I built a small ASP.NET application. It has a global.asax and sets some session variables on Session_Start(...).What could prevent (all) session variables from not being set? Would a session time out do it? What if JavaScript turned off? What else can do it?
View 2 Replies
Does somebody now a good way to make session not transferable, so an user can't move/copy the session token ID from one machine to another?
View 2 RepliesOur intranet has a custom membership system (not asp membership) which puts values in the session information to identify users. As the intranet is constantly evolving, I often have to publish changes to the live server several times every day. Each time I do, the users who are logged in's sessions end and they have to log in again. This causes various issues which I won't bore anybody with here.
My question - is there anyway to prevent this, or do I just have to live with it? Have spent the last 3 hours Goggling and can find no solution.
I have a .Net 3.5 website which uses windows authentication and expires the session using a meta tag on the prerender of my base masterpage class.
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
if (Response.ContentType == "text/html")
this.Page.Header.Controls.Add(new LiteralControl(
String.Format("<meta http-equiv='refresh' content='{0};url={1}'>",
SessionLengthMinutes * 60, SessionExpireDestinationUrl)));
}
This works well for pages that do full post backs. However there are a few pages in my application where the user does a lot of work that is inside of an update panel. My company's policy is a timeout of 15 minutes. Which means, after 15 minutes of working inside of an update panel page, the user gets redirected to the application splash page.
Is there a way to reset or extend the meta tag on an async postback? Or perhaps a better way to accomplish this entirely?
i'm using session variables for send variables between aspx page and it works fine ...but after some time of inctivity(user) in the page the sessions is los...how can i resolve this issue ? this is my code below how to send session :
protected void Lst_Interv(object sender, EventArgs e)
{
Session["Id"] = gdMedical.SelectedRow.Cells[0].Text.Trim();
Session["Service"] = gdMedical.SelectedRow.Cells[6].Text.Trim();
Session["Nom"] = gdMedical.SelectedRow.Cells[2].Text.Trim();
string pageurl = "LstIntervention.aspx";
Response.Write("<script> window.open('" + pageurl + "','_blank'); </script>");
}
I managed to user to perform multiple log on from other IE window session in my web application if the same log on is currently being used.Unfortunately I have problem to control multiple log on if the user is logging in using tab browsing in the same session. I know this is due to the same session Id but is there any way to trace down to the tab level within the same session?
View 2 RepliesHacker's attack the session ID in asp.net application. How can we protect the session identifier from hackers.
View 1 Replieshow to prevent the two session on a single browser ie: first i opening a site on mozilla then login after logged in . I am opening a new table with the same url login using different user after that suppose there is one link called view my profile on user home page if if click the link on first tab browser, it showing the user details on second tab browser user details ie: previous session.how to prevent or avoid this ?
View 6 RepliesI'm new to asp world, and I have to keep my new job :)Switching form php to asp.net 3.5 (never used before). What would be the best practice for storing a SESSION variable in my project ?How can I prevent my SESSION to be overwritten if my initialisation code is in the onPageLoad method of my MasterPage ?My variables keeps beeing overwritten, please someone help me and tell me if there is any other solution than dealing with this pageLoad problem.
View 3 RepliesI'm researched how about prevent session timeout, I tested the solutions links bellow and it works great.
http://www.primaryobjects.com/CMS/Article86.aspx
http://www.codeproject.com/KB/session/Reconnect.aspx
But my Website has one thing that still causing problems... the Website calls an ActiveX. Some time in the user navigation the user clicks in a button and a JavaScript loads an ActiveX with the code bellow.
var objDownload = new ActiveXObject('XXXXXX');
objDownload.ActiveXMethod();
This ActiveX makes a huge processing and this is why I'm want the trick to avoid the session expires. I tested the both above solutions but when the ActiveX is running no refresh happens. Can anyone help with this problem? How the ActiveX can be running and the IE makes the refresh?
How to distroySession in asp.net(vb). When I Distroy the session if i click to the back button it will not redirected to previous page.I used
Session.Abandon()Response.Redirect("Default.aspx")
on the click of logout_linkbutton.but when i click back button in browser its go back to previous page. But when i click on any control it will redirected to Default.aspx.
I have a problem with all multiple tab browsers due to session object. I have a requirement that whenever user opens a new browser I need to show different values, so I thought of using Session as in IE 6 every browser creates a new session. But all other multiple tab browsers IE 8 and FF shares the session(If user has already open the browser and try to open different browser). How can I create new session whenever user opens a new browser window. My application is basically in ASP.NET and server side we have C#.
View 1 RepliesI have ASP.net application that is basically a data entry screen for a physical inspection process. The users want to be able to have multiple browser windows open and enter data from multiple inspections concurrently. At first I was using cookie based sessions, and obviously this blew up.I switched to using cookie-less sessions, which stores the session in the URL and in testing this seemed to resolve the problem. Each browser window/tab had a different session ID, and data entered in one did not clobber data entered in the other.
However my users are more efficient at breaking things than I expected and it seems that they're still managing to get the same session between browsers sometimes. I think that they're copying/pasting the address from one tab to the other in order to open the application, but I haven't been able to verify this yet (they're at another location so I can't easily ask them).Other than telling them don't copy and paste, or convince them to only enter one at a time, how can I prevent this situation from occurring?
How to prevent Session.Timeout extension on certain event from codebehind?
What I do - I have Session Timeout configured in Web.config file for 10 minutes. Also, I have in my webpage1.aspx, an ASP.NET AJAX control ModalPopup which shows into the page 9 minutes after the user stopped sending requests to webpage1.aspx. I did this with this code:
[Code]....
[Code]....
So, my initial calculations was that 1 minute before the session ends, i'll inform the user something with the ModalPopup. The problem is that when this Timer1_Tick event triggers, the session.timeout renew ( or extends ) and the session ends 10 minutes later (if user still don't send any request from his browser).
Can I write code in Timer1_Tick event which prevent session extension?
since a have an app, that makes heavy use of AJAX (jQuery), I faced a problem of session timeout.
After a little bit of googling I found something like :
[Code]....
In the refresh page I have just this code :
[code]....
jQuery indeed calls refresh page, writes "success", however- session times out.
Am I doing wrong something? Is there a better way to prevent session time out?
Preventing user to open duplicate web application,while it is running .....
View 1 Repliesi am using a multi selecting file upload control which is postBack free.
I am using session timeout.
My problem is that during files uploading my session got expired. Bcoz my uploader not being postback so i can't enhance session timeout. and while uploading my session got expired and process was not ompleted, causes some imp files could not uploaded.
I added the following code to global.asax to load up several session variable when a session starts. I'm assuming that when a page goes to use the variable that I should be
1) checking at the page level that the value is valid not 0 when its not expected to be 0, not a zero-length string when its expected to have a length
2) have code at the page level that sets the values if the values have not been set as when the Session timeout, ideally putting the code in a class derived from Page and then deriving all of my pages from the new class so that the code does not have to be repeated in every page
[Code]....
I have a problem by getting session which created for new site visit or session expired.
View 3 RepliesI want the code for showing popup dialog box , to show the time remaining for session closing because of in-activity. and 2 buttons for allowing to stay or to signout.
i want all the settings that are need to achieve the functionality.
I have a class called EditMapUtilities. Here are some class properties that I want to persist:
public class EditMapUtlities
{
public static Boolean isInitialEditMapPageLoad
{
get { return SessionHandler.isInitialEditMapPageLoad; }
set { SessionHandler.isInitialEditMapPageLoad = value; }
}
// REST OF CLASS NOT GERMAIN TO DISCUSSION AND OMITTED
}
Here is my SessionHandler Class following the pattern from this post Static Session Class and Multiple Users:
using System.Web.SessionState;
public static class SessionHandler
{
private static HttpSessionState currentSession
{
get
{
if (HttpContext.Current.Session == null)
throw new Exception("Session is not available in the current context.");
else
return HttpContext.Current.Session;
}
}
//A boolean type session variable
private static string _isInitialEditMapPageLoad = "EditMapInitialPageLoad";
public static bool isInitialEditMapPageLoad
{
get
{
if (currentSession[_isInitialEditMapPageLoad] == null)
return true;
else
return (Boolean)currentSession[_isInitialEditMapPageLoad];
}
set
{
currentSession[_isInitialEditMapPageLoad] = value;
}
}
}
I am still learning OOAD. I want to keep relevant properties with relevant classes. I also want to keep all Session stored variables in one place for ease of maintenance and to encapsulate the session keys and calls. I feel like my design is too coupled though. How can I make it more loosely coupled? Is my editMapUtilities class too tightly coupled to the SessionHandler class? How would you do it better?
Let suppose, I am building an asp.net website which has login scenario in it. I want to provide a certain functionality to the website that if the user is already login on computer 1 and now try to login on computer 2, so he will be allowed to remain login on computer 2, while automatically logout him from computer 1. I also know that http is a stateless medium, so whenever user interact with computer 1 and try to interact with the page, it will get noticed at that time.
View 2 RepliesIs there room for issue in the following code in terms of multiple users of the same web application? I mean, I know that a purely static string will be shared across all sessions for a single ASP.NET application, but since this explicitly refers to the Current.Session, even though it is static it seems like it would always refer to the session instance of the "current user." But an error is happening that could be explained by everyone sharing the current value of Mode and thus the most recent change overwriting everyone else's mode value. (As a background: This string is in a Helpers class that is used throughout the application. I do not want to make references to Session["Mode"] throughout the application and do not want to have to pass Session["Mode"] in every method call from an aspx.cs page.)
public static string Mode
{
get
{
var value = HttpContext.Current.Session["Mode"];
return (value ?? string.Empty).ToString();
}
set
{
HttpContext.Current.Session["Mode"] = value;
}
}
I use some session variables to get the job done(shopping cart, etc) but it is not stable..manytimes I get no items in session object and other times(refreshing the page) I get missing data...I downloaded the entire site code to my local pc and debugged it and run it succesfully without any session data missing...When I run it in the server, I get bad session again: no products in shopping cart or products with missing quantities...
The same website runs smoothly in our production server too....The problem is with our development server...
I have some code in my page load event where I just want to fire once when the user opens the Browser. The only issue is if you open a new tab with the same website the session variable does not reset. Is there a way to reset the session variable when you open a new tab or do you have to take the whole web browser down for it to clear the session variable.
In Global Page:
[code]....
