Hi,
I've already tried several avenues for this, and am quite stumped. The issue
I'm facing is a weird case of sessions getting mixed up (ie. users seeing each
others' data). Apparently this happens at peak load times.
The configuration is W2K3 with ASP.NET 1.1, IIS6.0, Cookieless sessions and
SQL Server as a Session State backend. The problem appears with InProc sessions
as well.
At first I thought I might be using a static variable somewhere to populate
session data, but alas that doesn't seem to be the case.
I wrote a piece of code to act as a simple sanity check -- it stores the
user-agent and IP address of the initial request in the session state, and if
for some reason they don't match on a subsequent request, the user is presented
with an error page and the session data is dumped to a log file.
The log file indicates that several consecutive requests from different hosts
and/or user agents have happened, with the same session id in all of them!
Next I'm thinking maybe I'm doing a Context.Respons e.Redirect somewhere
that's messing the session id up, but the way I do it is I add the session id to
the redirect URL with Context.Respons e.ApplyAppPathM odifier, and never manually
construct the URL.
(note that this seems to also happen with images I'm generating, and I'm
referring to the images with a relative URL)
Based on my look at the code and a brief glance at the log file it seems that
the obvious points of failure would be the Session State http module or
Context.Respons e.ApplyAppPathM odifier. I'd much rather have the problem in my
code so I could fix it though, so if anyone can offer any pointers to what I
might be doing that causes this, I'd appreciate it.
Thanks for your time,
-Lauri
14  4838 
Hi,
On a side note, the application is an HttpHandler (all the application code
resides in a single .dll file) that implements IRequiresSessio nState.
If you wrote a simple one page high demand test program to run from multiple
hosts which has the checks you wrote can you still reproduce the symtoms in
the logs.
And are you sure that the log entries are not multiple requests from the
same client. ?
Just thinking aloud !
Mr N
"Lauri Kotilainen" <ry****@gmail.c om> wrote in message
news:T5******** **********@read er1.news.jippii .net... Hi,
On a side note, the application is an HttpHandler (all the application
code resides in a single .dll file) that implements IRequiresSessio nState.
Hi,
Thanks for your reply!
Mr Newbie wrote: If you wrote a simple one page high demand test program to run from multiple
hosts which has the checks you wrote can you still reproduce the symtoms in
the logs.
Basically I can't reproduce the symptoms at all (we've had test setups where
around a dozen of people do the same things simultaneously) . I'm able to test
the logging code since the check compares both the remote address and
user-agent, so if I copy the URL with the session ID to another browser, the
check is triggered.
And are you sure that the log entries are not multiple requests from the
same client. ?
Yes, I'm sure about that. I log the remote IP address, and I can spot several
places in the log where three or four different IPs (from distinctly different
subnets) have made a request with the same session id!
-Lauri
Im just wondering if this is a cookie issue. Are you using cookieless
operation on all the participating hosts and munging the session ID into the
URL or are you using cookies ?
"Lauri Kotilainen" <ry****@gmail.c om> wrote in message
news:Oq******** ***********@rea der1.news.jippi i.net... Hi,
Thanks for your reply!
Mr Newbie wrote:
If you wrote a simple one page high demand test program to run from
multiple hosts which has the checks you wrote can you still reproduce the
symtoms in the logs.
Basically I can't reproduce the symptoms at all (we've had test setups
where
around a dozen of people do the same things simultaneously) . I'm able to
test
the logging code since the check compares both the remote address and
user-agent, so if I copy the URL with the session ID to another browser,
the
check is triggered.
And are you sure that the log entries are not multiple requests from the
same client. ?
Yes, I'm sure about that. I log the remote IP address, and I can spot
several
places in the log where three or four different IPs (from distinctly
different
subnets) have made a request with the same session id!
-Lauri
Hi again,
Mr Newbie wrote: Im just wondering if this is a cookie issue. Are you using cookieless
operation on all the participating hosts and munging the session ID into the
URL or are you using cookies ?
As I stated in my initial post, the sessions are cookieless. Instead
of munging the ID manually in the URL, I'm using
HttpContext.Req uest.ApplyAppPa thModifier which should (and indeed, under
normal circumstances *does*) take care of inserting the correct session
ID in the correct place.
-Lauri
Sorry, I must have missed that.
I'm stumped really sorry to say. Perhaps the way forward it to assert that
the fault is not in the ASP.NET/IIS but lies in your code and attempt to
prove otherwise with a series of controlled tests. The opposite of course is
to assert that there is a bug in ASP.NET./IIS and try and fix it which would
of course be a lot harder if true.
One other possibility of course would be buy a paid incident from Microsoft
and see if they can help. The problem with nebulous and unrepeatable errors
like this is they are rare and hard to find.
I do know a very good ASP.NET well known consultant who may be able to help
you, if you like I could give your email address to him and ask that he
contacts you. He will of course charge. ( I assume you are in the UK ? )
regards mr N
"Lauri Kotilainen" <ry****@gmail.c om> wrote in message
news:uM******** ***********@rea der1.news.jippi i.net... Hi again,
Mr Newbie wrote:
Im just wondering if this is a cookie issue. Are you using cookieless
operation on all the participating hosts and munging the session ID into
the URL or are you using cookies ?
As I stated in my initial post, the sessions are cookieless. Instead
of munging the ID manually in the URL, I'm using
HttpContext.Req uest.ApplyAppPa thModifier which should (and indeed, under
normal circumstances *does*) take care of inserting the correct session
ID in the correct place.
-Lauri
Mr Newbie wrote: the fault is not in the ASP.NET/IIS but lies in your code and attempt
to prove otherwise with a series of controlled tests. The opposite
of course is to assert that there is a bug in ASP.NET./IIS and try
and fix it which would of course be a lot harder if true.
As unnatural as it seems, I'm hoping it's my code that's broken
(precisely for the reason you stated above). Of course there is the
remote chance that there is a problem in the HttpModule that's doing the
session handling, and in that case I could always write a session module
myself, but that doesn't sound too likely (or appealing).
One other possibility of course would be buy a paid incident from
Microsoft and see if they can help. The problem with nebulous and
unrepeatable errors like this is they are rare and hard to find.
Thing is, there are a couple of things one can do to *create* a
problem like this, but I went through all the code searching for such
patterns and came up empty handed (of course I might be blind to errors
in my own code).
What's really funny is the app has been running for months without a
single reported incident, and then suddenly a while back this started
happening. Of course it's equally possible that it has happened before
but we just didn't get any reports. In any case, I'll try again to diff
the source tree with the one way back when to see if anything relevant
has changed (did that once already and came back with squat).
I do know a very good ASP.NET well known consultant who may be able
to help you, if you like I could give your email address to him and
ask that he contacts you. He will of course charge. ( I assume you
are in the UK ? )
As a matter of fact I'm not (I'm a finn), and unfortunately a
consultant isn't really an option.
Thanks a lot for trying. I'm still hoping someone will drop me a clue
as to what I might be doing horribly wrong to make this happen :)
-Lauri
this is almost always a coding error of storing data in a c# static, a vb
public shared, or public variables in a vb module. in all cases the data is
shared between all requests. so naturally users see each others data as
there is only one copy.
-- bruce (sqlwork.com)
"Lauri Kotilainen" <ry****@gmail.c om> wrote in message
news:6Q******** **********@read er1.news.jippii .net... Hi,
I've already tried several avenues for this, and am quite stumped. The
issue
I'm facing is a weird case of sessions getting mixed up (ie. users seeing
each
others' data). Apparently this happens at peak load times.
The configuration is W2K3 with ASP.NET 1.1, IIS6.0, Cookieless sessions
and
SQL Server as a Session State backend. The problem appears with InProc
sessions
as well.
At first I thought I might be using a static variable somewhere to
populate
session data, but alas that doesn't seem to be the case.
I wrote a piece of code to act as a simple sanity check -- it stores the
user-agent and IP address of the initial request in the session state, and
if
for some reason they don't match on a subsequent request, the user is
presented
with an error page and the session data is dumped to a log file.
The log file indicates that several consecutive requests from different
hosts
and/or user agents have happened, with the same session id in all of them!
Next I'm thinking maybe I'm doing a Context.Respons e.Redirect somewhere
that's messing the session id up, but the way I do it is I add the session
id to
the redirect URL with Context.Respons e.ApplyAppPathM odifier, and never
manually
construct the URL.
(note that this seems to also happen with images I'm generating, and I'm
referring to the images with a relative URL)
Based on my look at the code and a brief glance at the log file it seems
that
the obvious points of failure would be the Session State http module or
Context.Respons e.ApplyAppPathM odifier. I'd much rather have the problem in
my
code so I could fix it though, so if anyone can offer any pointers to what
I
might be doing that causes this, I'd appreciate it.
Thanks for your time,
-Lauri
Hi,
Bruce Barker wrote: this is almost always a coding error of storing data in a c# static,
a vb public shared, or public variables in a vb module. in all cases
the data is shared between all requests. so naturally users see each
others data as there is only one copy.
I tried to post a question about this to you on .NET 247 but the
browser swallowed it -- if it's *almost* always, then what are the the
other possibilities?
I have a log file that says people's *session IDs* are changing -- not
the contents of the variables. The logging code dumps all session
variables along with the request URL and session ID, and with absolutely
no exception the variables are consistent (ie. all logged requests that
have the same session ID also have the same values for the variables if
that makes any sense to you), so I can say fairly certainly that the
issue is not storing data in a static variable.
In short, for some reason two or more people are in fact getting the
same session ID. I'm by no means ruling out coding errors though, that
could very well be the cause. I just need to *locate* the problem :)
Thanks for your time,
-Lauri This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: ehendrikd |
last post by:
hi all
i need some clarification on how the php session work in relation to
cookies.
we have a web site where users need to log in. a few of our users were
having troubles with their browser clients having different levels of
cookie security settings. i assumed a solution would be to have the php
site use the session only, and set session.use_cookies to 0 in the
php.ini file. after doing this, the session no longer persits after
|
by: ton |
last post by:
Hi,
I keep several variables in a statevalue like:
Dim session As SessionState.HttpSessionState =
System.Web.HttpContext.Current.Session
session("connect") = " FKHFSF "
I thought that these variables would be the exclusive use of one connected
user/connection. But it looks like that in a multiuser enviroment some
variables are shared. So I end on the page somenone else was editing.
|
by: Sebastian |
last post by:
Hello,
I've implemented an ASP.NET Application that is used by many people
concurrently. Each user logs on using Forms Authentication
(authentication against Active Directory). After logon succeeded,
additional data are saved into the session state (Session = new
CDE()) for the user that just logged on.
The problem now is that, if we look at the 3 users A, B and C using
the application concurrently, it happens very often that a user...
|
by: fbwhite |
last post by:
I know this issue has been brought up many times, but I have tried many of
the solutions to no avail. I wanted to give my specific case to see if
someone could be of any help.
We are using the sessionstate inproc mode and users are randomly losing
their session. I do not believe it is happening across all users at one
time. It seems to happen to different users at different times, but I am
only going off heresay. The aspnet worker...
|
by: Johan Nedin |
last post by:
Hello!
I have a problem with SQLSession state on my ASP.NET pages.
SQLSession state behaves very different from InProcess session state,
which I think is very bad.
I can understand some of the differences, e.g that every object you
store in SQLSession state have to be serializable, but other
differences are very unfortunate.
| | |
by: |
last post by:
I'm not sure what to think of this. In the appliacation, upon postback,
users screens will get mixed up. Meaning... Perhaps on my screen im working
with a particular set of data. I click a button to cause a post back, then
all of the sudden someone elses data comes up. If I hit the refresh button,
my data comes back again.
Here are the details.
..aspnet app using VB.net
Developed using Visual studio 2002, converted to 2003. ...
|
by: Nabani Silva |
last post by:
Hi, hope someone could help
I need to share session state (and contents) through differente web
applications.
I'm trying to get it done by using StateServer session state, below I paste
code for web.config. Both applications are on the same server (I don't want
to include all applications into one common virtual directory or
application)
|
by: Sean |
last post by:
Problem with sessions
I have created an application without concern for sessions. As it turns out
I think that might be my undoing.
What I have:
I have an online quiz.
I don’t need to know users or save any data. If the application crashes or
user exits the program they should simply start again. Pretty basic.
All interactions are stored in an array (not much going on to save to a
|
by: Bhagya |
last post by:
Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.
Thank you,
Bhagya
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
