General discussion

Locked

HTML Forms Authentication

By nelyduranj ·
Hi, I am having a problem with my users being able to login to their "Blackboard" account on a college site. If one of my users logs in succesfully and another one wants to login at the same time, that second user is automatically logged in as the first user. They both have Active directory user accounts, and their personal password. We have a proxy server, that is ISA and IIS server as well. What could be causing this problem?

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Suramya In reply to HTML Forms Authentication

Most probably whats happening is that your "Blackboard" application is using Sessions and is somehow using the same session ID for all users accessing the site.

So when the first user logs in the session is set to logged in and when the second user visits, the system checks the session to see if the user is logged in and since the Session ID is not unique the system thinks that a user is already logged in and lets them access the resources as user1.

To fix this problem you should have the application generate a unique session ID and store it on the local machine as a cookie. If the cookie doesn't exist a new one should be created and stored.

Hope this made sense. If you need more details on this let me know.

- Suramya

PS: Is this application an inhouse creation or something you bought?

Back to Security Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums