Forum OpenACS Development: Multiple sessions/logins not supported

Collapse
1: Multiple sessions/logins not supported
Posted by Min Chen on 03/01/02 06:43 PM
It seems that OpenACS doesn't support multiple sessions on the same
computer.

One of our developers logged on OpenACS as a normal user (let's say
"bob") to test reseting password and send to bob's email address.
Instead of reseting bob's password, OpenACS resetted "system" user
password because there was a session logged on OpenACS as "system" in
another window.

I guess it has something to do with cookies.  Right?  Is there any way
to enable multiple sessions?

Collapse
2: Response to Multiple sessions/logins not supported (response to 1)
Posted by Jon Griffin on 03/01/02 06:52 PM
Get two browsers and login 2 times.
Collapse
3: Response to Multiple sessions/logins not supported (response to 1)
Posted by Tilmann Singer on 03/01/02 07:07 PM
You can also access the site via different servernames from the same browser. Since the cookies are distinguished by servername you will get a different session by requesting www.yourserver.com and yourserver.com, or the ip-address. Or add different aliases in /etc/hosts on the machine that you are browsing from (don't know how to do that in windows).

Make sure to set the kernel parameter ForceHostP to f (last time I looked force-host didn't work, but maybe it has been fixed in the meantime).

Collapse
4: Response to Multiple sessions/logins not supported (response to 1)
Posted by Min Chen on 03/01/02 09:46 PM
Jon, what do you mean by two browsers? i.e. Internet Explorer and Netscape Navigator at the same time?  Thank you.

Tilmann, thanks for the tip, but most of our users got Windows. :(

Collapse
5: Response to Multiple sessions/logins not supported (response to 1)
Posted by Tilmann Singer on 03/01/02 10:11 PM
Yes, he means e.g. Internet Explorer and Netscape at the same time.

I have just been informed that (most/all?) windows' have a hosts file too - search for hosts beneath system32 and edit it. Instructions on the format are contained within the file.

But even without doing that adressing the server once with it's name and a second time by typing it's ip-address in the same browser's url field should give you two different sessions.

Collapse
6: Response to Multiple sessions/logins not supported (response to 1)
Posted by Tom Jackson on 03/04/02 12:02 PM

This is actually a 'bug' in cookie naming. I just ran into this problem today. One person wishing to access two user accounts on the same domain, or two persons using the same browser accessing the same domain will have problems in cookie naming. The cookie name must take into account the user_id, or some other distinguishing data. Otherwise each user will overwrite the data of the other. This is not an easy problem to solve without careful thought.

Collapse
7: Response to Multiple sessions/logins not supported (response to 1)
Posted by Alex Sokoloff on 03/04/02 04:23 PM
You should be able to run sessions for two different users on the same machine, at least running IE on Windows. Start your browser and log in as user X. Start a second browser, but make sure you run it as a separate instance of IE: launch the IE application again by clicking on its icon. Log in as user Y. The two browser instances don't their share non-persistent cookies, and will in fact be different user sessions in OpenACS. I tested it with a little older version of OACS, and it works.

Note that this doesn't work if you choose File > New > Window in IE - then you'll get another window, but it's the same instance of IE with the same non-persistent cookies. Also, if you check the box to "Remember this login", your login is stored in a persistent cookie, and the different browser instances can interfere with each other (the second instance would overwrite the persistent cookie set by the first, I think).