Security :: Persisting Session State Across Sub-domains (different Apps)

Jun 17, 2010

got [URL] - two separate apps in IIS.

Want the forms based auth to persist (they use the same database for membership)

I tried to simply add a "." before the domain name in the forms tags (see below for example) - but this didn't work - it acutally prevented me from logging in at all. how i can persist the login? Does the admin need the same values for "name", "path" and "domain" as the main site?

[code]....

View 1 Replies


Similar Messages:

State Management :: Session Variable Persisting Even After Abandoning A Session - Closing Browser Windows

Aug 5, 2010

I have been spending a better part of a week trying to track down why I am not able to clear all session variables in a web app (vs 2010, vb.net). What I have tracked it down to is that when I remove or abandon sessions that my html pages or codebehind access, it works, but for some reason in any of my class files where I use "Public Shared strConnection as String = HttpContext.Current.Session("strConnection").ToString" to access a session variable, it finds the old one and not the current one. I have to wait for it to time out, go in again, and it will find the new one.

I do not use Linq, and there is only one place in the whole web app that I place the connection string in a variable whcih is when a person logs in. It points them to the correct database. The sqlconnection is set for all of my listviews in Page_Init to make sure that they aren't using any session variable that they create on their own. Interestingly enough that if I use debug to go in each time, exit debug, enter debug again trying to access a different database, it works correct each time. I assume that debug is correctly killing the session variable for the classes for me.

View 4 Replies

State Management :: Carrying Session ID Across Domains?

Dec 29, 2010

We use an agent to monitor user activity on our site. It manages a user session together by matching the asp.net session ID.

If we were to launch a separate checkout site on a new domain, would we be able to force carry the current Session ID from the standard non SSL site to the new session on the checkout site - this way our agent would match the session together, as we require?

View 4 Replies

Persisting Session State Via Multiple Request Using JQuery $.ajax()?

Jan 25, 2011

just been trying to recieve the session value from multiple jquery ajax requests on the same domain name. i think i understand that each request is kind of a virtual browser request so the session is mutally exclusive to each request, but there must be a way some how, has anyone solved this. Basically this is what im trying to do:

I have tries using type: GET and POST but still no luck.

First request - Stores the product id in a session

[code]....

View 1 Replies

C# - Unable To Share Session State Between 2 Web Apps With StateServer?

Jul 20, 2010

I'm having trouble getting 2 identical ASP.NET MVC applications to share the same Session using a Session StateServer. The reason I'm trying to do this is we will eventually be deploying this app across 3 web servers that need to share the same state. We need to use StateServer because we are trying to minimise use of the db for non data-related storage.

The Setup: I've deployed the same code base to http://localhost/App1 and http://localhost/App2

both have identical Web.Config files with the following:

<system.web>
<sessionState mode="StateServer"
cookieless="false" [code]....

The Result:For both deployments, when the page first loads I can see that the mode is StateServer and the timestamp is getting set to the same time as the realtime value.. However, if this was working, only the first page should have the same time as the realtime value. The second page load should read from the StateServer because that timestamp value is no longer null, and display that time value. But instead, it's displaying the realtime value again.

When I refresh the page, I the timestamp stays the same and the realtime value is always updating. This indicates that the timestamp is being saved to the Session, but the time stamp value is always different for both deployments when it should be the same, so this indicates that the Session is not being shared.

View 4 Replies

Sharing Authentication On Different Apps On Different Sub - Domains

Jan 19, 2011

I have 2 applications. One on asp.net webforms [URL] which should provide authentication, user logs in and I can use the cookie to authenticate on my asp.net mvc app located at [URL]. All I'd like to do is able to access the cookie so I can get the userId that was stored in it using the FormsAuthentication.

They use normal authentication provided by microsoft;

<authentication mode="Forms">
<forms domain="test.com" loginUrl="Default.aspx" protection="All" path="/" requireSSL="false" timeout="45" name=".ASPXAUTH" slidingExpiration="true" defaultUrl="Default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false"/>
</authentication>

This cookie should be accessible to any submain on [URL] right?

View 2 Replies

Security :: Session State SQL Server State Mode?

May 4, 2010

In my database I have already installed the aspnetdb membership tables and process (think that was running : aspnet_regsql.exe) with all my other custom build tables for my project. All works fine.I want to use SQL server session state. (Asp.net 2.0, SQL server 2005)My project will be on a SHARED HOSTING environment, and I only want ONE database that holds all I need ( membership, custom tables, session state table, etc)I see two files in : C:WINDOWSMicrosoft.NETFrameworkv2.0.50727

InstallSqlState.sql
InstallSqlStateTemplate.sql

I assume I run the "InstallSqlStateTemplate.sql" and follow instruction from this reference to SQL server session state operational in my single project database : [URL]

View 2 Replies

MVC :: Persisting Model State Across Requests?

Jan 3, 2011

I'm building a web application that has a particular model representing some events. Users need to be able to add N number of people to a given event. Choosing people is handled by a partial view.

I'm trying to build a menu that displays when users click "add a person" to the event. Because the event hasn't been filled out completely yet, there is nothing in the database to persist between requests.

I also have validation logic on the event page.

My proposed solution is to add the form to search or add for people on the event form itself and have a submit button that sends the values that have been added back to the server, where I can store them in ViewData or Session.

Unfortunately, doing this flags the validation.

My second solution is to load a partial view responsible for loading the UI to add/search for a person. I could add a little code on the method in the controller that returns a partial view storing the existing data in a session variable or viewdata. Trouble is, I have to submit the form to do it--again tripping the validation!!!

I'm wondering if perhaps I chose the wrong tool to do this...because in webforms, there would probably be a postback and you would just perform an operation on that postback. I'd like to avoid rewriting the application in webforms and am wondering if there are ways I'm overlooking in ASP.NET MVC.

View 2 Replies

Persisting Checkbox State While Paging In SPGridView?

Mar 23, 2011

Suppose I have created a spgridview with the following code.

[Code].....

To persist the checkbox states between pagebacks ,currently i am using session states.It has some draw backs.Now how can I persist the checked states,when the user manually checks all the checkboxes,how can i make a check on the header checkbox?

View 1 Replies

State Management :: Persisting A Class Object?

Nov 5, 2010

I wish to persist a class object across postbacks by using a single session variable/object/whatever.

The class has about a dozen single variable properties; and about a dozen table properties; and several methods. The main table tracks rows of sporting event results. The web site will collect one row at a time for each postback. The data in the object's constructor is based on a dataset, but the data in the class will grow each time I do a postback so I don't want to loose the information in the class. The data isn't very big - it will fill a single computer screen.

Being new to programming I am thinking that I can store the dataset in the session but that would slow down the response time because I the methods would have to be called to refine the data - or maybe I can just store the entire class object in a session.

View 3 Replies

Persisting State On A Master Page's Hierarchical List?

Feb 17, 2010

I'm writing an ASP.Net application (no AJAX, but maybe) and there's a requirement to have a list of companies graded under a traffic light system. I intend to have these in a collapsible hierarchical list on the Master page, e.g. Red expands to show companies, and then companies can be further expanded.

how can I keep the expanded list in the same place, with the same content visible, between page loads?

View 1 Replies

State Management :: Persisting The Cookie Across Development And Production Server?

Jan 2, 2011

I am using this code to pass variables from ASP.NET application to HTML Application:

[Code]....

The above code is run from page_laod event, and I am making some development changes on the Development Machine (say
http://eutdev02/ehrmd).

After the ASPX page is loaded, and I debug the javascript in the HTML (F12 under IE8), and can see the Cookie is found in the browser.

But, when I open the target HTML/Javascript web page (which will read the cookie prmStaffID), but the HTML Page is on the production machine (separate server say

http://prod01/Attendance.html), the Cookie is not found !!!

It seems to me that Cookies will persist only on one IIS Server, and will not be global.

Question:How I can persist the Cookie on the Client Machine regardless of the the Server Machine ?

For testing purposes, I want to send the cookie to the client from teh Development Server, but the target application is under HTML/Javascript, and I want to be able to read the same Cookie using Javascript.

View 5 Replies

Web Forms :: Checkbox Checked State Not Persisting In Visual Webpart?

Oct 19, 2010

I've created a visual webpart .My user control is gridview,in which one of the column is checkbox.The checked state of my checkbox within a gridview get disappeared during postbacks. I want to maintain the checked state.

View 1 Replies

Persisting Checkbox State If Browser Back Is Clicked After Postbacks?

Feb 9, 2010

I've a checkbox with autopostback=true. If i check the checkbox the postback occurs and changes a label text. But if i click back in the browser the checkbox is not returning to its previous unchecked state. How can i bring back its state?

Can i write some JavaScript to persist the state of a control?

View 1 Replies

Persisting Dynamically Loaded User Controls In View State?

May 13, 2010

I have a simple user control containing two text boxes which I am adding to placeholder on Button Click event. I am storing the number(count) of clicks in View state and running a loop using count to create all previously added user control. I am also adding IDs to each User control (appending "UC" and count). I have also checked in view source the ids are same each time they are created. I have another button which basically does an post back. I have EnableViewState enabled ="true" in all controlls all the way up to Page Level. My problem is that User Input does not persist on postback. Should this not be happening automatically for me?

View 2 Replies

State Management :: Persisting DropDown List Attributes Across Page Postbacks?

Oct 12, 2010

how can DropDownList attributes be persisted accross page Postbacks?

Example:

DropdownList1.AutoPostBack = True
DropdownList1.items(0).Attributes.Add("Attribute1","somevalue")

On Postback the attribute is no longer available (ie. attributes.count=0).

I tried persisting using the code below, but was unsuccessful:

Before PostBack: ViewState.Add("DDL","DropdownList1")
On PostBack: DropdownList1 = ViewState("DDL")

This generated the error: DropDownlist is not marked as serializable.

I than tried:

Before PostBack: Session.Add("DDL","DropdownList1")
On PostBack: DropdownList1 = Session("DDL")

This did not err but attributes were still not available.

View 4 Replies

State Management :: Dynamically Loaded Controls In Init But Viewstate Not Persisting

Jan 20, 2011

I read this article first to try to solve this issue, but I am already loading the controls in the Init phase of the page, yet viewstate is not persisting. Any ideas as to why? (Of note is that this is for a custom module in DNN and I do have some AJAX update panels on the page, though this section is not within an update panel, for what it's worth.)

As an overview of what I've got:

1. LoadControl.ascx - based on reading query string parameters, determines whether to load the master or the detail .ascx.
2. Master.ascx
3. Detail.ascx

In my master control I dynamically load either a master or detail sub-control in the page_Init. The detail page has a treeview control and then uses a multi-view control to display the panel associated with the depth of the node selected on the tree. On the panel being displayed I have a cascading ddl within a detailsview control which initiates a postback to select the child ddl based on the parent ddl selection. However, when the page refreshes after the postback, both ddls have resorted to their default selection.

What is interesting however, and I just realized this as I am typing, is that the Treeview is populated when the page comes back from the postback, so that is only possible if viewstate is being persisted right? (See the page_load code and you'll see that Call PopulateRootLevel(intTreeUserID) which populates the treeview, is not called on postbacks....hmmm.

Any ideas as to why the treeview maintains viewstate but not my ddls???? But though the tree is populated, I do have to explicitly select the node again and set the panel that the detailsview control is on to visible again too....

Here is the dynamically loaded control code:

[Code]....

And in the Detail.ascx page load I've got:

[Code]....

[Code]....

View 6 Replies

Sharing State Databases Between Multiple Apps

Apr 7, 2010

Is it better for a collection of ASP.NET web apps to share the same session database, or should each one have its own? If there is no significant difference, having a single database would be preferable due to easier maintenance. Background My team has an assortment of ASP.NET web apps, all written in either Monorail 1.1 or ASP.NET MVC 1.0. Each app currently uses a dedicated session state database. I'm working on adding a new site to that list, and am debating whether I should create another new session database, or just share an existing one with another app.

View 1 Replies

Subdomain - Sharing Session Data Between Domains In Asp

Jun 3, 2010

i want to maintain session data between two applications or domains [URL]. I have read on net about this, but many people pointing many different ways to do it, with people commenting +ve and -ve responses to all. Plus many are just providing theoretical answer, do this and that ,but no code at all. are these steps all that is required?

1) in web.config: <httpCookies domain=".[URL]"/>

2) store session data in sql DB as:(after preparing the db for storing sessions)

<sessionState mode="SQLServer" sqlConnectionString="Data Source=YourServer;
Integrated Security=True;database=MySessionDB" sqlCommandTimeout="30"
allowCustomSqlDatabase="true"/>
<machineKey decryption="AES" validation="SHA1" decryptionKey="..." validationKey="..." />

3)Am confused about this one: i want to set the domain for the session cookie like this

Response.Cookies["ASP.NET_SessionId"].Domain = ".[URL]";
But where should this code be written?
this entry: [URL]says: use System.Web.SessionState.SessionIDManager as a base class but the SaveSessionID method is not virtual so cannot be overridden. Options are: either explicitly re-implement the interface method or decorate SessionIDManager class and after calling SessionIDManager.SaveSessionID set Response.Cookies[SessionIdCookieName].Domain to our domain.

Only if the author had provided real code, step 3 would have been clear. Plus all this 3 steps enough to share session among the domains?

View 1 Replies

Sharing Session Cookie Across Two Named Domains?

Jan 19, 2011

I have a .net webapplication with the following domains:

www.domain.com
sub.domain.com
files.domain.com

When a user is logged on to domain.com or sub.domain.com, I'd like them to share session state (i.e. be logged into both domains at once). This is possible to do by setting the domain on the session coookie to be ".domain.com". However, my problem is that the domain "files.domain.com" should not have session state due to security issues (xss attacks from user-made files hosted on that domain is an issue).

Is it possible in ASP.NET to use the same asp.net session id for these two domains, but not the third one?

View 5 Replies

Web Forms :: 3.5 Error: Unable To Make The Session State Request To The Session State Server?

Dec 7, 2010

Have not run the ASP.NET Development Server for a while. Today I copied a production website to my workstation and ran it with VS 2008. The following error message popped up. What is the problem with the ASP.NET development Server on my workstation? The website on the Production server still ran okay.Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same. If the server is on a remote machine, please ensure that it accepts remote requests by checking the value of KEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesaspnet_stateParametersAllowRemoteConnection.
If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the state server connection string must use either 'localhost' or '127.0.0.1' as the server name.

View 2 Replies

Web Forms :: Preserve The Session Object While Redirecting Between Domains?

Oct 16, 2010

In my app. I redirect user from one domain to another and I need to preserve the session object while redirecting between domains.

I need to be able to read session key/value that is created under different domain, for example -

While in domain A.com:

create session variable - session("myASPString") = "Test string"

redirecting to domain B.com

While in domain B.com:

dim k as string = session("myASPString")

right now k = Nothing...

How can I preserve the session object between different domains ?

View 1 Replies

Security :: Potentially Dangerous Request When Packing Session State?

Mar 31, 2010

I'm writing a product management system for a website. As an administrator defines product details, those details are stored in the Session so that fields remain populated as the user navigates across multiple pages. One of these fields is a "RichTextBox" that allows the user to define a product description with rich text.

Attempting to pack the contents of this rich text box into a Session variable raises the following Server Error:

A potentially dangerous Request.Form value was detected from the client (ctl00_ContentPlaceHolder1_RichTextBox1_tbxRichContent="<b>asdf</b>").

The offending line of code is as follows:

Session["NewProductDescription"] = HttpUtility.HtmlEncode(RichTextBox1.Text);

I thought HtmlEncoding would solve the problem, but it did not.

View 1 Replies

Security :: Custom Made Login Page With Session State?

Jan 6, 2011

I have a login ascx module that needs to handle logged in users.

I am solving this by enabling Session("IdUser") to take Id_User from my database if login and password are correct.

Ok, this works rather OK, but I am using the same button for login and logout, so when I login user I need manualy to reload the page before handler me.load have new values for current session, does anybody know how I can solve this isue.

Imports System.Data

View 3 Replies

State Management :: Security Risk Of Longer Session Timeout Value?

Jun 18, 2010

We currently have a public-facing .Net 4 application running with the default session timeout value of 20 mins. Are there any significant security risks with lengthening that to 60 mins or longer?

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved