By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,694 Members | 1,882 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,694 IT Pros & Developers. It's quick & easy.

Deleting folders clears session variables

P: n/a
I'm having a problem and I can't find anything about this anywhere else
out there.

I'm working on a solution that allows the end user to create folders /
upload files to the web server. Some pertinent information is being
stored in a session variable. If a user deletes the folder from the
application, it clears any session variables as if deleting a folder
made a call to Session.Abandon(). This also occurs if I delete the
folder through Windows Explorer and then go back to the web browser,
the session variables are cleared.

Anyone else running into this problem? Have I done something wrong? Is
my server not configured properly?

Nov 20 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Forgot to mention this is using the 2.0 Beta 2 Framework.

Nov 20 '05 #2

P: n/a
I suspect ASP.NET detects the filesystem change as significant enough to
restart the AppDomain. If you store your session out of process (in the NT
State Server, or a SqlServer/SqlExpress database) then you'll be ok.

As a side note, I'd strongly suggest not allowing people to upload context
into your web application directory structure. They could upload code (such
as an ASPX file) that executes on the server and does things you don't want
them to do. I'd suggest allowing them to upload to a different directory
that's configured in IIS as an application. If you want users to be able
to upload content that is accessible via the web application, then perhaps
save it in a database instead and write a specific handler or page to allow
retrieval of that data.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm having a problem and I can't find anything about this anywhere
else out there.

I'm working on a solution that allows the end user to create folders /
upload files to the web server. Some pertinent information is being
stored in a session variable. If a user deletes the folder from the
application, it clears any session variables as if deleting a folder
made a call to Session.Abandon(). This also occurs if I delete the
folder through Windows Explorer and then go back to the web browser,
the session variables are cleared.

Anyone else running into this problem? Have I done something wrong? Is
my server not configured properly?

Nov 20 '05 #3

P: n/a
Gah, sorry, full of typos. That's what I get for typing and talking on the
phone at the same time. Ok, fixed version:

I suspect ASP.NET detects the filesystem change as significant enough to
restart the AppDomain. If you store your session out of process (in the NT
State Server, or a SqlServer/SqlExpress database) then you'll be ok.

As a side note, I'd strongly suggest not allowing people to upload content
into your web application directory structure. They could upload code (such
as an ASPX file) that executes on the server and does things you don't want
them to do. I'd suggest allowing them to upload to a different directory
that's not configured in IIS as an application. If you want users to be able
to upload content that is accessible via the web application, then perhaps
save it in a database instead and write a specific handler or page to allow
retrieval of that data.

-Brock
DevelopMentor
http://staff.develop.com/ballen
Nov 20 '05 #4

P: n/a
osh
Brock,

Thanks for a quick response.

If the AppDomain is being restarted with any file system change, would
that not also log the user out of the system (I'm using forms
authentication). It's not doing a sign out from forms authentication,
rather its just clearing the session variables.

Your suggestion, for example, you are saying that if my application is
in /intranet/ that the uploads should be posted to a different
directory outside of this web application?

I thought the users would try to upload ASPX or other code, and what
the user can upload is limited from both file extension and file
content type. File names are also encrypted and I wrote a handler that
will serve a requested file to the end user upon request without
revealing the URL. I'm using a databse to keep track of almost a "mock"
directory structure - but the physical paths/files themselves are never
revealed during browsing, uploading, or downloading. Think thats
enough?

Thanks!

Nov 20 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.