State Management :: Behavior For Sessions On Cookies Can Apply To .NET Framework 3.5?
May 6, 2010
The document http://msdn.microsoft.com/en-us/library/ms178581.aspx states the following about expired sessions:Regenerating Expired Session Identifiers By default,the session ID values that are used in cookieless sessions are recycled.That is,if a request is made with a session ID that has expired, a new session is started by using the SessionID value that is supplied with the request.This can result in a session unintentionally being shared when a link that contains a cookieless SessionID value is used by multiple browsers.As you can see it talks about "cookieless sessions" but,what is the behavior for sessions based on cookies? Does it apply to .NET Framework 3.5?
View 2 Replies
Similar Messages:
Mar 25, 2010
My prior asp.net apps used windows authentication on an intranet. Now I'm developing an app for the internet and am stumbling over how to properly manage user sessions and state.
I first developed my web site functionality; created the SQL DB and got all of the pages to properly handle the data. Then, I installed the SQL Membership database and was able to get the CreateUser, Login, Logout pages to work. On the Verify process for the Userid, I added a step that will take the membership UserId value and create a Company record in my tables and link my CompanyId key with the UserId.
At Login time, I create a CompanyId session variable; each page uses it to retrieve records for the user. When Session Timeout occurs and the user click a link to another page, the app redirects properly to a Login page. However, if the time expires and then the user interacts on that same page, 'Object not set to an instance of the object' - the CompanyId session variable has expired.
What is the proper way to handle this? I'd like the page to automatically redirect to a TimedOut page (this would happen automatically without the user doing anything).
I considered writing a Function where I pass the Session variable I want and the Function sees if it exists; if it doesn't it would do a Response.Redirect to the TimedOut page...I can't get the Redirect to work in a Class Function ('reference to a non-shared member...').
I assumed that I should set CompanyId as a Session Variable so each page knows the user to get data for. Another approach is to use the membership User and if it is still valid, do a DB lookup to get the CompanyId. I did not choose this because I felt that it would increase DB traffic and web traffic.
Here are several relevant settings from my web.config:
<sessionState cookieless="UseDeviceProfile" />
<authentication mode="Forms">
<forms loginUrl="~/UserTasks/Login.aspx" />
It feels like there should be a straightforward answer to this but I am missing it.
View 7 Replies
Feb 22, 2011
1. I am using Session to maintain some value. I have to read some value from a one sessions value in another session. Here I think i can maintain it using cookie or maintaining the session in state server or sql server. but I want to know is there any other approach in maintaing the state in client side .
2. I have set the session variable in page load . after that i am trying to access the session value in web service consumed by that webiste. but I was not able get the same session in web service. can i know what is work around I need to do for getting the same session in web service also.
3. I need to bind a gridview using javascript ,Can i create the source for binding to it in javascript itself. i mean like datatable.
View 5 Replies
Nov 2, 2010
i have a situation where worker process recycling is causing session to expire and loose all the session data. Change to State Server and SQL server seems to be very complicated and impossible beacuse we use third party objects which are non-serializable. We need to let users keep running our ship tracking website for weeks or months beacuse they use it in their lobby and they do not want to touch it again. What alternatives i have if worker process recycles which causes to loose session data. I will need to atleast retain their user id and password to autologin them incase session expires.
View 5 Replies
Aug 30, 2010
#Newbie alert# Only 8 months experience with school education back in 2002.
I'm using VS 2008, C# 3.5 to develop my own login system for our company website.
Originally we have a "simple" design which only had a login and order page.
That order page needs to be opened for 10-12 hours at the time while our stores are opened without having to relog into the system for each query.
We also have a requirement that some users need to access 2 different compagnies (separate inventories) which require 2 different logins.
I solved that "cross over" session problem by moving all the values into viewstate with my own viewstate manager class right after the login.
Now my problem is that we are adding more and more pages and I don't want to be stuck with the problem to resave the viewstate to session and then back on viewstate for every menu items and buttons.
Is there a way to create some sort of items list of all the sessions opened by the user and only transmit that from pages to pages?
View 6 Replies
Dec 31, 2010
This last week I had an issue about refreshing all open sessions on an asp.net web site. The scenario it's like this:
It's a LAN application with different roles (let's say "Role A" and "Role B") and a database of SQL server.
Any "Role A" user can click a button and start something like a survey (defines a query and the possible options).
Then, any "Role B" user have to answer that survey (just once).
Here comes my problem...if I am a "Role B" user, and I have the "AnswerToSurvey.aspx" page open...how it can automatically update or refresh after the "Role A" user inserted the survey? I mean, I know that if I press F5 I will achieve it, or even using asp:Timer or javascript timer, but any of them are precise.
Any suggest? I've tried using Global.asax Application_BeginRequest and so, but no lucky. Is there any effective way to notifiy a user that something has changed? I'm not looking for a "chat like" system, just notify any "Role B" user about the change.
View 3 Replies
Feb 9, 2011
I have a asp.net page with a codebehind. I have 2 buttons on the page. When clicking on button 1 I get some data from my database and save it for later use in Sessions.
[Code]....
View 4 Replies
Nov 5, 2010
how do i pass data between two asp.net webservice sessions ?
this is the scenario, we've windows application and web service. our windows app calls a third party web site which requires data from our applciation. this 3rd party suggested that we create a web service that they can call from the web site.
after some reading it looks like i can use "application" object to store the data so that we store data in session with a specific session key and give it to web site and web site passes this session key in all methods it uses in webservice. is this best approach to take ?
View 8 Replies
Apr 21, 2010
I've been working on this problem for some time without success. We have this website that has been working for many years now and we have been using cookieless sessions since the begining. Now we are integrating with another site to handle payment throught redirection. This provider ask for two adresses for success or failure of a payment so we have something like [URL] and [URL]. For design purpose thoses two pages do not exists and I use an httpModule to route to the proper page. I use httpApplication.Context.RewritePath to send to the proper page but I can never find back the session my user had before redirecting to the payment provider.
If I change the session mecanism to use cookies (cookieless="false" or cookieless="UseUri") with a few other tweaks, everything works fine Does anybody know if this has a chance to work? Is there a way to re-attach to an existing session?
View 2 Replies
Apr 23, 2010
I am saving for each user a session with information about his current page viewing.
Each time the user is moving to a new page, I am updating the session with the new page he is right now.
Now, my question is if I can make any loop over all of my users session and answer a question like: How many users are now on page "2.aspx" for example?
View 2 Replies
Mar 21, 2010
I am trying to create a system in which there will be a single user accessing his acount from two endpoints simultanously.
I think this is possible.
1) How to restrict the user to have only one session at a time?
2) How to change it to have limited number of sessions per user at a time?
View 5 Replies
Apr 14, 2010
I am having two aspx pages(Page1.aspx,Page2.aspx).I am stioring values in Session in Page1.aspx and retriving the same values from Page2.aspx.But if the session value is null I am getting an error as 'Object reference not set to an instance of an object.'Here is my code..
[Code]....
View 5 Replies
Aug 4, 2010
We have take over a classic asp site. Everything works fine, but we are making improvements to some reports and adding new reports, so we are doing this in .NET, with that said, after reviewing the secuirty code, there are 2 sessions that are set and used thru-out the site as part of some of the individual page queries.
I know that the sessions are being populated, because the reports that use those values return records.. now with a new report we are working on, i need to pass those values into my query. But when i try using the session names the page is coming up saying the following:Object reference not set to an instance of an object.
Is there anyway to add something to my page code to see what sessions are actually being created and their values.. maybe im using the wrong variable names.. but the security code is pretty straight forward.. at login, if successful, 2 values are returned and stored in 2 sessions.. i need to use those with my new page.. so trying to figure out why the existing pages work fine with that and my new page does not..
Basically, i'd like to write to the screen the session variables that are being created on the login page.
View 11 Replies
Apr 23, 2010
I have a session state that myself and others on my team have been bashing our heads against the wall for the past week. We have tracked it down to the following:
1) Frame page containing content pages creates a session
2) Content page creates a session, stores data in the session
3) User changes drop down list with SelectedIndexChanged autopost back and displayed fields are changed using an UpdatePanel. A new session is created, data stored in the prev. session is lost
4) User posts back, no session is created this time, however the post back fails because the session from step 2 is lost.
Now, a user closes the page, comes back, and it actually starts to work:
1) Frame page containing content page opens (no new session)
2) Content page loads data, stores in session (no new session)
3) User changes drop down list with SelectedIndexChanged auto postback and displayed fields are changed using an UpdatePanel. Sesson NOT lost
4) User posts back form, success
ASP.NET on the first visit to the site insists on creating 3 sessions, we log it in Session_Start. I can't think of any reason this should happen. I've been told the frame will always be on a seperate session; thats fine, its only being used to setup scrolling
within a frame in Dynamics CRM. The biggest question is why when we insert data into the session in step #2, it is discarded in step #3.... but only during the first visit to the page!
I've never seen this session behavior before; we don't have any session abandonments in our code, and we never clear session objects, so there shouldn't be any reason for the session to be lost.
View 2 Replies
Aug 9, 2010
I have an ASP .NET website that uses cookieless sessions When the initial request is made to the site IE just displays the standard "Internet Explorer cannot display the webpage" message Firefox displays the following message: The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. *This problem can sometimes be caused by disabling or refusing to accept cookies. The site works fine with my development server and under IIS6. If I switch off cookieless sessions then everything is fine
View 3 Replies
Dec 30, 2010
A value needs to be passed from an asp.net application to another within the same domain. How we can do?
View 5 Replies
Jan 21, 2011
I built an intranet application using code from this project (link and more details below):
Everything seemed to work during testing, but when multiple people are using the shopping cart, items show up across sessions.
For instance, if two orders are created at the same time, an item in Order 1 will show up in Order 2 by hitting the shopping cart refresh button.
Order 1 and Order 2 are two separate computers and being used by two different logins. Cookies are enabled in the browsers.
when an item is added like this: ShoppingCart.Instance.AddItem(arryProductId(i))
Should it not add that to a unique instance of the cart and nobody else be able to see these items?
We are getting ready to deploy this and this is a major issue. Any help would be greatly appreciated.
-=-=-=-=-
http://www.ajaxprojects.com/ajax/tutorialdetails.php?itemid=423
An instance of the shopping cart is created like this:
If HttpContext.Current.Session("ASPNETShoppingCart") Is Nothing Then
Instance = New ShoppingCart()
Instance.Items = New List(Of CartItem)
HttpContext.Current.Session("ASPNETShoppingCart") = Instance
Else
Instance = CType(HttpContext.Current.Session("ASPNETShoppingCart"), ShoppingCart)
End If
When I insert items, they are added like so:
ShoppingCart.Instance.AddItem(arryProductId(i))
View 1 Replies
Jun 17, 2010
I am wondering if it is possible to clear a session variable if the user navigates away from my site.
My example is I have a session storing the logged in user. This is checked for user access to each page.
If the user goes to another site (e.g. google) I want them to relog into the site.
This is to prevent others getting access to a users account if they use the same pc minutes.
I do have a logout that performs this and I know that it is impossible to make users use it! :)
View 2 Replies
May 17, 2010
I would like to clear sessions after hitting back button . Iuse the java script to disable back button how can i clear sessions now after hitting back button.
I use the following script
<script type="text/javascript">
function preventBack(){window.history.forward();}
setTimeout("preventBack()", 0);
window.onunload=function(){null};
</script>
View 6 Replies
Sep 10, 2010
We got a problem that Sessions got mixed up when open multiple tab in a single application. We could change the code that do not use session variable in a that level, but a tons of page need to be modified. We need to find a quick fix for this problem. Is any thing we can do in code level to prevent user open multiple tab in a single application? O any thing we can do to keep its own session for a single tab?
View 6 Replies
Apr 23, 2010
how to create cookies in asp.net . and how to access them ?
View 6 Replies
May 12, 2010
i have 3 pages, lets say pageA, pageB and pageC.
1 . From "pageB", i'm sending some data to "pageA" and and retriving the result with using HTTPWebRequest and HTTPWebResponse classes. I have no problem with this
2. pageA fills some session data, like Session["CustomerInfo"] .
3. After retrving some data from "pageA", I'm redirecting from "pageB" to "pageC".
At PageC, i want to use session variables which i fill at "pageA":
At pageB, i get the CookieContainer of the HTTPWebRequest object and it retrives correct SessionId.
And here is the code that redirects pageB to pageC:
Response.Cookies.Clear();
Request.Cookies.Clear();
foreach (Cookie cookie in SessionCookieContainer.GetCookies(new Uri(http://localhost/bla/bla)))
{
Response.Cookies.Add(new HttpCookie(cookie.Name, cookie.Value));
Request.Cookies.Add(new HttpCookie(cookie.Name, cookie.Value));
}
//Response.Redirect("../Default.aspx");
Server.Transfer("../Default.aspx",true);
At pageC , Request.Cookies and Response.Cookies are set truly, as i sent them from pageB, but there is nothing in the session. Session.Count is zero. And SessionId is different from the value which is stored in cookies.
View 4 Replies
Jul 12, 2010
In my website I am maintaining cookies for the login so that if I open the browser again then no need to login again.
But when I am switching browser(from ie to ff or viceversa) then the cookies are lost and the user is not identified, I want to maintain them in this scenario also.
View 2 Replies
Oct 17, 2010
[Code]....
[Code]....
View 2 Replies
Sep 29, 2010
can you tell Will sessions kill when application error occurs which is in global.aspx ?
ex:
[code]....
View 1 Replies