We have a web site that implements a custom SiteMapProvider using a User Control added in the master page. I need to be able to limit the sitemap nodes added depending on the logged in user, that is, certain users should not see certain sitemap nodes. Currently, the login processing code determines if users are in the certain category or role and then sets a value in session state, for example, Session["UserInRoleXXX"] = "Yes"; I tried changing the code in the user control to check the session state, but I got the following error: NullReferenceException ... Object reference not set to an instance of an object." Can session state be accessed in a user control?
My prior asp.net apps used windows authentication on an intranet. Now I'm developing an app for the internet and am stumbling over how to properly manage user sessions and state.
I first developed my web site functionality; created the SQL DB and got all of the pages to properly handle the data. Then, I installed the SQL Membership database and was able to get the CreateUser, Login, Logout pages to work. On the Verify process for the Userid, I added a step that will take the membership UserId value and create a Company record in my tables and link my CompanyId key with the UserId.
At Login time, I create a CompanyId session variable; each page uses it to retrieve records for the user. When Session Timeout occurs and the user click a link to another page, the app redirects properly to a Login page. However, if the time expires and then the user interacts on that same page, 'Object not set to an instance of the object' - the CompanyId session variable has expired.
What is the proper way to handle this? I'd like the page to automatically redirect to a TimedOut page (this would happen automatically without the user doing anything).
I considered writing a Function where I pass the Session variable I want and the Function sees if it exists; if it doesn't it would do a Response.Redirect to the TimedOut page...I can't get the Redirect to work in a Class Function ('reference to a non-shared member...').
I assumed that I should set CompanyId as a Session Variable so each page knows the user to get data for. Another approach is to use the membership User and if it is still valid, do a DB lookup to get the CompanyId. I did not choose this because I felt that it would increase DB traffic and web traffic.
Here are several relevant settings from my web.config:
I have one web application. In that, I have two pages. One is view/edit page and another one is login page. The view/edit page contains one edit button and one login button.
First I execute view/edit page, at that time I dont want to show edit button. When user clicks login button, the page will be redirected to login page, where the user has to enter username and password. If user enters both correct, again the page will be redirected back to view/edit page. This time, the edit button has to be shown to make some modifications, since the user is authenticated.
I tried this thing by using session with cookieless. It works perfectly but some times it shows web page not available. I made session timeout 120 minutes and cookieless is true. In URL session ID also available.
So, whats the alternate way to maintain user log state or whats wrong in web.config file.
I am a little bit new at handling multiple sessions congruently.
Basically i have created a chat application. In which i have a moderator page.
Now the moderator has the privilege to block particular users from the chat. Every user including the moderator has a session variable defined as Session["UserID"].
e.g for the username "moderator" the Session["UserID"]=moderator.
Now as i am logged in as the moderator how do i delete the session of a particular user whom i want to block the chat from commencing.
I have a very basic application with user authentication. I also have a grid in my masterpage that shows all the users logged on. However, after a user logs out, it still shows them to be logged on in the users grid for the duration of the session, which is 20 mins. How do I get the grid to exclude users who've logged out? Here's the code behind for the grid:
I am looking for an elegant (i guess as elegant as it can be) solution to caching a users profile on login (whether it is session, cache, cookie, etc) and keeping it in sync when a users profile is changed. How do you guys handle this? Just simply call a Flush() method in your Save() method that invalidates the cache?
How can I redirect the user to the first page when they've been idle for more than 20 minutes or so?Here's my session timeout time in my web config file:
In my ASP.NET application I need to allow only one session for a user ? When a user does login more than once, I want to get to user's previous session and abandon it. I'm keeping track of all user sessions by means of session id. But Session.Abandon is available only for the current session associated with a request and not previous sessions. I have the session id of the user's previous session but how can I end it ?
Ok so I am working on a control that when the user comes from a specific website then it will be a certain action. What would be the easiest way to do this?
We have take over a classic asp site. Everything works fine, but we are making improvements to some reports and adding new reports, so we are doing this in .NET, with that said, after reviewing the secuirty code, there are 2 sessions that are set and used thru-out the site as part of some of the individual page queries.
I know that the sessions are being populated, because the reports that use those values return records.. now with a new report we are working on, i need to pass those values into my query. But when i try using the session names the page is coming up saying the following:Object reference not set to an instance of an object.
Is there anyway to add something to my page code to see what sessions are actually being created and their values.. maybe im using the wrong variable names.. but the security code is pretty straight forward.. at login, if successful, 2 values are returned and stored in 2 sessions.. i need to use those with my new page.. so trying to figure out why the existing pages work fine with that and my new page does not..
Basically, i'd like to write to the screen the session variables that are being created on the login page.
How to get that how many pages accesses by a user in a website.
Actually, rather then putting code in each page I want some generalized method/technique that if user Logged to a website and during his Login period what was his activity and which page(s) he accesed.
Note:
1. My website pages are under MasterPage. 2. MasterPage has a MasterMenu. 3. For singlePage activity I used Page.GetType.Name
I have created a user control with a property named CurrentPage. When a link button is clicked it runs PostbackToPage() and passes a command argument in which then sets the CurrentPage property with this new value. On the page which uses the user control I am trying to display the updated CurrentPage property after a postback. When I click the link button to cause the postback the CurrentPage is the default value. However when I click it again it works as expected. So it seems to only work after 2 postbacks. How can I get this to work after the first postback?
1) I found that my viewstate was not being persisted across postbacks for web user controls. I ensured that the Enable Viewstate property was set to true (of the page)
2) The Viewstate isnt being persisted on the 1st postback.
3) However, it is being persisted from the 2nd postback onwards.
I stepped through the code to ensure that the Viewstate had the 2 keys that I was adding on page load. However, on the 1st postback, the viewstate is empty. Everything is ok from the 2nd postback onwards.
I need to send a cookie to the my web site's visitors and receive them back for information. For example when machine1 visits my site if not set I set a cookie with "user1", for machine2 I set "user2" etc.
Actually I need to retrieve the cookie back from my log file, so I thought if I do this it will be saved to my log file.