Question

Restrict user to one session only

2

Is it possible to restrict the user to only have one session open. What currently happens is that the users sometimes end up having the application run in two tabs or windows. This happens especially due to using the deeplink module which opens the application in a new window/tab.

asked 2011-04-04

Karol

2 answers

2

Not really an answer, but AFAIK multiple tabs in the same browser share their session.

answered 2011-04-04

Michel Weststrate

Achiel · Accepted Answer · 2011-04-05

Some more background info on this:

When logging in to a mendix application (let's say at http://localhost), the mendix runtime creates a session and sends back a sessionid cookie. This cookie is subsequently sent with each request, which enables you to remain logged in.

When you open a new tab and open http://localhost again, the browser will send the same cookie, because it's the same server. This results in both tabs sharing the same session.

Off of the top of my head you can work around this in three ways:

Use multiple browsers (ie firefox and internet explorer). Each browser will have it's own session.
Use different hostnames for each tab. If you open http://localhost:8080 in one tab and http://127.0.0.1:8080 on the other, the browser thinks they're different hosts, and won't share the session.
Use private mode in your browser. This mode won't share the cookies from your non-private browser window, so you can login and create a new session there.

All that being said, the mendix runtime only allows one session per user at a time. BUT that simply means that only one cookie is valid per user at a time. With the cookie/session sharing described above, it becomes clear that opening two tabs on localhost won't create new sessions, it's still the same one.

If you login to the same app with the same user in a different browser, your old session will be logged out.