Prevent Transfer Of Session?
Dec 13, 2010Does somebody now a good way to make session not transferable, so an user can't move/copy the session token ID from one machine to another?
View 2 RepliesDoes somebody now a good way to make session not transferable, so an user can't move/copy the session token ID from one machine to another?
View 2 RepliesI have a parent window from which i open a modal dialog on button click. In WinXP with IE8 it works just fine, but in Win7 with IE8, upon opening the modal dialog it brings me to the login screen. If i enter my credentials, close the dialog and open it again, it works.The explanation i figured out is that the session isn't transfered between parent and child.The modal is opened with javascript window.open function.I don't want to store the credentials in a cookie and then read it in my modal because it's a security no-no. Is there an explanation why this is happening in Win7 and not in XP and is there a resolution for this issue?
View 1 RepliesI have used a image handler to display image which works fine... My problem is how can v pass the image using sessions on different pages. I have an image control in master page and fileupload control on the content page.... bt m not able to implement sessions for images as image can't be store to string.
View 1 RepliesHow can I transfer the login session of a user into a Cookie that would expire in 12 hours? I have a problem with Internet Explorer where whenever the user closes the window it would log them out automatically (which is by default what it is supposed to do). I am using VB.NET
View 4 RepliesWith-in my Web App, I would like to be able to create a completely new instance of Internet Explorer, keeping the original functioning as well. No problem doing a Response.Redirect or server.transfer to a new web page, but what I am trying to do here is to open a completely new explorer window. I would like to do so transferring a few session variables to it.
View 5 RepliesI built a small ASP.NET application. It has a global.asax and sets some session variables on Session_Start(...).What could prevent (all) session variables from not being set? Would a session time out do it? What if JavaScript turned off? What else can do it?
View 2 RepliesOur intranet has a custom membership system (not asp membership) which puts values in the session information to identify users. As the intranet is constantly evolving, I often have to publish changes to the live server several times every day. Each time I do, the users who are logged in's sessions end and they have to log in again. This causes various issues which I won't bore anybody with here.
My question - is there anyway to prevent this, or do I just have to live with it? Have spent the last 3 hours Goggling and can find no solution.
I have a .Net 3.5 website which uses windows authentication and expires the session using a meta tag on the prerender of my base masterpage class.
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
if (Response.ContentType == "text/html")
this.Page.Header.Controls.Add(new LiteralControl(
String.Format("<meta http-equiv='refresh' content='{0};url={1}'>",
SessionLengthMinutes * 60, SessionExpireDestinationUrl)));
}
This works well for pages that do full post backs. However there are a few pages in my application where the user does a lot of work that is inside of an update panel. My company's policy is a timeout of 15 minutes. Which means, after 15 minutes of working inside of an update panel page, the user gets redirected to the application splash page.
Is there a way to reset or extend the meta tag on an async postback? Or perhaps a better way to accomplish this entirely?
i'm using session variables for send variables between aspx page and it works fine ...but after some time of inctivity(user) in the page the sessions is los...how can i resolve this issue ? this is my code below how to send session :
protected void Lst_Interv(object sender, EventArgs e)
{
Session["Id"] = gdMedical.SelectedRow.Cells[0].Text.Trim();
Session["Service"] = gdMedical.SelectedRow.Cells[6].Text.Trim();
Session["Nom"] = gdMedical.SelectedRow.Cells[2].Text.Trim();
string pageurl = "LstIntervention.aspx";
Response.Write("<script> window.open('" + pageurl + "','_blank'); </script>");
}
I have a class which implements IHttpHandler that is designed to handle image resize requests. It handles Urls like so [URL] Currently the handler looks for myimg.jpg on disk, cuts a 100x100 thumbnail (if it isn't already present) and redirects the client to the thumbnail like so Response.RedirectPermanent("/some/virtualPath/to/thumbnail.jpg");
This has been working great, but I would like to avoid forcing the client to issue a second HTTP request. Is it safe to do the following? Server.Transfer("/some/virtualPath/to/thumbnail.jpg") All the MSDN documentation talks about using Server.Transfer() to redirect to an aspx page, so I'm not sure if this is the right thing to do or not.
I managed to user to perform multiple log on from other IE window session in my web application if the same log on is currently being used.Unfortunately I have problem to control multiple log on if the user is logging in using tab browsing in the same session. I know this is due to the same session Id but is there any way to trace down to the tab level within the same session?
View 2 RepliesHacker's attack the session ID in asp.net application. How can we protect the session identifier from hackers.
View 1 Replieshow to prevent the two session on a single browser ie: first i opening a site on mozilla then login after logged in . I am opening a new table with the same url login using different user after that suppose there is one link called view my profile on user home page if if click the link on first tab browser, it showing the user details on second tab browser user details ie: previous session.how to prevent or avoid this ?
View 6 RepliesI'm new to asp world, and I have to keep my new job :)Switching form php to asp.net 3.5 (never used before). What would be the best practice for storing a SESSION variable in my project ?How can I prevent my SESSION to be overwritten if my initialisation code is in the onPageLoad method of my MasterPage ?My variables keeps beeing overwritten, please someone help me and tell me if there is any other solution than dealing with this pageLoad problem.
View 3 RepliesI'm researched how about prevent session timeout, I tested the solutions links bellow and it works great.
http://www.primaryobjects.com/CMS/Article86.aspx
http://www.codeproject.com/KB/session/Reconnect.aspx
But my Website has one thing that still causing problems... the Website calls an ActiveX. Some time in the user navigation the user clicks in a button and a JavaScript loads an ActiveX with the code bellow.
var objDownload = new ActiveXObject('XXXXXX');
objDownload.ActiveXMethod();
This ActiveX makes a huge processing and this is why I'm want the trick to avoid the session expires. I tested the both above solutions but when the ActiveX is running no refresh happens. Can anyone help with this problem? How the ActiveX can be running and the IE makes the refresh?
How to distroySession in asp.net(vb). When I Distroy the session if i click to the back button it will not redirected to previous page.I used
Session.Abandon()Response.Redirect("Default.aspx")
on the click of logout_linkbutton.but when i click back button in browser its go back to previous page. But when i click onĀ any control it will redirected to Default.aspx.
I have a problem with all multiple tab browsers due to session object. I have a requirement that whenever user opens a new browser I need to show different values, so I thought of using Session as in IE 6 every browser creates a new session. But all other multiple tab browsers IE 8 and FF shares the session(If user has already open the browser and try to open different browser). How can I create new session whenever user opens a new browser window. My application is basically in ASP.NET and server side we have C#.
View 1 RepliesI have ASP.net application that is basically a data entry screen for a physical inspection process. The users want to be able to have multiple browser windows open and enter data from multiple inspections concurrently. At first I was using cookie based sessions, and obviously this blew up.I switched to using cookie-less sessions, which stores the session in the URL and in testing this seemed to resolve the problem. Each browser window/tab had a different session ID, and data entered in one did not clobber data entered in the other.
However my users are more efficient at breaking things than I expected and it seems that they're still managing to get the same session between browsers sometimes. I think that they're copying/pasting the address from one tab to the other in order to open the application, but I haven't been able to verify this yet (they're at another location so I can't easily ask them).Other than telling them don't copy and paste, or convince them to only enter one at a time, how can I prevent this situation from occurring?
How to prevent Session.Timeout extension on certain event from codebehind?
What I do - I have Session Timeout configured in Web.config file for 10 minutes. Also, I have in my webpage1.aspx, an ASP.NET AJAX control ModalPopup which shows into the page 9 minutes after the user stopped sending requests to webpage1.aspx. I did this with this code:
[Code]....
[Code]....
So, my initial calculations was that 1 minute before the session ends, i'll inform the user something with the ModalPopup. The problem is that when this Timer1_Tick event triggers, the session.timeout renew ( or extends ) and the session ends 10 minutes later (if user still don't send any request from his browser).
Can I write code in Timer1_Tick event which prevent session extension?
since a have an app, that makes heavy use of AJAX (jQuery), I faced a problem of session timeout.
After a little bit of googling I found something like :
[Code]....
In the refresh page I have just this code :
[code]....
jQuery indeed calls refresh page, writes "success", however- session times out.
Am I doing wrong something? Is there a better way to prevent session time out?
Preventing user to open duplicate web application,while it is running .....
View 1 RepliesHow we transfer my session from http page to https page.
View 3 Repliesi am using a multi selecting file upload control which is postBack free.
I am using session timeout.
My problem is that during files uploading my session got expired. Bcoz my uploader not being postback so i can't enhance session timeout. and while uploading my session got expired and process was not ompleted, causes some imp files could not uploaded.
We have developed one Web Application which is running in only one server. Now client needs our application be in two servers. So if one of the servers down then another server should be working. We are using sessions in our application. Now the problem is how to transfer the session data from one server to another??
View 7 RepliesFrom.default.aspx
DataTable Basket_DataTable = null;
protected void Page_Load(object sender, EventArgs e)
{
//create an empty DataTable and Add some columns to it
Basket_DataTable = new DataTable();
[code]....
I am storing data in session and on to.aspx ... I am displaying it. But the only last selected one is displaying ...