I am facing a very strange issue regarding the cookie value of the browser.
I am using IE8 and I want to manage session in such a way that when any new user tries to connect my application, the previous instance should get closed automatically.
For this I am setting cookie every time for each user’s login attempt and incrementing.
Now this scenario working perfectly in IE6 but in IE8 I am facing the issue:
when user first time log in, cookie value is set for ex 1. Now I am opening another IE8 window and login again with cookie value 2.Now when I go to previous instance, the cookie value is also changed to 2(which should be 1 as set).
So Multiple instances are running of the application which should not happen.
Also when I logout from 1 instance, another is automatically logged out.
I need only one instance at a time in any case.
(This scenario is working perfectly in different browser i.e FFs and IEs i.e opening 1st instance in IE/FF and second in FF/IE).
The reason is that both instance of IE are writing cookies into the same location (cookies are just files on the hard drive). While it may seem like two different clients for your web app, from the front end, when you log in from the second window, the cookie is saved overwriting the previous cookie. Now the first instance just sees the new cookie and sends it happily to the server. The same would happen if you just go and manually edit the cookie file. This is not a bug – this is how cookies are supposed to work. Note that your intended behaviour would show if you use different computers.
To prevent multiple simultaneous sessions from the same computer and same app, you can use a different technique. For example, on client login, hash the login timestamp and save this hash against the user account. Then send this hash to each page and have the browser send this hash back to you when a new page is requested. On the server, compare the hash received from the client with the hash stored against the user account. If they do not match, then you log out the app in this window, since obviously another login has been done in another window. This will work with multiple tabs/windows of the same app and also across different windows/computers. I have used this technique in the past. Naturally, it’s not completely foolproof (nothing is), but it worked in all the cases I needed.