473,320 Members | 2,020 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Same sessionID retuned to diff browsers in diff machines

Please Help!

I recently posted this same issue but got no answer... please help

Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
Using forms authentication, persistent cookie = false

Recently my asp.net app is returning wrong data to users. Users frequently
get data that should only be seen by other user.

Upon authentication against database in the login page, I set auth cookie
and fill some session variables like userid, user role ... this info is
then read and used as criteria for database query.

In search for an answer I set a hidden field = session.sessionID.tostring
that gets filled every page_load and discovered that sometimes the
sessionID returned is exactly the same in two browsers running in two
different machines. Also noticed that when this happens to user B, user A
had been recently logged.

I thought I was changing session data somewhere in my app, thus the
described errors, but now I understand that as the browser gets a sessionID
that is already being used by another user my queries get the session
values of the other user and not the current user

I also noticed that sometimes the hidden field of user A of page1.aspx was
sessionID ex. xxxxaaaa... and when navigating to another page the sessionID
value was diferent but = to sessionID of user B

Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
login page, and sometimes users are redirected meaning that the sessionID
is not the same...

All pages have EnableSessionState=True

I have session_start and session_end counting number of users online in
global.asax

Please Help, Looking for a resolution for some days, read dozens of
threads, my books, msdn ... no way...

Thanks

B
Nov 18 '05 #1
2 2213
I dont know why this is so but I use a different approach. Note that the
HttpContext.Current.User returns the current user (note that i am just
writing no code here). Check where u logon the user and put the userid there
as username. U can then find out who is logged in at any time.

Will email u some code in a few minutes

ba**@no.spam.here.meshcode.com
http://www.meshcode.net

"Berrucho" <be******@nospamtoberrucho.com> wrote in message
news:ko***************@nospamtoberrucho.com...
Please Help!

I recently posted this same issue but got no answer... please help

Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
Using forms authentication, persistent cookie = false

Recently my asp.net app is returning wrong data to users. Users frequently
get data that should only be seen by other user.

Upon authentication against database in the login page, I set auth cookie
and fill some session variables like userid, user role ... this info is
then read and used as criteria for database query.

In search for an answer I set a hidden field = session.sessionID.tostring
that gets filled every page_load and discovered that sometimes the
sessionID returned is exactly the same in two browsers running in two
different machines. Also noticed that when this happens to user B, user A
had been recently logged.

I thought I was changing session data somewhere in my app, thus the
described errors, but now I understand that as the browser gets a sessionID that is already being used by another user my queries get the session
values of the other user and not the current user

I also noticed that sometimes the hidden field of user A of page1.aspx was
sessionID ex. xxxxaaaa... and when navigating to another page the sessionID value was diferent but = to sessionID of user B

Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
login page, and sometimes users are redirected meaning that the sessionID
is not the same...

All pages have EnableSessionState=True

I have session_start and session_end counting number of users online in
global.asax

Please Help, Looking for a resolution for some days, read dozens of
threads, my books, msdn ... no way...

Thanks

B

Nov 18 '05 #2
couldnt send u the mail but if u email me i will send u the code

"Berrucho" <be******@nospamtoberrucho.com> wrote in message
news:ko***************@nospamtoberrucho.com...
Please Help!

I recently posted this same issue but got no answer... please help

Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
Using forms authentication, persistent cookie = false

Recently my asp.net app is returning wrong data to users. Users frequently
get data that should only be seen by other user.

Upon authentication against database in the login page, I set auth cookie
and fill some session variables like userid, user role ... this info is
then read and used as criteria for database query.

In search for an answer I set a hidden field = session.sessionID.tostring
that gets filled every page_load and discovered that sometimes the
sessionID returned is exactly the same in two browsers running in two
different machines. Also noticed that when this happens to user B, user A
had been recently logged.

I thought I was changing session data somewhere in my app, thus the
described errors, but now I understand that as the browser gets a sessionID that is already being used by another user my queries get the session
values of the other user and not the current user

I also noticed that sometimes the hidden field of user A of page1.aspx was
sessionID ex. xxxxaaaa... and when navigating to another page the sessionID value was diferent but = to sessionID of user B

Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
login page, and sometimes users are redirected meaning that the sessionID
is not the same...

All pages have EnableSessionState=True

I have session_start and session_end counting number of users online in
global.asax

Please Help, Looking for a resolution for some days, read dozens of
threads, my books, msdn ... no way...

Thanks

B

Nov 18 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Pete | last post by:
Hello everybody -- Forgive my multi-posting my question. I posted first to ciwah, but I learned that ciwas is the better group for this CSS question. The problem has me stopped. The page: ...
0
by: Rick Curry | last post by:
We have made changes to an ASP.Net app, tested it on our testing platform and moved it to our production platform. In testing it on the other machine, the app fails when we pull session data back...
1
by: Cowboy \(Gregory A. Beamer\) | last post by:
Quite a few months back, I was able to create a single sign on app for all apps on a single box (perhaps a domain, but never tested) by setting the auth cookie name to an identical value: ...
6
by: anoj | last post by:
Hi All i need to prevent multiple logins from the same user at the same time. what is the best way to do this . How can i detect if a user closes the browser window without logging out so tht...
6
by: DJones | last post by:
I'm using the following code in my .Net application (.Net v1.1, Windows 2000) to write Session Cookies. HttpContext.Current.Response.Cookies("cookieSession")("SessionID") = strSessionID ...
7
by: Nils Hedström | last post by:
I have a web farm that uses a state server for session management. A user logs on to a website (www1.mysite.com). When the same user visits www2.mysite.com I want the user to be logged in. Right...
2
by: maya | last post by:
I need to format an unordered list as follows: 1) I need to reduce space betw. bullet and line of text.. 2) I need to get rid of space to the LEFT of bullet.. have tried various solutions...
1
by: Andy Fish | last post by:
hi, I am looking for a library (i.e. not a standalone GUI program) that can do diff and merge of HTML or XML, preferably in C# or at least that can be called from C# anyone know of such a...
0
by: tomeg | last post by:
Is it possible to serve two concurrent requests with the same sessionID? I'm making an ajax-chat, on the serverside it looks like this when you are polling for new messages(simplified!): ...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.