How to get rid of Session.sessionID when abandoning the session?
Scenario : I abandon a session and create a new session again. This time the sessionID generated remains the same as earlier.
on click of logout button, i want to call a web service method that will get that particular user's session and call its abandon method. But how can i pass that session variable to that web method ?
Calling of web method is done through java script.
Session.Abandon() in not working ASP.NET 2.0 (C#) in a few cases. In the same application its working fine in other places.
< sessionState
mode="StateServer"
cookieless="false"
timeout="20" />
The session mode is "SateServer".
In my ASP.NET application I need to allow only one session for a user ? When a user does login more than once, I want to get to user's previous session and abandon it. I'm keeping track of all user sessions by means of session id. But Session.Abandon is available only for the current session associated with a request and not previous sessions. I have the session id of the user's previous session but how can I end it ?
View 3 Repliesi allow my admin to login from his login page and login information verified and stored into an session after that, he visited into an client page, there is an logout button this will visible whether session has the user id or admin user id else it'll be invisible.
now the scenario is:
1. admin logged into admin page
2. then in the address bar type the client page name
3. now the client page is check whether has the userid or admin user id in Session, now the session has admin user id so, its show the Logout button.
4. from this client page, the admin clicks on Logout button, here i have Abandon the session and moved into the admin login page.5. now again admin types the same client page name in the address bar from his login page(but now he didnt logged in).6. this time i set the break point on client page_load event but its not hitting the event also its visible the Logout button also.so, how its not hitting the page_load event and why the logout button is visible after loggedout.
I'm writing some logging code that is based on SessionID. However, when I log out (calling Session.Abandon), and log in once again, SessionID is still the same. Basically every browser on my PC has it's own session id "attached", and it won't change for some reason. My Session config looks like this:
<sessionState
mode="InProc"
timeout="1" />
To avoid session fixation/hijacking we are heeding the common advice to create a new ASP.Net session for a user after authentication. Sounds simple enough. When a user authenticates we call Session.Abandon() the session ID cookie Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "") then redirect the user.
However, how do we know on the new page that the user has logged in? We cannot check a session variable because there are none, we just started a brand new session.
I would swear, though I cannot find it now, that on this site someone explained how you can abandon a session and then get the next subsequent session ID. This way you could store that information. Then on the "Start Page" a new session would begin and that page could look up the old Session based on the new ID and validate that a user logged in.
So, are there any masters of the ASP.Net Session classes that know how to do this?
How do I abandon the session when the user closes the browser window instead of pressing the logout button in ASP.Net 3.5 application.
View 5 RepliesI'm storing the session IDs of the logged-in users in a database, so I need to kill some sessions using the session Ids stored in the database, but unfortuently I'm not able to get any session using the seesion ID so that I can kill it.
View 1 RepliesI hav a problem where I wanted to share session state between main page and subdomain page (example between [URL]. Naturally, in this case, the webserver will give me a different session id because the session id is bound to the domain.
But how can i override the sessionid of my main page when I come back to it?
How to get unique session id that generated same for all browser tabs and different and always unique when we close and open new browser in asp.net code.
View 2 RepliesI have an ASP.NET page that has a wizard control. I need to see if the same user is working on the page so I first time I insert a record and next time I update database records. I am using Session.SessionID to check if the same user is working on the page, but on every postback, SessionID gives a unique string and always the "insert" construct executes.
What is the best way to check the same user is working back and forth on the same page. User is not logged in, its an open form on the page.
I need to set ASP.NET_SessionId in order to dowload a file from server.
I use the following code
IContextChannel mychannel = (IContextChannel)myService;
using (OperationContextScope scope = new OperationContextScope(mychannel))
{
res = myService.DoSomething();
System.ServiceModel.Channels.MessageProperties messageProperties = ......
I'd like that when a user logoff or his session expires, tha SessionID is no longer valid.
I've found the way to do it when the user logoff, simply doing:
[Code]....
But I don't know how to do it when the session has expired. Apparently, if the session has expired and the browser tries again to connect, the same SessionID will be recycled, and I want the server issues a new one, how can I do it?
I have ASP page that host an ASP.NET page in iframe. When I test this in FireFox all work ok but when I use IE the ASP.NET page is creating a new sessionID for each request. it only work if I change the IE Privacy settings allow session cookies .
View 3 RepliesI want to see the asp.net_sessionid cookie on my IE browser. Where can I find it ?
View 8 RepliesI need to insert a SessionID into a database (along with other values). I'm getting the session ID simply by using Session.SessionID.
To test this, I've just assigned this to the text property of a label in a page.
Whenever I hit F5, the SessionId in the Label changes.
It is my understanding that the Session Id should remain the same until the browser is closed.
Am I wrong?
I need the SessionID linked to this browser session - a value which remains static until the browser is closed.
Normally, when my server gets an invalid sessionID on the url it rewrites it. However (several?) search engine(s) are sending requests to my server with a lower case in the session number, where there is normally an upper case S. So for example
(s(vou3fq454gk3fbrncrmk1bmj)) will not just rewrite the sessionID and keep going, but
(S(vou3fq454gk3fbrncrmk1bmj)) WILL rewrite the sessionID and keep going without an error.
This is filling up my database and making it hard for me to use it effectively, plus, I would just like it to work.
Is there any way for it is not care if that first '(s(' is lower case? Or is there a way for IIS to cope with this in an efficient manner?
I have my Web site set up to use SQL Server session state. This works fine. When a session starts, a row is created in ASPStateTempSessions.
When the user logs off the application, I am trying to call the stored procedure TempRemoveStateItem to clean up after myself (not sure if this is the right way to do it or not).
What I noticed is that the SQL table's SessionID column contains 32 characters whereas the .NET Session.SessionID value only contains 24 characters (which match the first 24 characters of the 32 characters stored in the SQL table). Because the values do not match, the stored procedure always fails.
Why would the SessionID value differ between .NET and SQL?
I read the solutioin for this error, at the following link :http://forums.asp.net/p/1046935/1576341.aspxbut I am still not clear what exactly causes the error. I have two doubts :1. Can anyone please elaborate a bit on this issue, with any example ????2. Is there any drawback of this approach ?
View 4 Repliesthe same hash value generated when I use different algorithms for viewstate encryption.I have added below lines to the web.config file
<pages viewstateEncryptionMode="Always" enableViewStateMac="true".../>
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="AES" decryption="Auto" />
Also, compilation debug="false" ... > is set.No matter what I use (AES, MD5, SHA1, 3DES),it generates the same hash.Is there something I am missing out.And what is the default algorithm used if I don't specify anything?
Customer were getting "View State Validation Error" due to worker process recycling at our production webserver and to fix that i applied machinekey and then move my Session state Mode from In Proc to State Server to retain session data and not kick out the customer to relogin. I had serialization issue with one object which has to be stored in session but when i moved it out of session i could able to resolve the issue.
But doing all these i was partly successfull in keeping the user in their session when Worker Process recycle event occurs.I was able to refresh the page or make a post back by clicking the refresh button and also able to retain the session values. But the Problem occurs when sending asynchronous request to server which we do periodically every 15 minutes from the moment the user logs in.The web page doesnot update data on website when sending asynchronous request.By Debugging I found at this particular code point it fails to make a postback which is required.
<%=GetHintFromServer%> (When there is no Worker Process recycle i t gets replaced by
WebForm_DoCallback('__Page',message,ShowHint,null,null,false) on postback) Everything works fine when there is no Worker Process Recyling but when it happens looks like sending request asynchronously using javascript fails .Remember When I make a post back by manually clicking submit button everything works fine.
SendRequest(Asynchronous)
function SendRequest(msg, isBusy, chartMsg, vesselMsg)
{
try
{
//confirm("msg"+msg+"isBusy"+isBusy+"chartMsg"+chartMsg+"VesselMsg"+vesselMsg);
_busy = isBusy;
if(chartMsg != null)
{
//confirm("chartMsg"+chartMsg);
_element.SetMessage(true, chartMsg);
}
if(vesselMsg != null)
{
confirm("chartMsg"+vesselMsg);
_element.ShowVesselLoading(true, vesselMsg);
}
_stuckWatchdog = setTimeout( "ClearPendingRequest();", 60000);
var message = msg;
var context = '';
<%=GetHintFromServer%>
}
catch(e)
{
alert( "Exception error on SendRequest(): " + e);
}
}
I am new to .net 4.0 and am using EF Model and SessionState Mode=SqlServer and I am getting this error below:
Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the session state objects, and as a result non-serializable objects or MarshalByRef objects are not permitted. The same restriction applies if similar serialization is done by the custom session state store in 'Custom' mode.
I checked the stack trace and its complaining about
[assembly: global::System.Data.Objects.DataClasses.EdmSchemaAttribute()]
[assembly: global::System.Data.Objects.DataClasses.EdmRelationshipAttribute("PoplarGroveModel", "tblMenuRole", "tblMenu", global::System.Data.Metadata.Edm.RelationshipMultiplicity.Many, typeof(PoplarGroveDataModel.Menu), "tblRole",
[Code].....
I marked it as serializable but then it complains about System.Data.Objects.ObjectContext is not marked as serializable and hence throws the same error.
Our ASP.NET App uses ASP State Session Management and has been rebuilt about 2 years ago [With .NET Framework 2.0]. We are currently in .NET framework 3.5 and have moved to SQL Server 2008 - but continue to use the same ASPState database. The State database has been upgraded to SQL Server 2008. Since then we have are seeing timouts/locks on ASPStateTempSessions table. I am wondering if we have to rebuild this database from scratch with some newer scripts?
View 2 RepliesI'm using the following line of code to display the number of users currently logged on:
lblNoOfUsers.Text = Membership.GetNumberOfUsersOnline().ToString()
I'm still debugging my application so it's on the local server. As I debug and stop then debug again, eventually lblNoOfUsers.text turns to "0" instead of "1", even as I'm navigating my application. It only turns to "1" again if I log out and sign back in. It's almost as though Membership.GetNumberOfUsersOnline my login are referencing two different session states. How is this possible? Does asp.net create a new session state cookie each time I start debugging?