I have a static class member that returns the ID of the current user. When
it is called, it checks if the value is already stored in the session state,
if it is, that value is returned. Otherwise, Membership methods are called
to obtain the ID, that value is stored in the session state, and that value
is then returned.
This appears to work fine. However, I'm now giving users of one type the
ability to "impersonat e" another. In this case, I set the ID in the session
state to the user that is being impersonated.
This, too, seems to work. But now I'm worried about application cycling. If
the application cycles and session state is lost while one user is
impersonating another, I'll get all sorts of errors. If that's not enough, I
just read something I didn't quite understand that Session data is not saved
everytime an exception is raised and not cleared. ???
My question is would there be any way to check if this has happened and not
allow things to continue if the ID of the user being impersonated is lost?
Thanks for any tips.
Jonathan 2 1197
yes, session would be null at that point so a simple test will tell you
this. However, you shouldn't develop code for something that is least likely
to occur. Develop your logic as is and use a combination of exception
handling and if statements to catch the case where exceptions occur such as
null session values.
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99
-------------------------------------------------------
"Jonathan Wood" <jw***@softcirc uits.comwrote in message
news:#0******** ******@TK2MSFTN GP02.phx.gbl...
I have a static class member that returns the ID of the current user. When
it is called, it checks if the value is already stored in the session
state, if it is, that value is returned. Otherwise, Membership methods are
called to obtain the ID, that value is stored in the session state, and
that value is then returned.
This appears to work fine. However, I'm now giving users of one type the
ability to "impersonat e" another. In this case, I set the ID in the
session state to the user that is being impersonated.
This, too, seems to work. But now I'm worried about application cycling.
If the application cycles and session state is lost while one user is
impersonating another, I'll get all sorts of errors. If that's not enough,
I just read something I didn't quite understand that Session data is not
saved everytime an exception is raised and not cleared. ???
My question is would there be any way to check if this has happened and
not allow things to continue if the ID of the user being impersonated is
lost?
Thanks for any tips.
Jonathan
Jonathan Wood wrote:
session state,.... But now I'm worried about application
cycling. If the application cycles and session state is lost while
If you use out-of-process session state, that problem ceases. http://msdn.microsoft.com/en-us/library/ms972429.aspx
(Except they've written config.web instead of web.config.)
Andrew This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Michael J. Wendell |
last post by:
Hello,
I am trying to debug an issue with sessions in my ASP 3.0 web
application, which runs fine on WIN2K Pro and WINXP Pro, yet fails to
function correctly on WIN2K Advanced Server.
My actual application is using sessions to store username, and security
level (permissions) for my application. The default.asp page is the login,
where these values are set. I have triple and quadruple checked my IIS
Settings to make sure "Enable...
|
by: Phil Grimpo |
last post by:
I have a very odd situation here. I have an administration page, where
based on a users permissions, a recordset is called from the SQL server
which has a list of paths to "Module Menus". Each of these menus are then
placed into the page by calling Server.Execute(rs_Modules("ModulePath")).
This works fine for up to 15 "menus" After that, the session variables that
were set (not including those called by Global.ASA) are no longer set.
...
|
by: John A Grandy |
last post by:
for high traffic public websites , what are the proven options for
session-state storage & management ?
is an out-of-process state-server generally preferred over a sql-server ?
what are the relevant criteria ? is the primary criteria max expected total
storage size (for all active sessions) versus max ram available on the
state-server machine ?
if ADO.NET objects (such as small DataTables) must be stored in
session-state , is any...
|
by: Johan Nedin |
last post by:
Hello!
I have a problem with SQLSession state on my ASP.NET pages.
SQLSession state behaves very different from InProcess session state,
which I think is very bad.
I can understand some of the differences, e.g that every object you
store in SQLSession state have to be serializable, but other
differences are very unfortunate.
|
by: tshad |
last post by:
I have been using the default session state (InProc) and have found that I
have been loosing my information after a period of time (normally 20
minutes).
Is there anyway to find out how much more time I have on a session?
If I do a refresh, does reset the session clock?
Do you have have to go to another page to reset the session timeout or will
a postback also do it? This is important as we have a few pages that a user
| |
by: McGeeky |
last post by:
Is there a way to get a user control to remember its state across pages? I
have a standard page layout I use with a header and footer as user controls.
Each page uses the same layout by means of copy paste (I hear this will
improve in ASP.Net 2 via master pages).
When I navigate from one page to the next the header and footer user
controls lose their state because they are effectively different instances
of the user control.
Is there...
|
by: BillE |
last post by:
When a user opens a new IE browser window using File-New-Window the
integrity of an application which relies on session state is COMPLETELY
undermined. Anyone who overlooks the fact that File-New-Window creates an
instance of IE in the same process with the same SessionID as the parent
window is in big trouble. This fundamentally restricts the usefullness of
using session state management.
I probably missed it somewhere - can...
|
by: Glenn |
last post by:
Hi
I've been experimenting with managing state using the Session object. I've
created a simple WS with a couple of methods, one which sets a string
value, another that retrieves it.
Each method has the WebMethodAttribute.EnableSession set to true.
When I run the test page the session is maintained. However, using a
console application, in between setting the string value and attempting to
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |