Question

can only sign in one user, and tabs all replicate the same user

0

Hi, I wonder if anyone can help with this session issue. I'm using licence pool manager and have set the concurrent users to a max of 3. Added 6 users to the licence including the licence administrator. The app is under testing (with the client) on Mendix Cloud, and I've just replicated the problem of logging in with more then 3 users, but then realised that actually as soon as I've opened a new tab or window, all the details of the last user logged in where already being displaid, completely bypassing the login page. I'm basically only signing-in one user at a time and all sessions showing that same user if I refresh each one of them? I've replicated this several times? I have, however been able to log another user on another browser (IE instead of FF), but if I open a second window or tab on that browser, the same details of the previous user is displaid also. So, at this moment it looks like I can login as many different users as I have browsers on my system??!??! Help! Luis.

asked 2011-03-21

Luis Rodrigues (hotmail)

3 answers

Michel Weststrate · Answer 1 · 2011-03-21

Hi Luis,

That is true indeed. Sessions are stored using cookies, and cookies are shared among every tab in the same browser as long as the url is the same (if you wonder why: it would be even more annoying if you had to log in again if you opened a new tab of the same app in the same browser!).

So if you want to test two users at the same url you need to different browsers. Note that this holds for almost any web application.

Sjoerd Breur · Answer 2 · 2011-03-21

While I am not entirely sure about the technical details behind it (I suspect others can provide you more details on that), your observation is essentially correct. Basically you can have one session per browser, and if you start a new session in the same browser it will replace the old one. It's not something which is specific to the License Pool Manager, but something which applies in general to Mendix applications.

It indeed meant I ended up having to run Opera, Chrome, Internet Explorer and Firefox at once to test the login functionality when developing the LPM.

Assuming I understood your issue correctly anyways; however since the LPM does not change the way sessions work in Mendix applications but just provides extra checks if the user is authorized to login based on the limitations implemented by the Server/Pool administrator, I assume it's the above issue you are coping with.

Luis Rodrigues (hotmail) · Answer 3 · 2011-03-21

Thanks for the answers. I've mentioned LPM as it has been a bit problematic, so I just wondered if it was another sympton I hadn't seen yet. The browser beahviour mentioned bt Sjoerd is spot on what I am verifying here. I understand what Michel is saying about sharing the cookies and not having to login again, but from a security point of view I would expect that if I open a new tab on a secured area I would be asked to enter some security details. I'll try a multi browser test. Thanks for replies. LR.