How practical to change MVC app from traditional authentication to cookieless?

I have开发者_如何学编程 an application written in MVC that uses your regular .Net Forms Authentication. There's nothing particularly new or exciting going on with it.

My client has now asked that users be able to log in to the app on the same machine but in different browsers, or different tabs within the same browser. To my mind, he's asking for a scope change to have authentication moved to cookieless instead of its current design.

Not having had any experience with doing this in MVC, I'm curious to know before I get started how much hurt I'm in for by trying this. Are there better ways to do it? What should I consider?

Any advice appreciated.

in different browsers

This should be easy because different browsers do not share cookies.

or different tabs within the same browser

That's a little bit more difficult, because the same cookies are used browser-wide, so there is no difference between the tabs.

You can try adding some authentication token to all links like:

http://site.com/home?token=afdaewdf4393cffjedcifa
http://site.com/account?token=afdaewdf4393cffjedcifa

and so on.

It's relatively easy to have the same parameter in all MVC-generated links, because the same parameter is automatically copied into other links as the user navigates between views (MVC by design).