Security :: End Specific Session Outside The Current Session?
May 20, 2010
I would like to check if someone tries to access the application with the same username from a different browser/pc/etc. All usernames and passwords are stored in a MSSQL db.
What I am doing at the moment is: In the global.asax-file in Application_start(..) I initialize [Code]....
Now with every user that logs in I can check whether he is allready in ( in that case, he won't be able to log in, he'll be redirected to the login page ). Let's say it's the same user who wants to login but for some reason he wants to start the application from a different pc, maybe in a different building. Unless he hasn't forget to logout, he won't be able to login on this different computer. So he would has to go back and logout or wait for the timeout.
Now wouldn't it be more convenient to abandon the first session and let the same user login to the pc where he is right now?
The question is, is it possible to end the first session without beeing in it? Or is there any other solution for that problem? Since I have the SessionID stored in Application["UserList"] is there any possibility to end that specific session?
View 3 Replies
Similar Messages:
Feb 4, 2011
Is there room for issue in the following code in terms of multiple users of the same web application? I mean, I know that a purely static string will be shared across all sessions for a single ASP.NET application, but since this explicitly refers to the Current.Session, even though it is static it seems like it would always refer to the session instance of the "current user." But an error is happening that could be explained by everyone sharing the current value of Mode and thus the most recent change overwriting everyone else's mode value. (As a background: This string is in a Helpers class that is used throughout the application. I do not want to make references to Session["Mode"] throughout the application and do not want to have to pass Session["Mode"] in every method call from an aspx.cs page.)
public static string Mode
{
get
{
var value = HttpContext.Current.Session["Mode"];
return (value ?? string.Empty).ToString();
}
set
{
HttpContext.Current.Session["Mode"] = value;
}
}
View 2 Replies
Feb 16, 2011
how to set a specific path (e.g. apppath or d:/myfolder) to all session objects across my ASP.NET 2.0 (state server configured) application so that all sessions will save/store in myfolder only.
View 4 Replies
May 4, 2010
I have written custom code for login and logout...When use clicks on logout button the current session is closed and user is redirected to a login.aspx page...The problem is that when a user click a back button on internet explorer it the previous page he was navigating is shown to him...(altough he cant perform any operation as session is null and their is condition in page load that if session is null user should be redirected to login page)May i have to clear cache of client ??
View 3 Replies
Feb 3, 2011
I created a user control for my web application that checks for Session Timeout. If the criteria are met for Timeout, I use Response.Redirect to send the user back to the login page. I include this user control in my Master page, and run the SessionTimeoutcode in the user control's Page_Init event. That all works great. However, once the user logs in again after time-out (and I have verified that the OnLoggedIn event does fire) the user is redirected to the DestinationPageUrl. That page runs the Session Timeout check when it loads (as it should) and the Session Timeout code "says" that the session is still timed-out.
View 1 Replies
Nov 23, 2010
i'm using an example in which i can fake the session.It's for use in a unittest of a mvc controller.In the test i create a controller and then i do this:
FakeHttpContext httpctx = new FakeHttpContext(null,null,null,null,mSessionItems );
ControllerContext ctx2 = new ControllerContext(httpctx,new RouteData(), target);
here mSessionItems is my session and target is my instance of a controller,and indeed, when i'm in a controller reading this.ControllerContext.HttpContext.Session, i have a session, great!but.... i also read the session outside the controller, and there i use HttpContext.Current.Session, and that is null (or actualy, the HttpContext.Current is null).
View 1 Replies
Apr 21, 2010
how do i ask if the current user have the specific role ...
like ... if(user is in role)
{
do simthing...
}
View 2 Replies
Aug 1, 2013
I want to set timeout of particular session.for e.g. in web.config session timeout is set to 30.
when user enter in particular page say test.aspx we create new session say session("a")=3.
after that user enter to new page say xyz.aspx .
CASE 1:
I want to set timeout of session("a") to 10.
CASE 2 :
I want to destroy this particular session (i.e session("a")) not all the sessions.
CASE 3 :
I don't want user can use session("a") on this page but other session's should be accessible.
View 1 Replies
Aug 20, 2010
I am getting HttpContext.Current.Session is null.Will this be a problem if we have application hosted in web farm.
View 1 Replies
Jul 19, 2010
I'm using asp.net 4.0 with asp.net MVC 2.0 and the asp.net membership provider.
I need to terminate a the user session before I delete it. Otherwise if the user is still authenticated the next time it will visit a page null reference exceptions will occur when trying to access the user data and profile.
I get the Session.Abandon() method but what I'm looking for is the same on a user, something like user.AbandonSessions().
View 3 Replies
Mar 21, 2011
Having trouble trying to implement a session it says it doesnt exist in the current context am i missing something?
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//database connection string[code]....
View 2 Replies
Nov 27, 2010
In my page i have used Session["user_id"] to know the status of user. Is there any page specific property to replace Session["user_id"].
View 2 Replies
Jan 20, 2011
I am trying to write a code that I can attach to a .aspx page using <!--#include file="newcode.aspx"-->. What I am trying to do is check to see if they have an current or active session and redirect them if they don't. It seems like this should be pretty
simple, but I have not been able to get anything to work. This is only being used on One page. What I have tried is:
[code]...
View 5 Replies
May 5, 2010
I am searching to find a way to read and write on session data but with out having the HttpContext.Current.Why I won to do that ?, because I wish to make some action with the user Session after the page have been close and unloaded. For example, a user load and see a page, then I create a thread to make some action and let user go. Inside this thread I like to read the session data, but in this case HttpContext.Current is not exist any more.
So is there a way to read Session Data knowing just the session id.I store my session inside an sql server, and I see them... its there on table ASPStateTempSessions . How can I read them "offline" and manipulate them ?
View 2 Replies
Oct 6, 2010
I have a section in my web app that displays the user's name, the current datetime and a logout link. What i would also like to display is the time left for the session.Is this possible? I'm using an ajax timer to give the user the real time, so if i could display also the time that is left for the session to end would be great.
View 6 Replies
Jan 17, 2011
i'm storing in HttpContext.Current.Session current user, SiteUser is single-tone class that presents current active siteuser, and when he logged i'm creating new SiteUser() in controller and in constructor adding him to the session:
[Code]....
then, with every request to the server services i'm check is user available in session:
[Code]....
otherwise i'm generate non-auth-user exception and redirect him to the logon page. but sometimes HttpContext.Current.Session[sessionKey] is null, but HttpContext.Current.Session doesn't null and FormsAuthenticationTicket is available and Expired property is also false. can somebody help me, why HttpContext.Current.Session[sessionKey] can be null?UPDi have downloaded symbol tables of source .NET Framework and set breakpoints at SessionStateItemCollection on changing collection items. and i resolved some mistakes:1) all collection items are null — "culture" is setting up after2) it happens at the session end eventi can't understand how it can be, because at web.config session timeout is set 20
View 20 Replies
Oct 18, 2010
I would like to pop up a box that warns the user of session timing out in 5 minutes. There are lots of examples of this on the net and I can figure something out. My question however is how to get the time remaining.All examples I read about set a client side timer to countdown from last postback. I would like to do something different. I would like to make an AJAX call to the server and get the time remaining from the server. Is this possible?Since an AJAX call will not reset the session timeout timer can I read the number and send it back to the client?
View 1 Replies
Nov 25, 2010
We have a web site which implements a central HttpSessionState management in App_Code like this:
[code]...
All of this worked fine ultil we needed to implement a time consuming process in a new thread...
In the second thread HttpContext.Current.Session is null (we know its because the current context its different between threads) so everything fails :
Investigating we found that you could pass the session from one thread to another like this:
[code]...
View 2 Replies
Nov 15, 2010
I'm using VS2010 and created a simple asp. web forms application, using Development Server to test it. I try to store user data - queried from sql server - in the session, since I don't want to access database in every request. I'm using the 'Application_AuthenticateRequest' and the 'Session_Start' methods.
First round:
AuthenticateRequest called. The following code ran:
[Code]....
The _current variable is a private static field published through a static property. In the first round the Session is null, and I think it's ok because the Session_Start not called yet. The Session_Start looks like this:
protected void Session_Start(object sender, EventArgs e)
{
Session["EMPLOYEE_DATA"] = EmployeeFactory.Current;
}
In the next round the Session_Start is not called of course but in the AuthenticateRequest I can't access to the session. The HttpContext.Current.Session is null and the this.Session reference throw a HttpException says the "Session state is not available in this context".
However I can access the Session from any of the page_load events but it's a bad practice I think that I put authentication every page_load.
View 1 Replies
Apr 7, 2010
In my website I am maintaining log of users in which I am storing some user's information such as user machine IP umber,SessionId,UserName etc.and able to show the list of current and past users in webpage. I want to share and connect to browser session of any of the current users. Is it possible,if yes then how?
View 5 Replies
Feb 18, 2010
I am trying to redirect to the same page with different query string parameters
HttpResponse resp = HttpContext.Current.Response;
resp.Redirect(landingPagePath)
To avoid further processing after redirection i check if
HttpContext.Current.Session.IsNewSession == false
but for some reason i found that this is not always the case after redirection
View 2 Replies
Apr 24, 2010
I want to terminate the session after specific time. So how can solve it.
View 3 Replies
Mar 1, 2011
I have an asp.net application with c# language. I have a common class which maintain the constants and static variables and fields. I also have a login page. If the user logs in successful I set IsLoggedInSuccessfull as a static boolean variable in common class.
My question is: Will this only work for a specific user session or for overall application ?
Edited:
Based on some answers I got another question here.
let say i am using the Static method as Authenticate(User objUser). intention is to call this method when user clicked log in button. where on login button I am let say prepare the User object with certain parameters required for login, then passing to this method. what would be the impact there? let say I have single server for now (no server farm or garden). then there will be the single application level method to authenticate the user, right? and say 10000 user are going to logging in to this site/application then how authenticate() method comes in behaves ? will CLR automatically manage threading there ?
View 5 Replies
May 5, 2010
I created an AutocompleteExtender web service. I am getting a Object reference not set error in the peice of the code where I am referring to System.Web.HttpContext.Current.Session. Does anyone know why this is. And I am checking to see if it is != null before I reference it. But it crashes. Is there another way to pass another parameter to the web service?
View 2 Replies
Sep 8, 2010
In our application we have to access session objects in business class. We are using HttpContext.Current.Session to get the session value. In some cases it returns the value but mostly its throwing a null reference exception(Object reference not set to an instance of an object). We have the following code Try
If HttpContext.Current.Session("Username") IsNot Nothing then
' Statements to be executed
End If
Catch ex As Exception
'Log to db
End Try
Here HttpContext.Current.Session("Username") is mostly throwing an exception "Object reference not set to an instance of an object" While debugging we found that HttpContext.Current itself is nothing.
View 2 Replies
