second tab's session.  

This is a data integrity nightmare as the database is getting incorrect data for the "right" records.

We need to prevent users from logging in on multiple tabs.

I have researched this and it doesn't look like DNN supports cookieless sessions (cookieless=UseUri), which is ASP.Net's way of getting around this issue.   

What other options do we have with DNN?   We use nCache as our session provider in a 2 server web farm.
 
New Post
4/14/2011 9:45 PM
 
Wes Tatters


Wes Tatters's Avatar

Joined: 4/30/2004
Posts: 2155
Firstly, cookieless sessions are a potential security risk, since it makes it does make is potentially easy for session ids to be stolen.

But having said that - the only way for an application to support cookieless sessions correctly is for the application to be designed from the ground up with that methodology in mind - one of the main reasons for doing this is the use of absolute paths.

For cookieless sessions to work every url on your site that contains a link needs to have the current session cookie id embedded into it.

So instead of:

 <a href="/home.aspx">Go to Home Page</a>  

each link has to look like:

 <a href="/(12345678910)/home/aspx">Go to Home Page</a> where (12345678910) is the current session id.

Any link that does NOT have the session id in it will force the start of a new session
 - now since for example dnnmenu generates a huge number of url's on the fly it would need to be including the session id in every one as it went.

The same would go for every link generated/selected or entered into every module on the site.

Now having said all this - are there any ways to deal with this.

There are a couple of possible solutions that I could think of: 

1. A skin object or some such that iterates thru the asp.net object collected just before the session state is created and attempts to update every URL.
this would be process intensive requiring a walk of the full page tree and a good understanding of the types of places where the url's are stored.
and the could still be some potential issues

2. an outbound httphandler that intercepts the rendered html stream and injects the session element into each url
 - this may however cause problems with viewstate

3. a javascript client side function that iterates thru the html markup when it gets to the browser and injects the session element into each url
- could have some performance issue due to the large number of urls the dnnmenu creates.

Of the solutions above - item 3. would be a way to get the urls sorted since once the page is in the browser = but if there were any urls being dynamically generated in jquery or javascript routines this could potentially cause a new set of issues.

And finally for all of these - have no idea what sort of havoc all this would have on the dnn friendly rewriter.


As for how to stop a user opening 2 tabs - sorry you are out of luck there.
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Using Modules a...Using Modules a...Preventing sessions in multiple browser tabsPreventing sessions in multiple browser tabs


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out