2

I have a MVC3 website that uses forms authentication, and I wanted to know if there are any issues that may arise if several or more people are logged in using the same user account?

I have been trying to trouble shoot an error we've been having (it looks like the website server is having issues communicating to the database server,) however I just wanted to rule out the possibility of the issue arising from account sharing.

Thanks

Improve this question

1 Answer 1

Reset to default
2

No, as far as ASP.NET Forms Authentication mechanism is concerned (and I am really talking about Forms Authentication, not ASP.NET Sessions which are 2 completely different things), there are absolutely no issues. Users are tracked with cookies and requests are stateless. Databases also handle concurrency pretty well.

Of course developers could write code that simply doesn't work in this scenario of having multiple users connected with the same account because they did something wrong. For example developers start using ASP.NET Sessions to circumvent the stateless nature of the HTTP protocol. That's where problems might start to arise. For example since ASP.NET Sessions are not thread safe, ASP.NET automatically serializes access to them, meaning that you cannot have concurrent requests from the same session => they are queued and executed sequentially.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Yes, but two different logins with the same username/password will generate two different sessions.
@MystereMan, what session do you mean? ASP.NET Session? Or Forms Authentication Session? Because Forms Authentication Session is absolutely stateless. The forms authentication ticket that is encrypted inside the authentication cookie is decrypted on each request and the User principal is automatically populated by the Forms Authentication module.
I was referring to your second paragraph, where you talk about problems with asp.net sessions. I'm saying, that's not going to be a problem because two different logins from two different computers with the same account will have different asp.net sessions.
Why do you mix logins/accounts and ASP.NET sessions? Those are 2 completely different things. You could perfectly fine use Forms Authentication (what you called logins and accounts) and completely disable ASP.NET Session. On the other hand you could have an application that uses ASP.NET Session and doesn't have any authentication at all - only anonymous users can access it. What I recommend is not to use ASP.NET Sessions and design your applications in a stateless and RESTful manner.
I think we're talking past each other. You can use forms authentication and sessions. Your post seemed to say that two people using the same forms authentication account would share the same session and would cause problems. In fact, I can't understand what your point about sessions was, because two users logging in won't share the same session. You said "Of course developers could write code that simply doesn't work in this scenario of having multiple users connected with the same account because they did something wrong." and then went on about sessions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.