473,320 Members | 1,881 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Session Problems

Hi,
I have a web site which uses formAuthentication. After the
logging in, i store the user credentials in a Session Variable which is
not updated any where in the website. After certain point it seems that
Users are able to view other people pages with their credentials, even
though on every web page initialize , a user context is set based on the
logged in session variable.

If there any chance of session variable of one user getting
updated/overlapping with users.

Thanks
Srinivasa Raghavan



*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #1
4 1524
It sounds like your "setting of the context based on user credentials" might
be suspect rather than the sessio ndata being shared between users. Can you
provide more details on the method you use?

--
- Paul Glavich
Microsoft MVP - ASP.NET
"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,
I have a web site which uses formAuthentication. After the
logging in, i store the user credentials in a Session Variable which is
not updated any where in the website. After certain point it seems that
Users are able to view other people pages with their credentials, even
though on every web page initialize , a user context is set based on the
logged in session variable.

If there any chance of session variable of one user getting
updated/overlapping with users.

Thanks
Srinivasa Raghavan



*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #2
Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #3
the page code looks ok, how does the business layer keep track of the
creditals? be sure its not in a static. any non free threaded com+
components?
-- bruce (sqlwork.com)

"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:uf*************@TK2MSFTNGP12.phx.gbl...
Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #4
>> After certain point it seems that Users are able to view other people
pages with their credentials, even though on every web page initialize , a
user context is set based on the logged in session variable.

What is that certain point you mention (above)? Is it after more than 1 user
accesses the site, after a higher number of users, or over a certain period
of time? What I am asking is what is the pattern or defining characteristics
when you see this situation occur. The code you posted generally looks ok
but it is pseudo code and it sounds like the problem is somewhere in the
details.

How are you talking/communicating to your business layer and what
pattern/techniques did you use for your business layer? Are there any static
variables, are you using a Singleton pattern?
--
- Paul Glavich
Microsoft MVP - ASP.NET
"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:uf*************@TK2MSFTNGP12.phx.gbl...
Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
7
by: Adam Short | last post by:
I'm having all sorts of problems with Sessions, I've been using them for years with out a hitch, all of a sudden the last 6 - 12 months since getting our new Win2003 server it's all gone shakey!!!...
3
by: Nicolae Fieraru | last post by:
Hi All, I have a lot of problems with the web site www.ggsurf.com.au I host on www.gnxonline.com and I want to find out if it is my own problem or theirs. I try to use session cookies and it...
3
by: headware | last post by:
I have an issue that I've been encountering in an ASP application I'm working on. Most of the application is written in ASP, but there is one page written in ASP.NET. The ASP.NET page needs to have...
3
by: Craig Storey | last post by:
I have a form where users logged in using sessions can edit articles in a WYSIWYG editor. Some of them take their time and don't like to save their work very often and occassionally the sessions...
3
by: Scott | last post by:
Hello, we are having problems displaying non-aspx files (images, style sheets) since we have upgraded to the 1.1 framework when using a cookieless session (sessionID in the url). Check out...
9
by: William LaMartin | last post by:
I have a problem, mentioned here before, of Session and Application variables disappearing at one site but not at others or on my development computer. The problem is illustrated by an example...
13
by: Alexander Widera | last post by:
hi, who has seen the follow problem or could help please? i visit a page .... i read a sesssion-var . ... everythink works...... i visit the page again..... error ... the sessionvar is null .... i...
18
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...
1
by: KidQuin | last post by:
I am having problems with session value between pages. Happening in both firefox and IE7. I go between page by links so I know it's not header changes. I use session_start as the first line on the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.