Different Users Get The Same Cookie - Value In .ASPXANONYMOUS?
Mar 15, 2010
My site allows anonymous users. I saw that under heavy load anonymous users get sometimes profile values from other users.
I first delete my cookies and get a valid unique value in the cookie value .ASPXANONYMOUS. After a couple of requests I get a new value for .ASPXANONYMOUS which is already used by another user. I see in my loggs that there are always a couple of users who share the same value in .ASPXANONYMOUS.
I can see in the my logs that 2 or more users realy get the same cookievalue for .ASPXANONYMOUS even if they have different IP.
Here is the htttp traffic. In the second image the changing cookie is shown (You have to display the image full size do be able to read the log):
One of the many requests that work ok:
Then there is this one request that changes the cookie
Then the new cookie is used
Just to be safe I removed dependency injection.
I dont use OutputCaching.
My web.config has this setting for authentication:
I saw now that the http-traffic I showed is perfectly valid. A changing value in .ASPXANONYMOUS is something that happens because the cookie gets refreshed. The value contains AnonymousID and a Timestamp.
This does not lead to users having the same value in .ASPXANONYMOUS under normal conditions.
The problem realy is, that whenever the cokies get set from the AnonymousIdentificationModule, then there is a chance that a couple of user get this cookie. Setting a cookie in my application doesnt have this strange sideefect.
I am busy building a shopping cart with cookies. I have datalist which I populate from the cookies with a delete button next to each cookie
[Code]....
Now the problem is that when I hit the delete / remove button to expire the cookie, what happens when repopulating the datalist is that it shows the original cookie with all it's values as well as a new entry where all the values are blank.
I want to change the value in a cookie: HttpCookie hc = new HttpCookie("HiddenColumns"); hc.Value = customView.HiddenFields; hc.Expires = DateTime.Now.AddDays(365); Response.SetCookie(hc);
I'm trying to use a webservice that first expects the clients to login, to retrieve a cookie to re-use. This is done through a login(string user, string pass) method on the webservice.
Doing this through a browser works fine, we get a cookie, and we can see the cookie via Fiddler or whatvever proxysniff thingy.
Time to do the same in ASP.Net, so we use the WSDL and generate a nice proxy class, and it works fine to call the login() method, but Never Ever does a cookie get set !
I already used the "cookiejar" technique - which means i create an instance of a CookieContainer and assign it to the proxyclass like this;
I am a bit baffled here; using IE7, ASP.NET 2.0 and Cassini (the VS built-in web server; although the same thing seems to be true for "real" applications deployed in IIS) I am looking for the session-id-cookie. My test page shows a session id (by printing out Session.SessionId) and Response.Cookies.Keys contains ASP.NET_SessionId. So far so good.
But I cannot find the cookie in IEs cookie-store! Nor does "remove all cookies" reset the session (as it does in FF)... So where - I am tempted to write that four letter word - does IE store that bloody cookie? Or am I missing something? By the way there is no hidden field with a session id either, as far as I can see. If I check in FF there is a cookie called ASP.NET_SessionId as I would expect. And as mentioned above deleting that cookie does start a new session; as I would expect.
I have an asp.net web app that uses forms-based authentication, a SqlMembershipProvider (using an encrypted password format), and a SqlRoleProvider. I need to know if it's possible to administer the users (create new users, assign them to roles, etc.) from a windows application - the powers that be don't want any administrative functionality in the web app itself.
Here is the membership provider definition from web.config:
[code]....
So, obviously, I have a Sql Server database that contains the users and roles for the web app. I'd like to create a separate windows app that references the web app assembly, and use the configured MembershipProvider, RoleProvider, and machineKey to create users, assign users to roles, etc. If that's not possible, I can duplicate the configuration settings from web.config within the windows app. But I don't know how to do this either.
I need to stop users users using the browser back button and potentially submitting an old version of a form.
I'm storing a guid in a session variable and also writing the value to a hidden form field and then checking the session value against the hidden field value if a user does try to navigate back and submit an old form.
If the form is submitted and the user wants to complete a new copy of the form then a new guid is generated both to the session and to the hidden form field. Now, if the user decides to hit the back button a few times to get the old form and tries to submit it again, the page checks the current guid in session against the guid stored in the form field and it finds a mismatch and prevents the form being submitted.
This works as expected in Chrome and Firefox, but in IE6, when the user hits the back button to view the old form, the new guid value appears in the hidden field of the old form! This means the user can submit the old form again, which we definitely do not want.
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
I have used Login Control + Change Password + Create User Wizard in my project. Everything is working fine. I want to know that how to get the List of Users and also to Update/Delete users.
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
When calling Response.Cookie.Add(new HttpCookie("MyCookie", "objValue")); where does the cookie saved? on Client Machine or Server Machine?
EDIT:if saved in Client Machine, how can I read it from javascript then? I tried this kind of script.
function getCookie(c_name) { var i, x, y, ARRcookies = document.cookie.split(";"); for (i = 0; i < ARRcookies.length; i++) { [code].....
I cannot get the cookie that I saved from code behind. When I look into the document.cookie object, it is just an empty string.
Scenario:On Page_Init() on code behind. I create a cookie using Response.Cookie.Add(new HttpCookie("MyCookie", "cookieValue"));. On Client side, I'm trying to read the cookie saved from code behind on page load using the snippet above, but it returns undefined
I want to use the Domain Users group to show all the users in a dropdown box. For some or other reason I cannot return all the users when looking for everyone under the domain so instead I was thinking of using the domain users group.This is part of my code:
I have a very simple page with the following logic:
protected void Page_Load(object sender, EventArgs e) { if (null == Response.Cookies["UserSettings"].Value) { HttpCookie cookie = new HttpCookie("UserSettings"); cookie.Value = "The Big C"; cookie.Expires = DateTime.Now.AddDays(10); Response.Cookies.Add(cookie); } else { // got here } }
I set a breakpoint in both the if and the else and the else break point never gets hit. The if statement gets hit every time. What could be wrong here?
scene: when I click item in ext:ComboBox and want to set the item selected value to cookie variable. Finally, after I click ext:Button, the ext:Label get cookie value and display it.
But I get a error :Ext.Ajax Communication Failure.
protected void lngIndexChanged(object sender, DirectEventArgs e) { //Sets the cookie that is to be used by Global.asax HttpCookie cookie = new HttpCookie("CultureInfo"); cookie.Value = ComboBox1.SelectedItem.Value ; Response.Cookies.Add(cookie); Label1.Text = cookie.Value; //Set the culture and reload for immediate effect. //Future effects are handled by Global.asax Thread.CurrentThread.CurrentCulture = new CultureInfo(ComboBox1.SelectedItem.Value); Thread.CurrentThread.CurrentUICulture = new CultureInfo(ComboBox1.SelectedItem.Value); }
I'm reading through the info here: [URL] I have a question about how cookies work.
I am creating a series of web pages where the user follows steps in a tutorial. I want to track in a menu that the user has completed a step. It seems cookies would be the best way to do this. My question is, when you create a cookie and you need to write to the cookie at a later time, does it write to the existing cookie or does it create a new cookie with the existing name? In other words, if I initially create the cookie and set all steps viewed as false, then when they complete a step I go back to the cookie and set a step to true, does this actually write to first cookie or write a new one?
