ASP.NET session id shared amongst browser tabs

Question

I've recently been developing a website using asp.net webforms that uses in proc sessions and I noticed that session ids are shared amongst browser tabs. So I was wondering what you would do for the following situations:

Problem: Multiple logins with different users in the one browser problem

1. User opens browser tab 1, logins with "user1" - store in session
2. User opens browser tab 2, logins with "user2" - store in session
3. At this stage session information is now pointing to "user2" because of how session id is shared amongst browser tabs
4. User tries an action on tab 1 and suddenly they have "user2" information

How do you alert the user in tab 1 that the user has changed or how do force tab1 user to logout?

My initial thought was to keep a list of active users with session id via database or application object, but the problem I face is that in tab 1 what am I going to compare the list against, when I do a request the HttpContext.Current.User would be updated with "user2" how do I know browser tab 1 was initially for "user1"

Appreciate anyone letting me know of any alternatives or best practices for the above problem

Regards DotnetShadow

Answer 1

Why don't you warn when user2 logs in instead? With a message like "You are already logged in as user1, are you sure you want to login again as another user?"