I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only their
data at any time, therefore I am using session to hold the classes. Currently
I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on others,
causing errors and security risk.
Any help would be great, thanks in advance
jsale
4  1192 
JSale,
With the little bit you've given us, I'd have to assume something might be
wrong with your XProject. Sessions are per-user...nothing special needs
to happen for this to be true. Therefore, I'd say the problem is that *you*
are putting other people's data into other people's session - maybe via some
complex referencing.
Not too sure what you are getting with Session("XProject") = XProject...at
some point you obviously have ot create the session object. But when you
subsequently get the object, it's a reference and you therefore don't need
to keep updating Session.
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/
"jsale" <js***@discussions.microsoft.com> wrote in message
news:4F**********************************@microsof t.com... I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only
their data at any time, therefore I am using session to hold the classes.
Currently I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on
others, causing errors and security risk.
Any help would be great, thanks in advance
jsale
"jsale" <js***@discussions.microsoft.com> wrote in message
news:4F**********************************@microsof t.com... I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only
their
data at any time, therefore I am using session to hold the classes.
Currently
I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on
others,
causing errors and security risk.
If you never put the object anywhere other than in Session, then you should
not see it leak to other users. This should only be happening if the object
(or pieces of it) is stored in a Shared variable, a global variable in a
Module, or in Application state.
Look around your code for things like these (especially modules). I usually
recommend that all modules should be replaced with Classes, and this is one
of the reasons.
John Saunders
jsale wrote: I have an asp.net application that uses classes to store data between
the user interface and the SQL Server database. Each user needs to
see only their data at any time, therefore I am using session to hold
the classes. Currently I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to
other users if they are executing code at the same time, do i need to
put a: Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write
data correctly, but from time to time, when a few users are using the
web application, data can be saved on one users' project and be seen
on others, causing errors and security risk.
Any help would be great, thanks in advance
jsale
What is stored in the Session is just a *reference* to your instanced class.
After you have updated the values in the referenced instance you don't
need to "put it back" in the session. That stored reference is still valid,
it now points to data that has been modified.
If data is "leaking" to other users, the problem should be somewhere else
(Application object? Cache? Database?)
Hans Kesting
Session is a memory space that is global to all pages of a given client
(user), but only to that client machine. As a memory space, it is only
necessary to put data into Session one time, unless the Session times out
(Sessions time out after 20 min. of inactivity).
--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Neither a follower
nor a lender be.
"jsale" <js***@discussions.microsoft.com> wrote in message
news:4F**********************************@microsof t.com... I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only
their data at any time, therefore I am using session to hold the classes.
Currently I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on
others, causing errors and security risk.
Any help would be great, thanks in advance
jsale This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Abhilash.k.m |
last post by:
This is regarding the session management using Out of
proc session management(SQL SERVER). Among the samples
below which one is better to set the session?
1. There are 20 session...
|
by: |
last post by:
Simple question, I think...
I'm storing an object in the Session object.
In the code behind I read that object: trx = CType(Session("Transaction"), BOCSTransaction)
If I change any...
|
by: Santosh |
last post by:
Dear All
i am writting a code sending mail with attachement.
i am writting code for sending mail in one page and code for attaching
a file in the next page.
aftet attaching a file i am taking...
|
by: YYZ |
last post by:
I'm using asp, not asp.net. I've got some open ended questions that I
was really hoping someone in here could answer, or direct me to some
resources that will help me answer them on my own.
...
|
by: Jonathan Wood |
last post by:
Greetings,
I was wondering if anyone here has a good understaning of the Session
object. I know there are options like the Session.Abandon method and the
regenerateExpiredSessionId setting,...
| | |
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| | |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
