Different multiple logins in the same browser at same time not working in MVC

Question

I'm using MVC 5 , when i Publish MVC Application on IIS then login with two different username like first is "A" and other is "B".When I login Successful then login with B at same browser login successful
But the Problem is when i refresh A then username B has login so we can not login one browser with different name, i want to create different user can login at same browser and same PC How can i do this .

Controller


[HttpGet]
            public ActionResult Login()
            {
                return View();
            }

            [HttpPost]
            public ActionResult Login(LeadUsers log, string returnUrl)
            {
                if (ModelState.IsValid)
                {
                    System.Data.DataTable mDT_User = log.loginUser(log.Username, log.Password);



                    if (mDT_User.Rows.Count > 0)
                    {
                        FormsAuthentication.SetAuthCookie(log.Username, true);

                        Session["AgentID"] = int.Parse(mDT_User.Rows[0][0].ToString());
                        Session["AgentName"] = mDT_User.Rows[0][1].ToString().Trim();
                        Session["User_Type"] = mDT_User.Rows[0][2].ToString().Trim();



                        clsCommon._AgentID = int.Parse(mDT_User.Rows[0][0].ToString());
                        clsCommon._AgentName = mDT_User.Rows[0][1].ToString().Trim();
                        clsCommon._UserType = mDT_User.Rows[0][2].ToString().Trim();
                        clsCommon._GroupID = int.Parse(mDT_User.Rows[0][3].ToString());

                        // User Role


                        using (SqlConnection con = new SqlConnection(constring))
                        {
                            con.Open();
                            using (SqlCommand cmd = new SqlCommand("select A.Screen_Id, S.Screen_Name, Allow_Access, Access_Level from BriskSecurity.dbo.Module_Screens_Access A " +
                                                                   "inner join BriskSecurity.dbo.Module_Screens S on S.Mod_id=A.Mod_Id and S.Screen_Id=A.Screen_Id " +
                                                                   "where A.Mod_Id=14 and A.Group_Id=" + clsCommon._GroupID + "", con))
                            {
                                clsCommon._DT_Access = new DataTable();
                                SqlDataAdapter da = new SqlDataAdapter(cmd);
                                da.Fill(clsCommon._DT_Access);
                            }
                        }



                        return RedirectToAction("Index", "Dashboard"); // return index.chtml if user is valid.
                    }

                    else
                    {
                        TempData["Message"] = "Invalid Username OR Password"; // return the same view with message "Invalid username and password"
                        return RedirectToAction("Login");
                    }
                }
                else
                {
                    return RedirectToAction("Login"); // return the same view with Validation Error.
                }

            }

Login Function

public DataTable loginUser(string username, string password)
        {
            string constring = ConfigurationManager.ConnectionStrings["Real"].ConnectionString;
            using (SqlConnection con = new SqlConnection(constring))
            {
                password = Cryptographer.Encrypt(password);

                con.Open();
                using (SqlCommand cmd = new SqlCommand("select User_Id, User_Name,User_Type, Group_Id from BriskSecurity.dbo.Users where User_Login='" + username + "' and User_password='" + password + "' ", con))
                {
                    DataTable mDT_User = new DataTable();
                    SqlDataAdapter da = new SqlDataAdapter(cmd);
                    da.Fill(mDT_User);

                    return mDT_User;
                }
            }
        }

Usually logins are saved via cookies in a browser. Cookies are set per domain and there is no way around it. Browser windows are all treated equally in terms of cookies. If you login with A, cookies are set for A, if after you login with B, cookies are overwritted for B. So how do you see this ever working? — trailmax, Aug 16 '18 at 10:29
Also how would server know what user have refreshed the page if both of them logged in? — trailmax, Aug 16 '18 at 10:30
First of all, you have SQL Injection vulnerability in your code. Read this to fix: https://www.acunetix.com/websitesecurity/sql-injection/ — trailmax, Aug 16 '18 at 10:35
After that you store passwords in plain text. That is a big no-no. Read this https://stackoverflow.com/questions/1197417/why-are-plain-text-passwords-bad-and-how-do-i-convince-my-boss-that-his-treasur — trailmax, Aug 16 '18 at 10:35
And there is no solution for your problem. This is how browsers work. You can only login with one user in the same browser. — trailmax, Aug 16 '18 at 10:36
oh-my-fire... SQL injection on login screen... what else can go wrong? — trailmax, Aug 16 '18 at 10:37
and thanks other Problem understand i will resolved. only problem Multiple login . — journal trend, Aug 16 '18 at 10:38
Why do you want to login with two different users at the same time, on the same browser? Are you trying to test the system? — 3dd, Aug 16 '18 at 12:30
so how to load dashboard when user already login like Facebook when user already login then go to dashboard i want to do .How can i do that? — journal trend, Aug 16 '18 at 15:21

score 1 · Answer 1 · answered Aug 16 '18 at 12:27

1

It is possible though to login with two different users. The first one is a regular login session. For the second user, open a Private Window (Firefox) or Incognito Window (Chrome) and login using the credentials of the second user, which operates in an isolated context. If you want more than two concurrent logins, you have to use a second browser. So for instance when using Chrome and Firefox you can have a total of four concurrent user sessions.

answered Aug 16 '18 at 12:27

Bouke

1,531
1
12
21

What surprised me however is that user sessions in a Private Window are not isolated from other sessions in the Private Window. There only seems to be a security fence between a regular Window and a Private Window, which does not make sense to me. – Bouke Aug 16 '18 at 12:32
ok i understand so i want to do when user already login then go to dashboard like Facebook . How can i do this ? – journal trend Aug 16 '18 at 15:28
Which dashboard do you mean? – Bouke Aug 16 '18 at 15:32
i am talking about Home page means my index page . – journal trend Aug 17 '18 at 07:59
To start a private session in Chrome: Ctrl+Shift+N. To start a private session in Firefox: Ctrl+Shift+P – Bouke Aug 17 '18 at 11:26

score 1 · Answer 2 · answered Jun 05 '19 at 16:10

1

Change in the Web.Config file. In the forms authentication forms cookieless ="UseUri"

answered Jun 05 '19 at 16:10

Shiv Ratan Kumar

17
2

Different multiple logins in the same browser at same time not working in MVC

2 Answers2