473,796 Members | 2,483 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

2 IE Sessions Sharing The Same Per-Session Cookie!!


I am having a problem tracking down what I believe to be a problem with
the way cookies are being used on our website application.

When user log onto the application, an in-memory (per-session) cookie
is created to hold the session key for the user. This unique key is
assigned as part of the business layer logon process, and never changes
while the user is logged on. The call to the business component returns
this unique key if the logon was successful, and the cookie is set up
as follows:

Response.Cookie s("SessionKey") .Path = "/"
Response.Cookie s("SessionKey ") = strSessionKey

Nowhere is the cookie assigned an .expires value.

Once a user has completed this logon process, they must then click past
an intermediate agreement page before actually having access to the main
application. When this intermediate page is submitted, it accesses the
cookie, extracts the session identifier and writes the value to a
database table.

The code to achieve this looks something like:

strSessionKey = Request.Cookies ("SessionKey ")
Dim objInstance
Set objInstance = Server.CreateOb ject("SomeCompo nent.SomeClass" )
objInstance.Sto reIdentifier strSessionKey
Set objInstance= nothing

The whole process works fine until I try to do the second stage (the
intermediate agreement) with two separate IE sessions (there are 2
separate IEXPLORER.EXE entries in task manager) very quickly.

I can go through the whole process fine, and then while leaving the
application open, I can start again with a new IE window and complete
the process again. In each case the correct identifier is stored in the
database for each separate session.

If I get to the second stage of the logon process with 2 separate IE
sessions, and submit both agreement pages at the same time (or as close
together as I can), then they both write the same unique session
identifier to the database, as if they are accessing the same cookie!
The session identifier used is the one from the first agreement page I
submit. This definitely only happens if I do this at the same time.
Wait a few seconds between the submissions and all is well.

Has anyone come across something like this before and can advise on a
possible reason?

Thanks In Advance.

--
AnthonyC
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------

Mar 10 '06 #1
1 2283

"AnthonyC" <An************ *@mail.codecomm ents.com> wrote in message
news:An******** *****@mail.code comments.com...

I am having a problem tracking down what I believe to be a problem with
the way cookies are being used on our website application.

When user log onto the application, an in-memory (per-session) cookie
is created to hold the session key for the user. This unique key is
assigned as part of the business layer logon process, and never changes
while the user is logged on. The call to the business component returns
this unique key if the logon was successful, and the cookie is set up
as follows:

Response.Cookie s("SessionKey") .Path = "/"
Response.Cookie s("SessionKey ") = strSessionKey

Nowhere is the cookie assigned an .expires value.

Once a user has completed this logon process, they must then click past
an intermediate agreement page before actually having access to the main
application. When this intermediate page is submitted, it accesses the
cookie, extracts the session identifier and writes the value to a
database table.

The code to achieve this looks something like:

strSessionKey = Request.Cookies ("SessionKey ")
Dim objInstance
Set objInstance = Server.CreateOb ject("SomeCompo nent.SomeClass" )
objInstance.Sto reIdentifier strSessionKey
Set objInstance= nothing

The whole process works fine until I try to do the second stage (the
intermediate agreement) with two separate IE sessions (there are 2
separate IEXPLORER.EXE entries in task manager) very quickly.

I can go through the whole process fine, and then while leaving the
application open, I can start again with a new IE window and complete
the process again. In each case the correct identifier is stored in the
database for each separate session.

If I get to the second stage of the logon process with 2 separate IE
sessions, and submit both agreement pages at the same time (or as close
together as I can), then they both write the same unique session
identifier to the database, as if they are accessing the same cookie!
The session identifier used is the one from the first agreement page I
submit. This definitely only happens if I do this at the same time.
Wait a few seconds between the submissions and all is well.

Has anyone come across something like this before and can advise on a
possible reason?

Thanks In Advance.

--
AnthonyC

Sounds like a race condition in the SessionKey creation routine.

If for example the SessionKey creation uses a sequence which depends on the
StoreIdentifier method having being called with other SessionKeys then a
race condition is possible.

Can you provide details on how the key is generated? Any reason a GUID
won't work?

Or am I barking up the wrong tree?? :)

Anthony (J).
Mar 10 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
1824
Sharing same copy of a member across all instances of a class.
by: amit.bhatia | last post by:
Hi, I have also posted this to the moderated group. I have 2 classes A and B, what does the following mean in header file for class A: class A { class B &b; .... };
C / C++
1
1811
Sessions and Forms Authentication Cookie
by: Bijoy Naick | last post by:
I have a folder on my site secured with Forms Authentication. After the user is authenticated, I set a session level variable. The session time on the server is set to 20 mins. I am guessing the default expiry time for the Forms Authentication cookie is 30 mins? Is this correct? So after 20 mins, the session expires (assuming no user activity), but because the forms auth cookie is still alive, users are not redirected to the login...
ASP.NET
2
1944
Sessions - cookieless for non-cookie users only
by: Daniel Malcolm | last post by:
Hi I just wanted to confirm that the "cookieless" attribute of the session section of the web.config file is an "all or nothing" setting. For some reason I thought that the following was the case: If "cookieless" is set to false then ... - If user's browser supports cookies then cookie is used to track Session
ASP.NET
2
3710
mod_python and PHP sharing same session
by: Scott | last post by:
I am trying to get a mod_python application to read an existing PHP session. I need some data that was set in the session by the PHP application. I am using the mod_python Session class but even when I specify the session id that PHP uses the Sesssion(req, sid) call returns a new session id. The session file exists in /tmp as mp_sess.dbm and I have verified that PHP is reading/writing it and from what I have read mod_python will use the...
Python
1
1395
two applications sharing same users
by: xke | last post by:
My question is, using aspnet membership model, can I have the same users but with different roles assigned per application ? I know two application can share the users by having the same appname in web.config but the question I'd like to ask is if they can have different roles based on the application. Thanks, xke
ASP.NET
19
6344
How: multiple program instances sharing same data
by: Zytan | last post by:
I want multiple instances of the same .exe to run and share the same data. I know they all can access the same file at the same time, no problem, but I'd like to have this data in RAM, which they can all access. It seems like a needless waste of memory to make them all maintain their own copy of the same data in RAM at the same time. What's the best way to achieve this? I've heard of memory mapped files, so maybe that's the answer. ...
C# / C Sharp
7
1373
How to get two sessions on same workstation
by: Lloyd Sheen | last post by:
I am trying to get two seperate sessions on the same workstation. I have put the sessionid as a label on the page and I get only one sessionid if I open two "sessions" in seperate IE executions. I also get the same if I embed a webbrowser control into a windows application. Any ideas? Thanks Lloyd Sheen
ASP.NET
2
2142
Sharing same cookie between server and client
by: arijitdas | last post by:
Hi, We have an ASP.NET 2.0 web application where we want to share few user specific data between server and client side code using cookie. We are seeing a very strange behavior that it does not work consistently. Sometimes we are getting the latest value set from server in client script, sometimes were are getting a wrong (previously set old) value. In other words, the values in client and server is not in sync. Can anybody suggest...
ASP.NET
8
2740
Multiple tables sharing same cell IDs - only update one
by: phub11 | last post by:
Hi all, Could someone please tell (remind) me how I can use "document.getElementById('cellID').innerHTML" for a specific cell for a specific table, given that two tables share the same cell ID names, but I only want to update one of them. Thanks!
Javascript
0
9528
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10006
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9052
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7547
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6788
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5441
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
4116
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3731
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2925
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us