473,288 Members | 1,771 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,288 software developers and data experts.

Session Problems

Hi,
I have a web site which uses formAuthentication. After the
logging in, i store the user credentials in a Session Variable which is
not updated any where in the website. After certain point it seems that
Users are able to view other people pages with their credentials, even
though on every web page initialize , a user context is set based on the
logged in session variable.

If there any chance of session variable of one user getting
updated/overlapping with users.

Thanks
Srinivasa Raghavan



*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #1
4 1522
It sounds like your "setting of the context based on user credentials" might
be suspect rather than the sessio ndata being shared between users. Can you
provide more details on the method you use?

--
- Paul Glavich
Microsoft MVP - ASP.NET
"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,
I have a web site which uses formAuthentication. After the
logging in, i store the user credentials in a Session Variable which is
not updated any where in the website. After certain point it seems that
Users are able to view other people pages with their credentials, even
though on every web page initialize , a user context is set based on the
logged in session variable.

If there any chance of session variable of one user getting
updated/overlapping with users.

Thanks
Srinivasa Raghavan



*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #2
Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #3
the page code looks ok, how does the business layer keep track of the
creditals? be sure its not in a static. any non free threaded com+
components?
-- bruce (sqlwork.com)

"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:uf*************@TK2MSFTNGP12.phx.gbl...
Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #4
>> After certain point it seems that Users are able to view other people
pages with their credentials, even though on every web page initialize , a
user context is set based on the logged in session variable.

What is that certain point you mention (above)? Is it after more than 1 user
accesses the site, after a higher number of users, or over a certain period
of time? What I am asking is what is the pattern or defining characteristics
when you see this situation occur. The code you posted generally looks ok
but it is pseudo code and it sounds like the problem is somewhere in the
details.

How are you talking/communicating to your business layer and what
pattern/techniques did you use for your business layer? Are there any static
variables, are you using a Singleton pattern?
--
- Paul Glavich
Microsoft MVP - ASP.NET
"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:uf*************@TK2MSFTNGP12.phx.gbl...
Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
7
by: Adam Short | last post by:
I'm having all sorts of problems with Sessions, I've been using them for years with out a hitch, all of a sudden the last 6 - 12 months since getting our new Win2003 server it's all gone shakey!!!...
3
by: Nicolae Fieraru | last post by:
Hi All, I have a lot of problems with the web site www.ggsurf.com.au I host on www.gnxonline.com and I want to find out if it is my own problem or theirs. I try to use session cookies and it...
3
by: headware | last post by:
I have an issue that I've been encountering in an ASP application I'm working on. Most of the application is written in ASP, but there is one page written in ASP.NET. The ASP.NET page needs to have...
3
by: Craig Storey | last post by:
I have a form where users logged in using sessions can edit articles in a WYSIWYG editor. Some of them take their time and don't like to save their work very often and occassionally the sessions...
3
by: Scott | last post by:
Hello, we are having problems displaying non-aspx files (images, style sheets) since we have upgraded to the 1.1 framework when using a cookieless session (sessionID in the url). Check out...
9
by: William LaMartin | last post by:
I have a problem, mentioned here before, of Session and Application variables disappearing at one site but not at others or on my development computer. The problem is illustrated by an example...
13
by: Alexander Widera | last post by:
hi, who has seen the follow problem or could help please? i visit a page .... i read a sesssion-var . ... everythink works...... i visit the page again..... error ... the sessionvar is null .... i...
18
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...
1
by: KidQuin | last post by:
I am having problems with session value between pages. Happening in both firefox and IE7. I go between page by links so I know it's not header changes. I use session_start as the first line on the...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.