By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,510 Members | 1,141 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,510 IT Pros & Developers. It's quick & easy.

How to isolate sessions

P: n/a
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?
Thanks for your time

Kind Regards
Mehdi

Nov 18 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
window.open or file >> new >> window or target=_blank causes a new instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of IE... say
using quick lauch browser icon or from you start menu. The instance started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"Mehdi" <no****@leavemealone.nowhere> wrote in message
news:OM**************@TK2MSFTNGP15.phx.gbl...
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open another copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?
Thanks for your time

Kind Regards
Mehdi

Nov 18 '05 #2

P: n/a
Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards
Mehdi

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:Oq**************@TK2MSFTNGP09.phx.gbl...
window.open or file >> new >> window or target=_blank causes a new
instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of IE...
say
using quick lauch browser icon or from you start menu. The instance
started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"Mehdi" <no****@leavemealone.nowhere> wrote in message
news:OM**************@TK2MSFTNGP15.phx.gbl...
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open

another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?
Thanks for your time

Kind Regards
Mehdi


Nov 18 '05 #3

P: n/a
okay first why are you passing the value of user id in the query string.
wont a slightly intelligent user be able to log in as someone else just by
randomly changing the value in user id ?

a better way is to just stored it in a ticket. if a new instance sharing the
current session is opened then you dont have a problem cause even that will
share the same session and the user info.

or you can use querystring based session identifier instead of normal cookie
based session.. that way the url itself will contain the session.
--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"Mehdi" <no****@leavemealone.nowhere> wrote in message
news:#o**************@TK2MSFTNGP09.phx.gbl...
Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards
Mehdi

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:Oq**************@TK2MSFTNGP09.phx.gbl...
window.open or file >> new >> window or target=_blank causes a new
instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of IE...
say
using quick lauch browser icon or from you start menu. The instance
started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"Mehdi" <no****@leavemealone.nowhere> wrote in message
news:OM**************@TK2MSFTNGP15.phx.gbl...
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open

another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"]. Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?
Thanks for your time

Kind Regards
Mehdi



Nov 18 '05 #4

P: n/a
Dave,
My asp.net application lifecycle:

There are several users with their own profile(e.g. css, page color scheme
etc) to manage their pages. Then they input some data. There is a global
search facility to include all users items. Againts each item in the search
result, there is a hyperlink "Go to sender's page" that opens a new page
using window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
users page which at this point I use the userid to load their profile.
Amending userid in query string will not allow automatic login. They have
to go to login page for this which I user forms authenticaions and tickets.
Basically I examine userid QueryString in Global.asax
Global_PreRequestHandlerExecute to set as session and load users profile.

I know using sessions for this purpose is not a good idea, but I could't
think of any other methodology. i think you can see the problem here as
when the session changes in the new window, it sets the session of the
global search page to a specific user as well!
Thanks for the reply
Regards

Mehdi

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:eh**************@TK2MSFTNGP11.phx.gbl...
okay first why are you passing the value of user id in the query string.
wont a slightly intelligent user be able to log in as someone else just by
randomly changing the value in user id ?

a better way is to just stored it in a ticket. if a new instance sharing
the
current session is opened then you dont have a problem cause even that
will
share the same session and the user info.

or you can use querystring based session identifier instead of normal
cookie
based session.. that way the url itself will contain the session.
--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"Mehdi" <no****@leavemealone.nowhere> wrote in message
news:#o**************@TK2MSFTNGP09.phx.gbl...
Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink
is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards
Mehdi

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:Oq**************@TK2MSFTNGP09.phx.gbl...
> window.open or file >> new >> window or target=_blank causes a new
> instance
> of IE which shares the same session as the window from which it was
> executed.
>
> if you need it to have a different session, open a new instance of
> IE...
> say
> using quick lauch browser icon or from you start menu. The instance
> started
> that way will not share the session with the other instances.
>
> --
>
> Regards,
>
> Hermit Dave
> (http://hdave.blogspot.com)
> "Mehdi" <no****@leavemealone.nowhere> wrote in message
> news:OM**************@TK2MSFTNGP15.phx.gbl...
>> Hi,
>>
>> In my asp.net (C#) application I use javascript(i.e
>> window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
> another
>> copy of my application in a new window.
>>
>> In global.asax I set a Session["UserId"] based on QueryString["userid"]. >> Obviously when I open a new window, the original session of the first
>> calling window changes as well, but I need to be unchanged. How can I
>> achieve this?
>>
>>
>> Thanks for your time
>>
>>
>>
>> Kind Regards
>>
>>
>> Mehdi
>>
>>
>>
>
>



Nov 18 '05 #5

P: n/a
well firstly i still dont understand why you need to use this approach.
for a global search i presume you are searching the database and local
folders. why cant you have an access based on roles.
say all users can see the following things from all over users..
make sure the things that can be seen by all users are not bound to a
particular user.. atleast as far as viewing is concerned.. you can always
lock down on others making any modifications allowing only the owner of item
to modify.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"Mehdi" <no****@leavemealone.nowhere> wrote in message
news:uG**************@TK2MSFTNGP14.phx.gbl...
Dave,
My asp.net application lifecycle:

There are several users with their own profile(e.g. css, page color scheme
etc) to manage their pages. Then they input some data. There is a global
search facility to include all users items. Againts each item in the search result, there is a hyperlink "Go to sender's page" that opens a new page
using window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
users page which at this point I use the userid to load their profile.
Amending userid in query string will not allow automatic login. They have
to go to login page for this which I user forms authenticaions and tickets. Basically I examine userid QueryString in Global.asax
Global_PreRequestHandlerExecute to set as session and load users profile.

I know using sessions for this purpose is not a good idea, but I could't
think of any other methodology. i think you can see the problem here as
when the session changes in the new window, it sets the session of the
global search page to a specific user as well!
Thanks for the reply
Regards

Mehdi

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:eh**************@TK2MSFTNGP11.phx.gbl...
okay first why are you passing the value of user id in the query string.
wont a slightly intelligent user be able to log in as someone else just by randomly changing the value in user id ?

a better way is to just stored it in a ticket. if a new instance sharing
the
current session is opened then you dont have a problem cause even that
will
share the same session and the user info.

or you can use querystring based session identifier instead of normal
cookie
based session.. that way the url itself will contain the session.
--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"Mehdi" <no****@leavemealone.nowhere> wrote in message
news:#o**************@TK2MSFTNGP09.phx.gbl...
Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink
is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards
Mehdi

"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message news:Oq**************@TK2MSFTNGP09.phx.gbl...
> window.open or file >> new >> window or target=_blank causes a new
> instance
> of IE which shares the same session as the window from which it was
> executed.
>
> if you need it to have a different session, open a new instance of
> IE...
> say
> using quick lauch browser icon or from you start menu. The instance
> started
> that way will not share the session with the other instances.
>
> --
>
> Regards,
>
> Hermit Dave
> (http://hdave.blogspot.com)
> "Mehdi" <no****@leavemealone.nowhere> wrote in message
> news:OM**************@TK2MSFTNGP15.phx.gbl...
>> Hi,
>>
>> In my asp.net (C#) application I use javascript(i.e
>> window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
> another
>> copy of my application in a new window.
>>
>> In global.asax I set a Session["UserId"] based on

QueryString["userid"].
>> Obviously when I open a new window, the original session of the first >> calling window changes as well, but I need to be unchanged. How can I >> achieve this?
>>
>>
>> Thanks for your time
>>
>>
>>
>> Kind Regards
>>
>>
>> Mehdi
>>
>>
>>
>
>



Nov 18 '05 #6

P: n/a
Dave,

I think I need to change my design approach. Thanks for replying.
Regards
Mehdi
Nov 18 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.