[RESOLVED] Same application, different login

[MMock]

This question is related to a previous thread of mine but that one's rather long so I will summarize it here and ask a quick question.

The user of my application doesn't seem to understand how browsers work. He wants to log in to our application using the admin login, and log in to our application in a second IE tab using the billing login, and perhaps log in to our application in a third IE tab using the customer service login. Each of these users is served different renditions of the same page. He doesn't understand that because the application uses session cookies, the most recent login is what he will be logged in as in all three tabs.

Does anyone know of a link that explains this well? He's technical and has a programming background but none of it is .net or even ASP. And he asked me to do this:

Please document why you can not work on this problem – so that it may be logged.

even though it was all explained to him before (he tried to report it as a bug again today...short memory!)

Thanks!

[axion_sa]

Sessionless, perhaps? ASP.NET will hock the session identifier into the query string. May make the URL look a little un-pretty. But this probably won't please HRH.

That said: http://msdn.microsoft.com/en-us/library/ms178581.aspx has some blather about the session. tl;dr, but did see some snippets around warnings.

On the ... convincing side of things, may I suggest having a ponder on why you're reticent to implement the feature. If you feel strongly about it, you may be able to convince the "user"

[brin351]

I agree with you "he" sounds like a complete fool not understanding such a thing!

On the other hand "he" is always right. It's not uncommon for an admin to impersinate a lower level user. It may be a pain to implement that feature for 1 user and normally it would be impersinating 1 other user not 2 or more at the same time.

The approach would be if in role/user = admin & session/querystring/cookie value = role2 then pretend to be role2.

Having said it can be done may be wrong of me when I don't know the application - Can you ask him to login once using IE again using Firefox and again using Opera - that will act as 3 independant users.

[MMock]

Can you ask him to login once using IE again using Firefox and again using Opera - that will act as 3 independant users.

That's actually what my husband and I discussed last night! Anyway, this customer is the manager of a person that he wants this enabled for. He does not want her using IE. I don't know why. But it may be as simple as having a second cookie when you're logged in with the customer service rep login and using that value to get relevant customer service rep info, like name. What was weird was when she logged in as "Laura" but later logged in another instance as admin who is "Doug" so then when she made customer service notes in instance one they were recorded as being written by Doug.

Thanks.

[brin351]

It's difficult to say why Laura became Doug, I guess youd need the time of each logged in, the record entry time and the session/auth cookie idle timeout of the server - maybe then you could see the overlap. Or if I log in as A let that laps then open onother browser and login as B then use A's browser I may acutally be B in that now aswell? Probably not much help there.

[MMock]

The solution was actually simple. But as was mentioned, it's difficult to give advice sometimes when you don't the whole application. Doug and Laura are users and we have a usr table with an id and password, like admin, and then the fullname of the person who uses that id, and his/her email, etc. So admin is Doug. If Laura logged in as csLaura (her customer service id) but next logged in as admin, she became Doug. So all I did was create an admin-level id for Laura which has her fullname, and even though she "becomes" an admin in the first instance if she logs in a second instance as admin, it still knows it's Laura. So when she enters a customer service note, it records the author correctly as Laura. Not difficult at all!

Of course it's still a tiny bit buggy when the same page is rendered differently depending who is logged in, because you may see a billing page with more functionality if the app thinks you're admin, but that wasn't the complaint.

Thanks!

[brin351]

Good thinking - simple things are always the best.

[mendhak]

I guess a concept like this is 'obvious' to us developers but for a layperson to understand it would require a lot of reading up. This probably means that you'll need to write it up and explain how sessions work and how sessions-browsers work too. The main point you'll need to get across is 'browser feature' (rather than limitation) because that's exactly what it is