I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only their
data at any time, therefore I am using session to hold the classes. Currently
I use this on page load:
XProject = Session("XProje ct")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProje ct") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on others,
causing errors and security risk.
Any help would be great, thanks in advance
jsale
4  1201 
JSale,
With the little bit you've given us, I'd have to assume something might be
wrong with your XProject. Sessions are per-user...nothing special needs
to happen for this to be true. Therefore, I'd say the problem is that *you*
are putting other people's data into other people's session - maybe via some
complex referencing.
Not too sure what you are getting with Session("XProje ct") = XProject...at
some point you obviously have ot create the session object. But when you
subsequently get the object, it's a reference and you therefore don't need
to keep updating Session.
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/
"jsale" <js***@discussi ons.microsoft.c om> wrote in message
news:4F******** *************** ***********@mic rosoft.com... I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only
their data at any time, therefore I am using session to hold the classes.
Currently I use this on page load:
XProject = Session("XProje ct")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProje ct") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on
others, causing errors and security risk.
Any help would be great, thanks in advance
jsale
"jsale" <js***@discussi ons.microsoft.c om> wrote in message
news:4F******** *************** ***********@mic rosoft.com... I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only
their
data at any time, therefore I am using session to hold the classes.
Currently
I use this on page load:
XProject = Session("XProje ct")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProje ct") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on
others,
causing errors and security risk.
If you never put the object anywhere other than in Session, then you should
not see it leak to other users. This should only be happening if the object
(or pieces of it) is stored in a Shared variable, a global variable in a
Module, or in Application state.
Look around your code for things like these (especially modules). I usually
recommend that all modules should be replaced with Classes, and this is one
of the reasons.
John Saunders
jsale wrote: I have an asp.net application that uses classes to store data between
the user interface and the SQL Server database. Each user needs to
see only their data at any time, therefore I am using session to hold
the classes. Currently I use this on page load:
XProject = Session("XProje ct")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to
other users if they are executing code at the same time, do i need to
put a: Session("XProje ct") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write
data correctly, but from time to time, when a few users are using the
web application, data can be saved on one users' project and be seen
on others, causing errors and security risk.
Any help would be great, thanks in advance
jsale
What is stored in the Session is just a *reference* to your instanced class.
After you have updated the values in the referenced instance you don't
need to "put it back" in the session. That stored reference is still valid,
it now points to data that has been modified.
If data is "leaking" to other users, the problem should be somewhere else
(Application object? Cache? Database?)
Hans Kesting
Session is a memory space that is global to all pages of a given client
(user), but only to that client machine. As a memory space, it is only
necessary to put data into Session one time, unless the Session times out
(Sessions time out after 20 min. of inactivity).
--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Neither a follower
nor a lender be.
"jsale" <js***@discussi ons.microsoft.c om> wrote in message
news:4F******** *************** ***********@mic rosoft.com... I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only
their data at any time, therefore I am using session to hold the classes.
Currently I use this on page load:
XProject = Session("XProje ct")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProje ct") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on
others, causing errors and security risk.
Any help would be great, thanks in advance
jsale This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Abhilash.k.m |
last post by:
This is regarding the session management using Out of
proc session management(SQL SERVER). Among the samples
below which one is better to set the session?
1. There are 20 session variables and all of them
are being stored into session and accessed from session
and individual session object. Example: Session
= "XYZ", Session=100, Session="NAME", etc.
|
by: |
last post by:
Simple question, I think...
I'm storing an object in the Session object.
In the code behind I read that object: trx = CType(Session("Transaction"), BOCSTransaction)
If I change any properties, I have to store it back into the session object to "update" it, right? Or will the changes to my object automatically be saved back into the session object?
Thanks,
Jerry
|
by: Santosh |
last post by:
Dear All
i am writting a code sending mail with attachement.
i am writting code for sending mail in one page and code for attaching
a file in the next page.
aftet attaching a file i am taking name of that file from attaching
file page to email page through in session file .i am giving a
facility of attaching five files to user . and i am taking names of
both files in session variables but user attach less than five five
|
by: YYZ |
last post by:
I'm using asp, not asp.net. I've got some open ended questions that I
was really hoping someone in here could answer, or direct me to some
resources that will help me answer them on my own.
First, the session object. When a new user comes to my site, asp
creates a session object, and a session id on that object. That
session id is sent back to the client and stored as a cookie(?) that
can be used to identify a single user across...
|
by: Jonathan Wood |
last post by:
Greetings,
I was wondering if anyone here has a good understaning of the Session
object. I know there are options like the Session.Abandon method and the
regenerateExpiredSessionId setting, although I do not understand what they
do.
Can anyone tell me if it's possible for a recycled session to still contain
the old data? I had a couple of reports that where users said they logged on
and saw another user's data. On this site, there...
| | |
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
