Problem using curl on asp with cookie

[Levian]

Hi,

 

I'd stumbled upon a problem around doing curl on an asp website which use cookie.

 

I use username n session id to determine the cookie file, on a case when a second browser open up it should have different session id, hence it may create new cookies instead of using the active previously-made cookie file, please do correct me if I'm wrong.

 

So question is....how to detect a user is logged or not in such situation ?

Or perhaps how is the proper way to determine a cookie file in such situation ?

 

 

Thanks in advance,

[requinix]

I use username n session id to determine the cookie file, on a case when a second browser open up it should have different session id, hence it may create new cookies instead of using the active previously-made cookie file, please do correct me if I'm wrong.

I believe you are. The session ID is stored in a cookie, right? Either the cookies are being shared in the two windows or they're not being shared; if shared then the windows will be using the same session (which is generally what happens), if not then there's no risk of accidentally "reusing" cookies from the other window.

[Levian]

Thanks for the reply requinix,

 

May I inquire a bit more....

 

The session ID is stored in a cookie, right?

if not then there's no risk of accidentally "reusing" cookies from the other window.

The first one...is it about asp.net session id inside the cookie file ?

 

n I'm not quite understand the 2nd line of the if...sorry if it sounds like a dumb question...it does I admit it

 

I hope you don't mind answering.

 

 

Thanks,

[Levian]

I open a browser n it creates a new cookie file which include asp.net session id inside

Then I open a browser on another (in this case a mobile browser)...n again it creates new cookie file (since the cookie file name is determined by login username n session id of the browser, which is different from the previous browser) which include a different asp.net session id.

 

So the 2nd browser count it as a new session, create new session id, despite the fact that the same username is currently logged on 1st browser, or so it seems to me.

Edited December 31, 2014 by Levian

[requinix]

...Are you talking about deliberately reusing the same session for the same logical user even if they're on separate devices? I thought you were asking about something else.

 

Please don't do that. The session should not be a place where you store temporary data. I don't want my sessions to be the same everywhere I go.

[Levian]

Thanks requinix,

 

Maybe I should rephrase my question...

 

There's 2 sites, the users should first login to site A, then inside they're using single username to login to site B n get the needed data

The connected users on site A will get different sessions...I get that, even the same user on different devices should have different session

However the problem is...how site B will recognize them all as the same user ? Cause how it currently works...site B didn't get them as the same user n prompt them to login again despite it actually is logged on from another user on another device. (it's using only 1 username for site B logging)

 

Honestly, it's confusing...more to the fact that I know not how asp works, so meanwhile I'm also seeing as to how asp works on

 

 

 

Thanks in advance,

[requinix]

It will recognize them because they're using the same "single username"...

 

Regarding session IDs and the cookie containing that ID, it's the same thing as with your site A: they're different sessions with different cookies. The two sessions simply happen to be referencing the same account - as if they had the same value for $_SESSION["user_id"].

[Levian]

Thanks a lot requinix