By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,709 Members | 2,164 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,709 IT Pros & Developers. It's quick & easy.

Cannot access a disposed object

P: n/a
Hi.
In my application I store information about the user in the session object.
Since I'm storing sensitive information I encrypt it before storing and
decrypt it when I need to use it again. The encryption object I use is
stored in the Application object. My problem is that after a while the
encryption object becomes unusable. When I retrieve the object from
Application and call the decrypt method I get an exception saying "Cannot
access a disposed object". Sometimes it works fine for 2 weeks and
sometimes it only works for a day or two. Has anyone experienced a similar
problem? I'm guessing the web server is to blame, I just don't know how to
fix it.

Any help is greatly appreciated!

Shawn

Nov 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
My first and only guess is that somewhere you are simply disposing of the
object yourself, perhaps via using or something and you don't realize it.
The fact that it happens at inconsistent intervals could simply mean it's
along a codepath not frequently executed.

I do have to question the encrypting session thing though. This is
something I've never done or heard of. Why encrypt the data? Seems like
fake security on top of actually locking down your machine. It seems to me
that anyone who's gotten access to the machine will be able to get access to
the data (heck, they'll grab the dll that has the decrypting code in it or
something).

Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Shawn" <bo********@hotmail.com> wrote in message
news:uK**************@TK2MSFTNGP09.phx.gbl...
Hi.
In my application I store information about the user in the session
object.
Since I'm storing sensitive information I encrypt it before storing and
decrypt it when I need to use it again. The encryption object I use is
stored in the Application object. My problem is that after a while the
encryption object becomes unusable. When I retrieve the object from
Application and call the decrypt method I get an exception saying "Cannot
access a disposed object". Sometimes it works fine for 2 weeks and
sometimes it only works for a day or two. Has anyone experienced a
similar
problem? I'm guessing the web server is to blame, I just don't know how
to
fix it.

Any help is greatly appreciated!

Shawn

Nov 19 '05 #2

P: n/a
Hi Karl.
I'm not disposing the object myself. I'm just using its (only) two
methods -encrypt and decrypt- through out my code.

I always thought that data stored in the session object was not particularly
safe and that it could easily be exposed to people who new what they were
doing. That's why I'm encrypting it. That way it would at least be a bit
more difficult for hackers to get access to it since they would have to use
the decrypting object stored in application to decrypt the data. But if you
say that it has no purpose then I will take you word for it and stop using
it.

PS. I saw this method used in an article once, that's why I implemented it.
Can't remember where I read the article though.

Thanks,
Shawn
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:uX**************@TK2MSFTNGP15.phx.gbl...
My first and only guess is that somewhere you are simply disposing of the
object yourself, perhaps via using or something and you don't realize it.
The fact that it happens at inconsistent intervals could simply mean it's
along a codepath not frequently executed.

I do have to question the encrypting session thing though. This is
something I've never done or heard of. Why encrypt the data? Seems like
fake security on top of actually locking down your machine. It seems to me that anyone who's gotten access to the machine will be able to get access to the data (heck, they'll grab the dll that has the decrypting code in it or
something).

Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Shawn" <bo********@hotmail.com> wrote in message
news:uK**************@TK2MSFTNGP09.phx.gbl...
Hi.
In my application I store information about the user in the session
object.
Since I'm storing sensitive information I encrypt it before storing and
decrypt it when I need to use it again. The encryption object I use is
stored in the Application object. My problem is that after a while the
encryption object becomes unusable. When I retrieve the object from
Application and call the decrypt method I get an exception saying "Cannot access a disposed object". Sometimes it works fine for 2 weeks and
sometimes it only works for a day or two. Has anyone experienced a
similar
problem? I'm guessing the web server is to blame, I just don't know how
to
fix it.

Any help is greatly appreciated!

Shawn


Nov 19 '05 #3

P: n/a
> I always thought that data stored in the session object was not
particularly
safe and that it could easily be exposed to people who new what they were
doing. That's why I'm encrypting it. That way it would at least be a bit
more difficult for hackers to get access to it since they would have to
use
the decrypting object stored in application to decrypt the data. But if
you
say that it has no purpose then I will take you word for it and stop using
it.
Now, how is a hacker supposed to get at anything stored in System Memory?
Now, if you were using SQL Server for Session, I suppose it is remotely
possible, assuming that Security on the SQL Server was screwed up well
enough by the DBA, to access the Session data in the database. But by
default, Session State is stored in System Memory.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Paranoia is just a state of mind.

"Shawn" <bo********@hotmail.com> wrote in message
news:eQ**************@tk2msftngp13.phx.gbl... Hi Karl.
I'm not disposing the object myself. I'm just using its (only) two
methods -encrypt and decrypt- through out my code.

I always thought that data stored in the session object was not
particularly
safe and that it could easily be exposed to people who new what they were
doing. That's why I'm encrypting it. That way it would at least be a bit
more difficult for hackers to get access to it since they would have to
use
the decrypting object stored in application to decrypt the data. But if
you
say that it has no purpose then I will take you word for it and stop using
it.

PS. I saw this method used in an article once, that's why I implemented
it.
Can't remember where I read the article though.

Thanks,
Shawn
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:uX**************@TK2MSFTNGP15.phx.gbl...
My first and only guess is that somewhere you are simply disposing of the
object yourself, perhaps via using or something and you don't realize it.
The fact that it happens at inconsistent intervals could simply mean it's
along a codepath not frequently executed.

I do have to question the encrypting session thing though. This is
something I've never done or heard of. Why encrypt the data? Seems like
fake security on top of actually locking down your machine. It seems to

me
that anyone who's gotten access to the machine will be able to get access

to
the data (heck, they'll grab the dll that has the decrypting code in it
or
something).

Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Shawn" <bo********@hotmail.com> wrote in message
news:uK**************@TK2MSFTNGP09.phx.gbl...
> Hi.
> In my application I store information about the user in the session
> object.
> Since I'm storing sensitive information I encrypt it before storing and
> decrypt it when I need to use it again. The encryption object I use is
> stored in the Application object. My problem is that after a while the
> encryption object becomes unusable. When I retrieve the object from
> Application and call the decrypt method I get an exception saying "Cannot > access a disposed object". Sometimes it works fine for 2 weeks and
> sometimes it only works for a day or two. Has anyone experienced a
> similar
> problem? I'm guessing the web server is to blame, I just don't know
> how
> to
> fix it.
>
> Any help is greatly appreciated!
>
> Shawn
>
>
>



Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.