I have an issue
In my aspx based project there are 2 types of user, Admin & Regular User
Scenario Is : Admin do login, after valid user id We oftenly used session id to store user id, role id and all ..;
in the same system if user use different browser or incognito browser then login with regular user.
now issue is if User get the ASP.NETSessionId Cookie of Admin and replace with regular user cookies then after reloading the regular user its page then he becomes the Admin
how to handle this situation. if regular user or any user copies different asp.netsession id cookies and reloading the page, application gets logout
I have tried below code after just user validatied with database and before session creation but it wont work
Note - We are not able to prefer login with FormAuthentication Technique. so please dont suggest code for such method.
