Web Forms :: Session Variables Are Accessible To Multiple Users?
Oct 8, 2010
I have an asp.net website in which users can submit reports. Another tester and I tested this page at the same time and when I went to review the information I submitted, it displayed information that I didn't submit. It displayed the info submitted from the other user.
I use session variables for these values. I don't understand how this happened? What can I do so each user can individually submit their information without overlapping some one else's information? The plan is for multiple users to be able to use this page to submit their weekly layer reports.
The first example of code is how I add the session variables from the textboxes.
[Code]....
The second one is how I display them in labels on a confirmation page.
There are a couple of user's experiences session variable loss after they've clicked a confirm button and their information is email via a relay hosting server. Below, I commented exactly where the session variables get lost.
What could be causing the session variable loss? So far, this only happens to a few users.
URL....I use this one as my login, and I addes hyperlink for Forgot Password. But why I can't access the FORGOT PASSWORD.aspx for every time I click it. And when I login it redirects t Forgot Password.How I can access it without logging in?
i am trying to collect 2 variables from one hyperlink, and use those variables in the page_load to set as session. but i don't know how to collect those 2 variables
i would like to collect '#FF0000','#FFE4E1' or direct set '#FF0000','#FFE4E1' to string then send to pageload, how can i do this by only clicking on it ?
On Default.aspx.vb page under on_load sub I'm setting a value on Session() but, if I try to access the same value on Default.aspx, it shows as empty. Here is the code:
I have a website for a simple game. When people sign in their Player ID is stored in a Session variable. I have integrated SMS payments so that my players can buy credits to use to play. This is where the problems start:
To buy credits, players are presented with an .aspx page that holds an IFRAME of the SMS payment proviers form. A code is entered, and the IFRAME POSTS to a URL on the providers server. It is then redirected back to an URL on my server(www.XXX.com/process.aspx), where I handle the results (i.e adds credits to th players account if the payment was successfull).
However, the session dies on return.
I tried with cookies, and saves the player ID in a cookie, but when upon return to www.XXX.com/process.aspx I cannot read the cookie? I'm checking for if (cookie == null) and it evaluates to TRUE, so the player is redirected to an error page.
How come the cookie cant be read? Is it because the POST is coming from an outside URL? And, what about when I do it with a session variable? Same thing there?
I use some session variables to get the job done(shopping cart, etc) but it is not stable..manytimes I get no items in session object and other times(refreshing the page) I get missing data...I downloaded the entire site code to my local pc and debugged it and run it succesfully without any session data missing...When I run it in the server, I get bad session again: no products in shopping cart or products with missing quantities...
The same website runs smoothly in our production server too....The problem is with our development server...
I have some code in my page load event where I just want to fire once when the user opens the Browser. The only issue is if you open a new tab with the same website the session variable does not reset. Is there a way to reset the session variable when you open a new tab or do you have to take the whole web browser down for it to clear the session variable.
There are reams of info out there about things causing InProc session to drop session objects, but that's not what's happening here. We're missing individual variables within stable InProc session objects, and are not sure whether they're not being written or being lost after a successful write. I've confirmed with WinDBG that the sessions are live and contain some, but not all, of the data written to them.
This code is pretty straightforward, and it works flawlessly in Test. In Production, under heavy load, though, it fails ~1% of the time. If Mr Smith visits the site and attempts to display 4 pieces of image data, 2 of them might be saved in his session and two of them be lost. The InProc session object for Mr. Smith exists. The traffic logs show he clicked 4 times, each with a different id param. But there are only 2 guids in his InProc session object, instead of 4. The 2 session objects we did capture do correspond to 2 of the id's shown in the traffic log (his 1st and 3rd clicks.) The traffic logs for his 2nd and 4th clicks, though, show a guid id that's not in his InProc session object.
Lines 1&3 of the above code obviously worked for those 2nd and 4th clicks, or he'd not have had the id in the URI for him to click. Line 2, however seems to have failed silently in some way. If any exception had been thrown, I'd expect we'd not ever have arrived at line 3. I can't see any way for the user to receive the guid id, but the session to fail to have it. The other possibility is line 2 worked successfully, but the variable later disappeared, how I cannot even imagine.
Details: ASP.NET v3.5 IIS 6 No Web Gardening
We're running a web farm, but users constantly return to the same server. I'm researching now whether there's any way users might be slipping off to the other server.
i have deployed my website on a particular server. i have some limitations in using viewstate and session variables. those pages in which i have used ViewState variables (for storing some information), i user accesses that page and does not do any activity for 5 minutes and if after 5 minutes he does any kind of activity (click on Link or button etc) then he receives following error: "Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."
how i can avoid above error? another problem is with session. My session expires just after 2-3 minutes. What should i do for maintaining session for long time? i can not use cookies, as if user has disabled the cookies then my website will not work...
I am developing an application using Visual Studio 2010 and SQLServer 2008. My application has two pages and the first page contains a GridView with all the records "User Administration" and when user click on any Username (template field ->linkbutton) I read the USERID like this.
which takes it to the Data Entry page where user updates the information and save the data.
The problem i am facing is that when I hit the browser REFRESH button couple of times the session variables looses the value which is trouble for me as I am using Session Variables for different purposes.
When user log's in with it's emaild and password, I have stored it's email id in session variable as: Session("user"). After logged in, If i leave the page kept opened OR ideal for sometime and after thatt if I select any option from user profile, the session variable get expired and send's me back to login page. I want that if I would create 2 to 3 session variable's it should remain activated for longer period. So that even if page kept ideal for longer period and then if selects any option, the session variable's should not be expired soon.
For reasons I would rather not discuss, I need to create a custom authentication system for my app. I was just reviewing the system and am having some doubts if my solution is thread safe. My goal was to create a solution that would allow my app to authenticate a user one time and that users authentication info would be shared by all master pages, pages, classes, user controls, etc that are used. (But not share the same info between users) Here is my setup: PageHttpModule.cs - this is added to the web.config as a httpModule.
public class PageHttpModule : IHttpModule { public void Init(HttpApplication app) { app.AuthenticateRequest += new EventHandler(OnAuthenticateRequest); } public void OnAuthenticateRequest(Object s, EventArgs e) { CurrentUser.Initialize(); } public void Dispose() { } } CurrentUser.cs public static class CurrentUser { public static bool IsAuthenticated { get; private set; } public static string Email {get; set;} public static string RealName {get; set; public static string UserId {get; set;} public static void Initialize() { CurrentUser.AuthenticateUser(); } Note: this is a scaled down version of my authentication code. public static void AuthenticateUser() { UserAuthentication user = new UserAuthentication(); user.AuthenticateUser(); if (user.IsAuthenticated) { CurrentUser.IsAuthenticated = true; CurrentUser.UserId = user.UserId; CurrentUser.Email = user.Email; CurrentUser.RealName = user.RealName; } } } UserAuthentication.cs public class UserAuthentication { public string Email { get; set; } public string RealName { get; set; } public string UserId { get; set; } public bool IsAuthenticated { get; private set; } public UserAuthentication() { IsAuthenticated = false; Email = String.Empty; RealName = String.Empty; UserId = String.Empty; } public void AuthenticateUser() { //do some logic here.. if the user is ok then IsAuthenticated = true Email = address from db UserId = userid from db; Realname = name from db; } }
I have tested between 3 different browsers and it seems to work fine, but I am still learning and don't want to make a huge mistake. If my logic is totally wrong, then how should I do it so I dont have to put user lookups on every page directly?
I have an app which has a form that used to use AutoPostBack rigged controls (dropdowns, radiobuttons etc.) in an updatepanel, and I used to set session values on each postback. I posted the form using PostBackUrl to an external page, using a bit of javascript OnClientClick to copy my data into meaningfully named hidden fields.
Now, I've had to rewrite the AutoPostBack-ing controls so that all the cascading dropdown work and date calculation etc. is done in JavaScript, and not in C# - no more postbacks, no more updatepanel.
This means I've lost the ability to set my session values on postback. Can anyone think of a solution for setting these before I post my form? I need to set the session variables, plus post (querystrings are not an option) to the external page with the values from my form - and actually send the user to the external page, too.
I can get selected values from my first page with session. In my second page i want to populate product details side by side in listview with this values. How can i do it?
I have a web application that contains a MasterPage and a Web.sitemap file for the navigation. I am loading the navigation into an <asp:Repeater> control and I associating it with <asp:LinkButton>; something like this:
[Code]....
I have two issues:
Setting Session Variables: I'd like to set some session variables when any menu item is clicked.Dynamic Url: Once the Session variables are set, I'd like to set the url dynamically after the Session variable is set The thing is, I'd like to use the same aspx file for two different menu items, and I'd also like to set some session variables at the time of menu selection. I am aware that I cannot use the same url when I define the url in the web.sitemap file.
if i want to get multiple values from database and pass this dataset to another page can we use session to store the dataset values..i knw we can..but some one says that its not a gud approach..this will cause server process down..is it true?if it so then wat are all the other ways to do that?
Is there room for issue in the following code in terms of multiple users of the same web application? I mean, I know that a purely static string will be shared across all sessions for a single ASP.NET application, but since this explicitly refers to the Current.Session, even though it is static it seems like it would always refer to the session instance of the "current user." But an error is happening that could be explained by everyone sharing the current value of Mode and thus the most recent change overwriting everyone else's mode value. (As a background: This string is in a Helpers class that is used throughout the application. I do not want to make references to Session["Mode"] throughout the application and do not want to have to pass Session["Mode"] in every method call from an aspx.cs page.)
public static string Mode { get { var value = HttpContext.Current.Session["Mode"]; return (value ?? string.Empty).ToString(); } set { HttpContext.Current.Session["Mode"] = value; } }
If I have a 2 control load events and one page load event subs and the control1_Load events fires first, can I lookup some database things and persist them? I would like to use the persisted data in the other two events when they fire. Normally I've been using session variables , is there a better way?
i have a first page and user selecting some products. Passind with session. Retrieving from first page. And in this point i want to connecting my northwind db and display selected products detail side by side in my second page. (listview or datalist) here is my second page codebehind.
Am trying to design login page for my website and I am looking for methods other than forms authentication. The way in which I am trying is to have a table in the database that stores user information and check for the user validity.
The point where I get struck is how do i set cookies and session variables and how will I carry it through out the system. Can anyone tell/suggest me where I can relevant material so as to move forward. And also is my idea of negating traditional forms authentication and going for a model I described, is it good also does any other better method exist?
