i want to generate the new sessionid in the same httpcontext once the user is successfully authenticated.so, how can i do that ? ( please dont ask why do you want it, i got such kind of requirement).
View 3 RepliesI have a user login panel(called loginPanel1) standart from visual studio login control. 2 textbox 1 login button.
textBox1=UserName
textBox2=password
loginbutton1
I have a simple database table for user records:
Userid: int 4 key unique
username: varchar 50 not null
pass: varchar 50 not null
On user click to login button i query usertable from mssql usertable. If password is match i create a sessionid to try the user is verified temporarily for page. (my method can be wrong i dont know good the session and membership login session carry in asp.page)
When user pass is correct i open session with following code.
SqlDataAdapter adaptor1 = new SqlDataAdapter("select * from userTable where userName='" + Login1.UserName+"'", sqlconnection1);
...
(cleared long code)
filling ds with adaptor here
..
loginbutton1 click event:[code]....
There can be methodoligcal mistakes.
My question related to above is: 1. I have a sessionid (for example i set timeout 1 hour ) with above check. When user want to post a comment to a journalentry. How can i query that sessionid that earlier login page created, and how to deal with that sessionid to logically belongs to that user. I mean i have a sessionid per logged user that is obtained with checking from sql database to verify the user. But at next page (comments.aspx), when user wanted to post a comment to a journal for example. What should i do about that sessionid in comments.aspx's page "post comment" button event to check if that user is logged in. My question or my method can be wrong for user authentication about logins. I could not much find another method that easy level to log a user and carry the information about user logged in.
2. should i carry that sessionid with url (if i could manage to carry the sessionid to next comments.aspx page), how will i use it to ask like "that id is obtained by username snoopy" is username snoopy has logged in because there is a sessionid about that.I mean how to use sessionid when a user logged in with earlier page login.aspx that wanted to post a comment in comments.aspx. explain to useage of sessionid for login check i would appreciate. I checked some topics, some of them uses loginPanel of visual studio's automatically created database without any code behind. Others deal too complicated for user login info carry between pages.
it is possible to change dynamically the session time for currently logged user. I'm communicating with a WebService which does a long-running task, and while the it sends the final response, I don't want the user to be logged out.
View 2 RepliesI'm wondering if it's possible to perhaps set something up in the global.asx file or something that will build a list of all currently active user sessions that I can then use to display to a logged in user, who else is currently logged in.
Currently I store my userId's in a session variable Session["IsLoggedIn"], so basically i want to build an global array of some sort that will store all these active userId's.
Let me know if this is possible, or who i would go about accomplishing this sort of thing. BTW, I'm not using asp.net's built in membership thing for login accounts.
I'm building a web application: some pages will be accessible by non logged-in users (demo and sign-up pages) and others will only be accessible by logged-in users (actual application). In the global.asax file, I'm currently handling the session start event by loading some variable from a query that's based on the UserID. What will happen when a non-logged in user looks at a page? I guess my question is really about how to handle the session start event when it's a logged-in user, when it's not and when a user logs in. I want a certain number of queries to run only once per session, after the user logged in.
View 2 RepliesMy 3.5 app uses Forms Authentication. I create an authentication cookie (ticket) with an expiration date of one day. The cookie's IsPersistent is set to True. I do not use any session variables. Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the session and the cookie were independent of each other.
I would like to change the logged in user to another user temporarily to do some process.
For example, say I am logged in as "Joe". In my method, I want to make the logged in user from "Joe" to "SuperUser", do some process, then change the logged in user back to "Joe".
My web application uses forms authentication. One of my users who uses IE8 says that she always stays logged into the website on her computer. This is even after she closes the browser window and restarts the computer. This only happens on her computer, if she switches computers the same thing won't happen.
I'm baffled by this. Is there a setting in IE that could save her login information and automatically sign her in every time she accesses the website? Is there anything else to look into?
we are migrating existing windows form application to asp.net(3.5) intranet portal, there is a requirement whereby database connection should be made by the logged in windows user. Is it possible to achieve this functionality?
View 1 RepliesIs it possible to change the SessionID Programatically without making the current Session Values to null.
View 3 RepliesI'm a bit stumped by this one. Have a VS 2008 website running on Windows 7 using the VS web server. One of the pages transfers to another page (page2). On page2, each time I cause a postback by clicking a button, I get a different session.sessionid. I was under the impression sessionid was constant throughout the session, i.e. until the browser is closed or the session expires (~20 minutes). Is this just a VS web server quirk?
View 1 RepliesWe are developing for a customer a series of .NET intranet applications currentlydeveloped in ASP. However we would like to avoid the users the annoyance of having of login twice when they pass from one .NET application to an ASP one, Is there any way to export the session data from one application to the other?
View 1 RepliesI have a web application that initializes a third-party com application to perform few calculations. The website is deployed on a windows 2008 server (standard edition).
The problem I have been facing is that when I am logged in to the server (Remote Desktop Connection only as the server is not local), the com application initializes fine. But when I log-off or just close the remote desktop connection, the application doesn't get initialized. I have searched for a solution and found this:
[URL]
I created the scheduled task as I didn't know how to create the windows service (the description at
http://support.microsoft.com/kb/251192 is too confusing), and got the application to run when windows starts before even the user logs-in. But in even in this case, the application doesn't work unless the user is logged in and when I log-in, a second instance is created (with exactly the same user (admin)) and the original instance is never used.
I cannot get the application to run without logging off or atleast having to close the remote desktop connection.Is there anything I am doing wrong?
Why does the property SessionID on the Session-object in an ASP.NET-page change between requests?
I have a page like this:
...
<div>
SessionID: <%= SessionID %>
</div>
...
And the output keeps changing every time I hit F5, independent of browser.
I've seen this work correctly in other projects.
I'm storing the session IDs of the logged-in users in a database, so I need to kill some sessions using the session Ids stored in the database, but unfortuently I'm not able to get any session using the seesion ID so that I can kill it.
View 1 RepliesI'm writing some logging code that is based on SessionID. However, when I log out (calling Session.Abandon), and log in once again, SessionID is still the same. Basically every browser on my PC has it's own session id "attached", and it won't change for some reason. My Session config looks like this:
<sessionState
mode="InProc"
timeout="1" />
To avoid session fixation/hijacking we are heeding the common advice to create a new ASP.Net session for a user after authentication. Sounds simple enough. When a user authenticates we call Session.Abandon() the session ID cookie Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "") then redirect the user.
However, how do we know on the new page that the user has logged in? We cannot check a session variable because there are none, we just started a brand new session.
I would swear, though I cannot find it now, that on this site someone explained how you can abandon a session and then get the next subsequent session ID. This way you could store that information. Then on the "Start Page" a new session would begin and that page could look up the old Session based on the new ID and validate that a user logged in.
So, are there any masters of the ASP.Net Session classes that know how to do this?
I am searching to find a way to read and write on session data but with out having the HttpContext.Current.Why I won to do that ?, because I wish to make some action with the user Session after the page have been close and unloaded. For example, a user load and see a page, then I create a thread to make some action and let user go. Inside this thread I like to read the session data, but in this case HttpContext.Current is not exist any more.
So is there a way to read Session Data knowing just the session id.I store my session inside an sql server, and I see them... its there on table ASPStateTempSessions . How can I read them "offline" and manipulate them ?
How to get rid of Session.sessionID when abandoning the session?
Scenario : I abandon a session and create a new session again. This time the sessionID generated remains the same as earlier.
I hav a problem where I wanted to share session state between main page and subdomain page (example between [URL]. Naturally, in this case, the webserver will give me a different session id because the session id is bound to the domain.
But how can i override the sessionid of my main page when I come back to it?
I am implementing the Ecommerce projects, where I need to static SessionID, is there any way to maintain the SessionID in the Entire Application.Explanation of my question is herehttp://stackoverflow.com/questions/2467644/session-sessionid-in-asp-netbut How can I implement this approach.
View 2 Replieshow to display the 'successfully saved' message box in asp.net web application by using javascript.
View 4 RepliesWe are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I want to be able to log when a user ends their session on our application and record whether it was a sign out or a the session expired. I am using
cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
to set a new sessionId on sign out, but when the session expires, the sessionId is reused if the browser instance is not closed. In my web.config I have used
<sessionState mode="InProc" timeout="1" cookieName="session" regenerateExpiredSessionId="true" />
but still get sessions reused. I can't kill the cookie in Session_end() because I don't have access because there is no HttpContext or request, so I can't reset it that way. how I can force a new sessionId from the Global.asax.cs file?
I want to change password. however, i am not sure because I did not use my side as a membership at all.
However, when the user log in, i saved username as a session.
So is it possible for me to use the session.. check the database.. and change the password from there??? :)
How am I suppose to do that?