State Management :: Logged In Again Using Formauthentication?
Feb 28, 2011
I have a requirment , my site is using Formauthentication cookie to validate the users , so once the same user is logged in to another browser again ( same Machine or different) then I need to log off the first site and need to allow the second one active.I am thinking to implement this by storing a uniqueID in the DataBase user table .Once the user Logs in then I will store this ID in to the database and for each request I will check whether the ID is same or not, once the user logs again in to another browser then the Unique ID will get generated again and store (update the previous one) to the user table so that the request from the fisrt instance browser will fail to validate and kick out to login Page.this procedure will reduce the performance since all the time it need to intract with DB, so is there any other possible way to Implement this scenario with out using BD - but using formauthentication cookie.
Many web applications use sessions to check the logged in status of the users. Is there a better approach to check the logged in status instead of using session state?
I'm looking at a pure ReSTful approach where is no session state at all. This may make more sense in an mvc application rather than an asp.net application.
I have created a simple website in asp.net using forms authendications but when I publish my website in IIS 6 on a Windows Server 2003 machine it keeps the users logged in for ever even though I have set the web.config to expire after 30 min. My website has 2 pages a login.aspx and a home.html. When I run the website in my development machine using the ASP.NET Development Server I have no problem the website works as expected meaning the users can not access the home.html unless the have been authendicated by the login.aspx page.
Also once loged in, after clearing the browser cookies the web site asks for login again which is again the behavior that I am trying to accomplish. However once the website is on IIS does not take in account the authendication that I have set up on my web.config. What is overriding my web.config? Do I need to make some changes to the global configuration of IIS?
I am working on a asp.net 3.5 app. In the Global.asax in the Application_Error method, I am logging everthing to ddatabase (log4Net).
I have a session limit of 20 minutes. What happens when the user hits that limit and then clicks on the Submit Button of the app. ?Will that generate any exception? and will that exception be logged into my database as I am logging all exceptions in my Application_Error method.
want to know, if the developer is logging out of the website , when .Net Custom Error pages are displayed. If the browser's back button is pressed, previously logged-in page is displayed again. Is there any session going on. How to remove all relevant cookies on logout.How to resolve this
We've got a fairly large, complex web application that uses Forms Authentication to authenticate users. Throughout the application we store and retrieve information about users in the Session object, and in some cases in cookies. In a couple places we check for the existence of the context, and if it's null we send the user back to the login page to re-establish the session. Just a quick run-down of this web app: C#, .NET 3.5, IIS 6, ASP.NET State Service to manage sessionAs for the session timer, we use our own home-grown timer, which is basically a client-side timer, which is backed up by a check to the SQL database to see when their last activity was. This seems to work well for us. It's not perfect, but it allows us to notify the user before the session times out, and allows us to be certain we're not logging a user out before their 60 minutes of inactivity is up.What's happening is that certain users are being logged out after just a few minutes. We've eliminated the timer as a cause and believe what's happening is the HttpContext.Current is null, so the user is logged out. We do not know why the HttpContext.Current is null, and I understand there are many reasons that may occur. What I'm trying to figure out is, is there any way to re-establish the context once it is null? If not, is there anything I can do at this point other than have the user login again? We're also trying to figure out a better way of managing user information (preferences, roles, flags, history, etc), but everything needs context to use, right? Cookies, sessions, cache, etc. all require a response or request, correct? hope this makes sense, because I really need help with this. I've searched the forums here, and found many posts about HttpContext.Current going null, but not a lot of solutions for this...
I want know, If an error has occurred and website is redirected to the Custom Error Page and is also logged out. If back button of the Mozilla browser is pressed, previous logged in page is displayed. I have also used 1. Response.Cache.SetCacheability(HttpCacheability.NoCache); 2. Response.Cache.SetExpires(DateTime.Now);
in Page_init on Custom error page. Also set the values of .ASPXAUTH and other cookies to 1 but again page is not going to the Login Page. These cookies could also not be removed.
I have a web application which uses a session variable to store the logged in userid. If no user is logged in, of course this variable will be empty and the contents displayed on my website are meant for guests. If there is a user logged in, the user specific controls/access/links will then be a displayed.
I am now having issues with my hosting where on shared application pool, the worker recycle is triggered every 90 minutes, this will clear sessions causing all my users to be logged out. I opted for a dedicated application pool, which got worse because I am only allocated 50MB memory limit and if this is reached, the worker recycle is triggered and I lose my sessions again. I have tried as much as possible optimization techniques, e.g. dispose where possible, close connections, disable viewstate for static controls etc but my memory per instance keeps building up from page to page without any signs of improvement. I don't use loops nor store huge objects like bitmaps etc but my sessions are now gone even faster than 90 minutes in shared application pool before.
I have considered using SQL Session State but there isn't a simple guide on using this with MySQL. I am getting desperate and considering using a public variable, a string as a replacement to store logged in user id instead of in a session variable. I am pretty sure this will solve my issue with sessions being recycled but are there any negative consequences of doing this? One problem I can think of is if the user closes the browser, the system will never know that the user is now logged out and this public variable should be nothing. In this scenario, will the GC eventually clear this abandoned public variable.
I am doing a POC of making my website run faster. Currently it stores huge object data in Session while passing information from one page to another. What I was thinking is to use shared methods and properties instead of session. It works, but wanted tocheck if this is an optimum way to do it. Below is the code that does not use session but still pass object data from one page to another:
i have a form on page1.aspx with several controls (textbox, dropdownlist, etc).on Page1 PageLoad event i load data from database and performe databinding.From Page1 a user can, by clicking a specific button, move to Page2.aspx to insert some details and, after saving details, he returns to page1.
if save changes are made on control on page1 before save them to db, obviously, these are lost on return from page2 (because are reloaded on pageload from db).How can i save control status between pages round trip?
Requirements: Create a Web Page in ASPx that will do the following:
1)One label will provide a count of how many times Button 1 has been clicked in the current session.
2)One label will provide a count of how many times Button 1 has been clicked by all users of the application. The Application Code for the Button should start at 100 (set this in the Global.asax file). this is what i have so far but i cant seem to get the application state to work properly.
aspx.vb
Partial Class _Default Inherits System.Web.UI.Page Dim clickcount As Integer
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Session("ClickCount") Is Nothing Then clickcount = 0 Else clickcount = CInt(Session("ClickCount")) End If If Not IsPostBack Then If Request.Cookies("UserName") IsNot Nothing Then Label1.Text = "Welcome Back " & Request.Cookies("UserName").Value & "." End If End If Dim clickCounta As Integer = CInt(Application("ClickCount")) End Sub Protected Sub PostBackSession_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles PostBackSession.Click clickcount += 1 lblClkCnt.Text = "Current Click Count is " & clickcount Application.Lock() Dim clickCounta As Integer = CInt(Application("ClickCount")) clickCounta += 1 Application("ClickCount") = clickCounta Application.UnLock() AppClick.Text = clickCounta Dim nameCookie As New HttpCookie("UserName", _ TextBox1.Text) nameCookie.Expires = Now.AddYears(1) Response.Cookies.Add(nameCookie) End Sub Protected Sub PostBackSession_PreRender(ByVal sender As Object, ByVal e As System.EventArgs) Handles PostBackSession.PreRender Session("ClickCount") = clickcount Application("ClickCount") = clickcount End Sub End Class global.asax <script runat="server"> Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs) Dim clickCounta As Integer = CInt(Application("ClickCount")) Application.Add("ClickCount", 0) End Sub Sub Application_End(ByVal sender As Object, ByVal e As EventArgs) Dim clickCounta As Integer = CInt(HttpContext.Current.Application("ClickCount")) End Sub Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs) ' Code that runs when an unhandled error occurs End Sub Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs) End Sub Sub Session_End(ByVal sender As Object, ByVal e As EventArgs) End Sub
Customer were getting "View State Validation Error" due to worker process recycling at our production webserver and to fix that i applied machinekey and then move my Session state Mode from In Proc to State Server to retain session data and not kick out the customer to relogin. I had serialization issue with one object which has to be stored in session but when i moved it out of session i could able to resolve the issue.
But doing all these i was partly successfull in keeping the user in their session when Worker Process recycle event occurs.I was able to refresh the page or make a post back by clicking the refresh button and also able to retain the session values. But the Problem occurs when sending asynchronous request to server which we do periodically every 15 minutes from the moment the user logs in.The web page doesnot update data on website when sending asynchronous request.By Debugging I found at this particular code point it fails to make a postback which is required.
<%=GetHintFromServer%> (When there is no Worker Process recycle i t gets replaced by WebForm_DoCallback('__Page',message,ShowHint,null,null,false) on postback) Everything works fine when there is no Worker Process Recyling but when it happens looks like sending request asynchronously using javascript fails .Remember When I make a post back by manually clicking submit button everything works fine.
Let me explain, describing the scenario:In a custom server control (in my case, derived from CompositeControl), in the overidden CreateChildControls method I create a complex tree of subcontrols, using information from a db.The db provides both information on which controls I need to create (the user interface's structure) and the data used to fill these controls.Than the user can interact with the control and change the data (that becomes different to what stored on db).
My custom control lives in the same page where there are other controls, obviously.And these controls can cause a postback at any time.What I need is that my custom control keeps the data entered by the user across these postback, without reverting to the original data and loose the user data entry.
Here is the first doubt:
1)I create the subcontrols dinamically in the CreateChildControls at any page refresh (both on first call than on postback).I know that the framework solves the reference between the posted data and the controls I create in the CreateChildControls in order to set properties and raise control events, but can you tell me when and how it actually does this? In which phase of page life cycle? What happens after the CreateChildControls?
A second doubt:2)If the user interface structure must change as a consequence of the data entered, I had to execute CreateChildControls twice (the first time to recreate the original interface to get the events and the second time to create the new interface) In which phase of page/control lifecycle do I have to make the second call to CreateChildControls? I do it on Prerender now, but is it right or wrong, and why?
I am new to .net 4.0 and am using EF Model and SessionState Mode=SqlServer and I am getting this error below:
Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the session state objects, and as a result non-serializable objects or MarshalByRef objects are not permitted. The same restriction applies if similar serialization is done by the custom session state store in 'Custom' mode.
I checked the stack trace and its complaining about
I marked it as serializable but then it complains about System.Data.Objects.ObjectContext is not marked as serializable and hence throws the same error.
I am having a ASP.net application it having three pages ,page 1,page 2,page 3,when the user navigating between this pages I want to maintain the view state in page level after postbacks(i.e.) .If a user visits page 3, passing some query loads some data .then he moves to page 1 doing some entries .after that he once again moves to page 3 now I want to display the data previously available at the time he moves to page 1, same way I want to do to my three pages up to the user logging out.
Our ASP.NET App uses ASP State Session Management and has been rebuilt about 2 years ago [With .NET Framework 2.0]. We are currently in .NET framework 3.5 and have moved to SQL Server 2008 - but continue to use the same ASPState database. The State database has been upgraded to SQL Server 2008. Since then we have are seeing timouts/locks on ASPStateTempSessions table. I am wondering if we have to rebuild this database from scratch with some newer scripts?
I'm still debugging my application so it's on the local server. As I debug and stop then debug again, eventually lblNoOfUsers.text turns to "0" instead of "1", even as I'm navigating my application. It only turns to "1" again if I log out and sign back in. It's almost as though Membership.GetNumberOfUsersOnline my login are referencing two different session states. How is this possible? Does asp.net create a new session state cookie each time I start debugging?
All we have a global ships position tracking website which runs smoothly until IIS application pool recycles.When there is workerprocess recycling looks like session state expires as a result i loose all session data and when customer clicks refresh button he is redirected to login page.
In web.config Session state mode is set to InProc so i changed it to State Server but to my luck i have MAP object which is not serialiazable which is causing the maps from not appearing on the website.I tried adding serializable attribute to the object class but still not succesfull.Our website is accessed by our customers whose count is more than 1000.
Changing the session state mode from InProc to StateServer can really slow down the response time so Is it good to go further fix the serailizable issues and move to state server?.
Is there any way I can retain my session data when application pool recyles?..
Stopping Application pool from recycling may not be a good idea considering health factor of web server.
