Why does the property SessionID on the Session-object in an ASP.NET-page change between requests?
I have a page like this:
...
<div>
SessionID: <%= SessionID %>
</div>
...
And the output keeps changing every time I hit F5, independent of browser.
I've seen this work correctly in other projects.
I'm storing the session IDs of the logged-in users in a database, so I need to kill some sessions using the session Ids stored in the database, but unfortuently I'm not able to get any session using the seesion ID so that I can kill it.
View 1 RepliesI'm writing some logging code that is based on SessionID. However, when I log out (calling Session.Abandon), and log in once again, SessionID is still the same. Basically every browser on my PC has it's own session id "attached", and it won't change for some reason. My Session config looks like this:
<sessionState
mode="InProc"
timeout="1" />
To avoid session fixation/hijacking we are heeding the common advice to create a new ASP.Net session for a user after authentication. Sounds simple enough. When a user authenticates we call Session.Abandon() the session ID cookie Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "") then redirect the user.
However, how do we know on the new page that the user has logged in? We cannot check a session variable because there are none, we just started a brand new session.
I would swear, though I cannot find it now, that on this site someone explained how you can abandon a session and then get the next subsequent session ID. This way you could store that information. Then on the "Start Page" a new session would begin and that page could look up the old Session based on the new ID and validate that a user logged in.
So, are there any masters of the ASP.Net Session classes that know how to do this?
I'm a bit stumped by this one. Have a VS 2008 website running on Windows 7 using the VS web server. One of the pages transfers to another page (page2). On page2, each time I cause a postback by clicking a button, I get a different session.sessionid. I was under the impression sessionid was constant throughout the session, i.e. until the browser is closed or the session expires (~20 minutes). Is this just a VS web server quirk?
View 1 RepliesI am searching to find a way to read and write on session data but with out having the HttpContext.Current.Why I won to do that ?, because I wish to make some action with the user Session after the page have been close and unloaded. For example, a user load and see a page, then I create a thread to make some action and let user go. Inside this thread I like to read the session data, but in this case HttpContext.Current is not exist any more.
So is there a way to read Session Data knowing just the session id.I store my session inside an sql server, and I see them... its there on table ASPStateTempSessions . How can I read them "offline" and manipulate them ?
How to get rid of Session.sessionID when abandoning the session?
Scenario : I abandon a session and create a new session again. This time the sessionID generated remains the same as earlier.
I hav a problem where I wanted to share session state between main page and subdomain page (example between [URL]. Naturally, in this case, the webserver will give me a different session id because the session id is bound to the domain.
But how can i override the sessionid of my main page when I come back to it?
i want to generate the new sessionid in the same httpcontext once the user is successfully authenticated.so, how can i do that ? ( please dont ask why do you want it, i got such kind of requirement).
View 3 RepliesI want to be able to log when a user ends their session on our application and record whether it was a sign out or a the session expired. I am using
cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
to set a new sessionId on sign out, but when the session expires, the sessionId is reused if the browser instance is not closed. In my web.config I have used
<sessionState mode="InProc" timeout="1" cookieName="session" regenerateExpiredSessionId="true" />
but still get sessions reused. I can't kill the cookie in Session_end() because I don't have access because there is no HttpContext or request, so I can't reset it that way. how I can force a new sessionId from the Global.asax.cs file?
It seems to me that ASP.net queues up all requests that use the same Session ID. Let's say you've got 3 pages. Default.aspx
protected void Page_Load(object sender, EventArgs e)
{
Session["asdf"] = "LOLZ";
}
Hitting this page would obviously create a new session if one doesn't exist.
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=ibjphuv0aiafqi453tyze345; path=/; HttpOnly
Then you hit Hang.aspx
protected void Page_Load(object sender, EventArgs e)
{
Thread.Sleep(10000);
}
And immediately after you hit any other page that this session ID would be passed to, doesn't matter if it does anything, let's call it Test.aspx. The sequence for loading is like so.
Request Timeline
"GET /" |*|
"GET /Hang.aspx" |******************************************|
"GET /Test.aspx" |**************************************|
I guess my question is how do I disable this feature. I understand it's useful to have so that session state can be more predictable, however in my case a long running reports page load is killing users' ability to multitask.
in one request i am updating session variable. in the other request, i am trying to access that session value, but it was blocked until the first request finish. I am using C# with ASP.NET 2.0 UPDATE: My page code looks like this.
while(int progress = DoWork() && progress <= 100 ){
Session["Progress"] = progress;
}
and my handler just return Session value.
context.Response.Write(Session["progress"].toString());
context.Response.End();
concerning requests being blocked from a main window after a popup window had initiated a file download. Further requests from the same session are being queued until the download is complete. So, is there any way to override this? Is there anyway to tell asp.net to not serialize same session requests? Is there any way to tell asp.net to ignore session for a specific request...httphander(module) or otherwise?
why requests from the same session are being queued until the download is complete. please tell me the funda behind it and how to overcome it.
I have developed an online exam application in college where we fix the timing for an exam the students conduct there exams at that time. this application is stored in local iis server in the college. i am using inproc session. here there are 200 students writing exam at a time .the problem is the browser stuck after some time and not resopnce unless we restrart the iis on the server. i checked the windows even log .the warning details are listed below. my question is ,is the inproc session is ok for here or i need to use the sql server session or state server session ...
Log Name: ApplicationSource: ASP.NET 2.0.50727.0Date: 3/10/2013 12:36:52 PM
Event ID: 1309Task Category: Web EventLevel: WarningKeywords: ClassicUser: N/AComputer: ZCW-HV01.zahracol.edu.om
Description:Event code: 3005 Event message: An unhandled exception has occurred.
Event time: 3/10/2013 12:36:52 PM Event time (UTC): 3/10/2013 8:36:52 AM
[Code] ....
What's the simplest and most effective way to selectively redirect HTTP requests to your ASP.NET page to its HTTPS equivalent? For example, if my page site URL is [URL], I want to redirect some (or all) page requests to [URL] What's the easiest way to do that?
View 2 Replieshow to regenerate a new Session ID in ASP.NET. If we are using SessionManager to generate a new id then it doesn't change the value of Session.SessionID. how this can be achieved. Basically I want to have a new Session.SessionID after abandoning Session or generating NewID with SessionManager.
View 1 Repliesif there is a way to dynamically change the session ID from the context of a SessionStateStoreProvider (or some other customizable module) in C# for ASP.NET.
I am implementing a custom SessionStateStoreProvider, and I was thinking about augmenting the session ID to tell the store provider where to go look for a session. I've implemented a custom SessionIDManager, which lets me augment newly created session IDs with the required tag. The problem is that the desired value of that tag might change during the life of a session. For example, the session may be read from one location, but may need to written to a different location. In this instance the ID would have originally been tagged for location A, but on writing the store would want to write to location B. The tag should be updated to reflect location B for the next session read.
So, from the context of SessionStateProviderBase override...
public override void SetAndReleaseItemExclusive(HttpContext context,
string id, SessionStateStoreData item, object lockId, bool newItem)
... is it possible to change the session ID? I know that the HttpContext.Session.SessionID property is not settable. Is there some other way to feedback an update like this? Or is there a more appropriate to carry state like this across calls?
Our solution is built on ASP.NET v1.1 framework. User is presented with login form, so upon providing credentials this information is posted back to the server. Upon postback SessionID changes and our application crashes as some information which is required for processing is stored in the cache and is identified by SessionID string as a part of the name.
This SessionID change happens absolutely randomly and only to some of the clients. Most of the time browser used to view the page and post info is IE8. I cannot reproduce this issue in our test environment, as SessionID is persistent though-out the whole testing process.
I've already checked all solutions, i.e.
Session cache is used on Page_Load to retrieve/store some information, so it's initialized and contains data stored. I've made a Health Monitoring check on Application_End event to capture any possible AppDomain crashes using Reflection and Diagnostics Libraries and retrieving ShutDownMessage from httpruntime object, but that's also not a case. Cookieless attribute of the sessionState in web.config is set to false (using URL to store SessionID is not an option) All MS security and bug fixes are installed on the server. IIS Server settings are similar to the ones we use in Test Environment.
When I run page in all of my pages url in addressbar show some unknown character like [URL] .....
And when I close browser and run again characters change... [URL] ....
what are these character?and how I can delete them?
Is it possible to change the SessionID Programatically without making the current Session Values to null.
View 3 RepliesI have an ASP.NET page that has a wizard control. I need to see if the same user is working on the page so I first time I insert a record and next time I update database records. I am using Session.SessionID to check if the same user is working on the page, but on every postback, SessionID gives a unique string and always the "insert" construct executes.
What is the best way to check the same user is working back and forth on the same page. User is not logged in, its an open form on the page.
I need to set ASP.NET_SessionId in order to dowload a file from server.
I use the following code
IContextChannel mychannel = (IContextChannel)myService;
using (OperationContextScope scope = new OperationContextScope(mychannel))
{
res = myService.DoSomething();
System.ServiceModel.Channels.MessageProperties messageProperties = ......
I'd like that when a user logoff or his session expires, tha SessionID is no longer valid.
I've found the way to do it when the user logoff, simply doing:
[Code]....
But I don't know how to do it when the session has expired. Apparently, if the session has expired and the browser tries again to connect, the same SessionID will be recycled, and I want the server issues a new one, how can I do it?
I'm running a WebMethod when a user clicks a link and I want the service method to have access to the clients SessionID but when I try to initialise a new string it returns a null value.
So to clarify(an example):
[WebMethod]
public string myMethod()
{
string s = Session.SessionID.ToString();
//rest of method here...
}
string s is returning null value. The code works fine on a postback and the method works without SessionID but I really want/need to be able to use a callback and need to be able to use the SessionID
i have two aspx page and two page is showing two different sessionid.using Label1.Text = Session.SessionID.ToString(); why
it is happen when two page is in same session. why page wise sessionid will be different.