State Management :: Best Way To Manage User State And/or Sessions?
Mar 25, 2010
My prior asp.net apps used windows authentication on an intranet. Now I'm developing an app for the internet and am stumbling over how to properly manage user sessions and state.
I first developed my web site functionality; created the SQL DB and got all of the pages to properly handle the data. Then, I installed the SQL Membership database and was able to get the CreateUser, Login, Logout pages to work. On the Verify process for the Userid, I added a step that will take the membership UserId value and create a Company record in my tables and link my CompanyId key with the UserId.
At Login time, I create a CompanyId session variable; each page uses it to retrieve records for the user. When Session Timeout occurs and the user click a link to another page, the app redirects properly to a Login page. However, if the time expires and then the user interacts on that same page, 'Object not set to an instance of the object' - the CompanyId session variable has expired.
What is the proper way to handle this? I'd like the page to automatically redirect to a TimedOut page (this would happen automatically without the user doing anything).
I considered writing a Function where I pass the Session variable I want and the Function sees if it exists; if it doesn't it would do a Response.Redirect to the TimedOut page...I can't get the Redirect to work in a Class Function ('reference to a non-shared member...').
I assumed that I should set CompanyId as a Session Variable so each page knows the user to get data for. Another approach is to use the membership User and if it is still valid, do a DB lookup to get the CompanyId. I did not choose this because I felt that it would increase DB traffic and web traffic.
Here are several relevant settings from my web.config:
<sessionState cookieless="UseDeviceProfile" />
<authentication mode="Forms">
<forms loginUrl="~/UserTasks/Login.aspx" />
It feels like there should be a straightforward answer to this but I am missing it.
View 7 Replies
Similar Messages:
Mar 21, 2010
I am trying to create a system in which there will be a single user accessing his acount from two endpoints simultanously.
I think this is possible.
1) How to restrict the user to have only one session at a time?
2) How to change it to have limited number of sessions per user at a time?
View 5 Replies
Aug 30, 2010
#Newbie alert# Only 8 months experience with school education back in 2002.
I'm using VS 2008, C# 3.5 to develop my own login system for our company website.
Originally we have a "simple" design which only had a login and order page.
That order page needs to be opened for 10-12 hours at the time while our stores are opened without having to relog into the system for each query.
We also have a requirement that some users need to access 2 different compagnies (separate inventories) which require 2 different logins.
I solved that "cross over" session problem by moving all the values into viewstate with my own viewstate manager class right after the login.
Now my problem is that we are adding more and more pages and I don't want to be stuck with the problem to resave the viewstate to session and then back on viewstate for every menu items and buttons.
Is there a way to create some sort of items list of all the sessions opened by the user and only transmit that from pages to pages?
View 6 Replies
Aug 4, 2010
We have take over a classic asp site. Everything works fine, but we are making improvements to some reports and adding new reports, so we are doing this in .NET, with that said, after reviewing the secuirty code, there are 2 sessions that are set and used thru-out the site as part of some of the individual page queries.
I know that the sessions are being populated, because the reports that use those values return records.. now with a new report we are working on, i need to pass those values into my query. But when i try using the session names the page is coming up saying the following:Object reference not set to an instance of an object.
Is there anyway to add something to my page code to see what sessions are actually being created and their values.. maybe im using the wrong variable names.. but the security code is pretty straight forward.. at login, if successful, 2 values are returned and stored in 2 sessions.. i need to use those with my new page.. so trying to figure out why the existing pages work fine with that and my new page does not..
Basically, i'd like to write to the screen the session variables that are being created on the login page.
View 11 Replies
Oct 6, 2010
I've created a whole bunch of rather complex classes and now i'm starting to work on the ASP.net user interface. Basically the user will open 1 page which will be used to load, edit, save an object. The object has many fields and they are often other classes i've created. To create a nice interface i've used popups and used AJAX to reload parts of the page to avoid reloading the whole thing.
My plan was to create the object and save it to the session. Then each time the page is loaded copy the object values to the asp fields and do the reverse when the page has been submitted copying the asp values to the object field then updating the session object.
So the code will go something like:
onload:
if session is not null load from session otherwise create new
this.txtID.text = object.id
this.txtName.text = object.name
etc etc
on submit:
object.id = this.txtID.text
object.name = this.txtName.text
etc etc
update session.
Is this what you guys would do? or am i over thinking this, seems like a lot of code to load all the object fields each time the page is opened and submitted etc.
Just looking to bounce ideas of off other developers :D
View 4 Replies
Jun 17, 2010
I am wondering if it is possible to clear a session variable if the user navigates away from my site.
My example is I have a session storing the logged in user. This is checked for user access to each page.
If the user goes to another site (e.g. google) I want them to relog into the site.
This is to prevent others getting access to a users account if they use the same pc minutes.
I do have a logout that performs this and I know that it is impossible to make users use it! :)
View 2 Replies
Feb 22, 2011
1. I am using Session to maintain some value. I have to read some value from a one sessions value in another session. Here I think i can maintain it using cookie or maintaining the session in state server or sql server. but I want to know is there any other approach in maintaing the state in client side .
2. I have set the session variable in page load . after that i am trying to access the session value in web service consumed by that webiste. but I was not able get the same session in web service. can i know what is work around I need to do for getting the same session in web service also.
3. I need to bind a gridview using javascript ,Can i create the source for binding to it in javascript itself. i mean like datatable.
View 5 Replies
Nov 2, 2010
i have a situation where worker process recycling is causing session to expire and loose all the session data. Change to State Server and SQL server seems to be very complicated and impossible beacuse we use third party objects which are non-serializable. We need to let users keep running our ship tracking website for weeks or months beacuse they use it in their lobby and they do not want to touch it again. What alternatives i have if worker process recycles which causes to loose session data. I will need to atleast retain their user id and password to autologin them incase session expires.
View 5 Replies
Dec 31, 2010
This last week I had an issue about refreshing all open sessions on an asp.net web site. The scenario it's like this:
It's a LAN application with different roles (let's say "Role A" and "Role B") and a database of SQL server.
Any "Role A" user can click a button and start something like a survey (defines a query and the possible options).
Then, any "Role B" user have to answer that survey (just once).
Here comes my problem...if I am a "Role B" user, and I have the "AnswerToSurvey.aspx" page open...how it can automatically update or refresh after the "Role A" user inserted the survey? I mean, I know that if I press F5 I will achieve it, or even using asp:Timer or javascript timer, but any of them are precise.
Any suggest? I've tried using Global.asax Application_BeginRequest and so, but no lucky. Is there any effective way to notifiy a user that something has changed? I'm not looking for a "chat like" system, just notify any "Role B" user about the change.
View 3 Replies
Feb 9, 2011
I have a asp.net page with a codebehind. I have 2 buttons on the page. When clicking on button 1 I get some data from my database and save it for later use in Sessions.
[Code]....
View 4 Replies
Nov 5, 2010
how do i pass data between two asp.net webservice sessions ?
this is the scenario, we've windows application and web service. our windows app calls a third party web site which requires data from our applciation. this 3rd party suggested that we create a web service that they can call from the web site.
after some reading it looks like i can use "application" object to store the data so that we store data in session with a specific session key and give it to web site and web site passes this session key in all methods it uses in webservice. is this best approach to take ?
View 8 Replies
Apr 21, 2010
I've been working on this problem for some time without success. We have this website that has been working for many years now and we have been using cookieless sessions since the begining. Now we are integrating with another site to handle payment throught redirection. This provider ask for two adresses for success or failure of a payment so we have something like [URL] and [URL]. For design purpose thoses two pages do not exists and I use an httpModule to route to the proper page. I use httpApplication.Context.RewritePath to send to the proper page but I can never find back the session my user had before redirecting to the payment provider.
If I change the session mecanism to use cookies (cookieless="false" or cookieless="UseUri") with a few other tweaks, everything works fine Does anybody know if this has a chance to work? Is there a way to re-attach to an existing session?
View 2 Replies
Apr 23, 2010
I am saving for each user a session with information about his current page viewing.
Each time the user is moving to a new page, I am updating the session with the new page he is right now.
Now, my question is if I can make any loop over all of my users session and answer a question like: How many users are now on page "2.aspx" for example?
View 2 Replies
Apr 14, 2010
I am having two aspx pages(Page1.aspx,Page2.aspx).I am stioring values in Session in Page1.aspx and retriving the same values from Page2.aspx.But if the session value is null I am getting an error as 'Object reference not set to an instance of an object.'Here is my code..
[Code]....
View 5 Replies
Aug 11, 2010
We have used Session heavily in our application, we have created core classes (which have many properties) and store objects of core class in the session.
1) What could be the best solution for reflector activity?
2) What could be the best way to manage session in an application which has 100 pages?
View 9 Replies
Apr 23, 2010
I have a session state that myself and others on my team have been bashing our heads against the wall for the past week. We have tracked it down to the following:
1) Frame page containing content pages creates a session
2) Content page creates a session, stores data in the session
3) User changes drop down list with SelectedIndexChanged autopost back and displayed fields are changed using an UpdatePanel. A new session is created, data stored in the prev. session is lost
4) User posts back, no session is created this time, however the post back fails because the session from step 2 is lost.
Now, a user closes the page, comes back, and it actually starts to work:
1) Frame page containing content page opens (no new session)
2) Content page loads data, stores in session (no new session)
3) User changes drop down list with SelectedIndexChanged auto postback and displayed fields are changed using an UpdatePanel. Sesson NOT lost
4) User posts back form, success
ASP.NET on the first visit to the site insists on creating 3 sessions, we log it in Session_Start. I can't think of any reason this should happen. I've been told the frame will always be on a seperate session; thats fine, its only being used to setup scrolling
within a frame in Dynamics CRM. The biggest question is why when we insert data into the session in step #2, it is discarded in step #3.... but only during the first visit to the page!
I've never seen this session behavior before; we don't have any session abandonments in our code, and we never clear session objects, so there shouldn't be any reason for the session to be lost.
View 2 Replies
Aug 9, 2010
I have an ASP .NET website that uses cookieless sessions When the initial request is made to the site IE just displays the standard "Internet Explorer cannot display the webpage" message Firefox displays the following message: The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. *This problem can sometimes be caused by disabling or refusing to accept cookies. The site works fine with my development server and under IIS6. If I switch off cookieless sessions then everything is fine
View 3 Replies
Dec 30, 2010
A value needs to be passed from an asp.net application to another within the same domain. How we can do?
View 5 Replies
Jan 21, 2011
I built an intranet application using code from this project (link and more details below):
Everything seemed to work during testing, but when multiple people are using the shopping cart, items show up across sessions.
For instance, if two orders are created at the same time, an item in Order 1 will show up in Order 2 by hitting the shopping cart refresh button.
Order 1 and Order 2 are two separate computers and being used by two different logins. Cookies are enabled in the browsers.
when an item is added like this: ShoppingCart.Instance.AddItem(arryProductId(i))
Should it not add that to a unique instance of the cart and nobody else be able to see these items?
We are getting ready to deploy this and this is a major issue. Any help would be greatly appreciated.
-=-=-=-=-
http://www.ajaxprojects.com/ajax/tutorialdetails.php?itemid=423
An instance of the shopping cart is created like this:
If HttpContext.Current.Session("ASPNETShoppingCart") Is Nothing Then
Instance = New ShoppingCart()
Instance.Items = New List(Of CartItem)
HttpContext.Current.Session("ASPNETShoppingCart") = Instance
Else
Instance = CType(HttpContext.Current.Session("ASPNETShoppingCart"), ShoppingCart)
End If
When I insert items, they are added like so:
ShoppingCart.Instance.AddItem(arryProductId(i))
View 1 Replies
May 17, 2010
I would like to clear sessions after hitting back button . Iuse the java script to disable back button how can i clear sessions now after hitting back button.
I use the following script
<script type="text/javascript">
function preventBack(){window.history.forward();}
setTimeout("preventBack()", 0);
window.onunload=function(){null};
</script>
View 6 Replies
May 6, 2010
The document http://msdn.microsoft.com/en-us/library/ms178581.aspx states the following about expired sessions:Regenerating Expired Session Identifiers By default,the session ID values that are used in cookieless sessions are recycled.That is,if a request is made with a session ID that has expired, a new session is started by using the SessionID value that is supplied with the request.This can result in a session unintentionally being shared when a link that contains a cookieless SessionID value is used by multiple browsers.As you can see it talks about "cookieless sessions" but,what is the behavior for sessions based on cookies? Does it apply to .NET Framework 3.5?
View 2 Replies
Sep 1, 2010
We have a web site that implements a custom SiteMapProvider using a User Control added in the master page. I need to be able to limit the sitemap nodes added depending on the logged in user, that is, certain users should not see certain sitemap nodes. Currently, the login processing code determines if users are in the certain category or role and then sets a value in session state, for example, Session["UserInRoleXXX"] = "Yes"; I tried changing the code in the user control to check the session state, but I got the following error: NullReferenceException ... Object reference not set to an instance of an object." Can session state be accessed in a user control?
View 6 Replies
Dec 10, 2010
How are you all managing your web page state?
Anyone using complex database methods - so that a user can pick up a web experience that might have accidentally been left?
Anyone doing any complex state management for internal (INTRANET) sites? Where authentication is not an issue?
I'm looking for alternatives to simple SESSION() vbls.
View 6 Replies
Apr 13, 2010
I have a problem to manage session variable in to different virtual directory. I need to access Session value from one virtual directory to another virtual directory. For Example I have a Web Site in my IIS with one page. Page 1
[Code]....
I have another virtual directory under the same Web Site with one page as follows.
Page 2
[Code]....
I can't access session value of Page 1 from Page2!I need to access Page 1 Session value from Page 2.
View 3 Replies
Sep 10, 2010
We got a problem that Sessions got mixed up when open multiple tab in a single application. We could change the code that do not use session variable in a that level, but a tons of page need to be modified. We need to find a quick fix for this problem. Is any thing we can do in code level to prevent user open multiple tab in a single application? O any thing we can do to keep its own session for a single tab?
View 6 Replies