Session state doesn't refresh

Hi all,

I posted this question some time ago in an earlier thread but so far I
still don't have an understanding of why this is happening or what I
can do to fix it.

I use Session variables, such as Session("username") to store a lot of
information about who is logged in to my app and what they can do.
Since the app permits certain users to impersonate other users (permits
some users to delegate their work to assistants, who are therefore
impersonating the principals), I allow a user to go back to the login
page and re-log in. But when they return to the home page, which reads
these session variables and displays controls based on what they can or
cannot do, I have to click the browser's refresh button to get the home
page to re-read the session variables. I can't count on my users to do
this (click refresh). How can I guarantee that a page is going to
re-read the session variables when it loads?

I have a simple page for debugging that displays session variables:
<%@ Page Language="VB" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
Protected Sub Page_Load()
lblusername.Text = Session("username").ToString()
End Sub
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Display Session Vars</title>
</head>
<body>
<form id="form1" runat="server">
<div>
username: <asp:Label id="lblusername" runat="server"
/><br/>
</div>
</form>
</body>
</html>

Even this page I have to manually refresh to get it to show the new
value. My web.config file is bare -- there is nothing in there except
for a connection string for a database, and in this case I am not doing
any database calls.

I am wondering if this problem is related to the way this page is
called. When someone changes their username, they go to a login page
to select a new username from a dropdownlist, and when they click the
button to submit the form, code like the following is run:
Dim newUsernameDdl As DropDownList
newUsernameDdl = CType(form.FindControl("ddlUsername"), DropDownList)
Dim newUsername As String = newUsernameDdl.SelectedValue
Session("username") = newUsername
Response.Redirect("default.aspx", False)

When I do a response.redirect, is that somehow telling the app to
reload the default.aspx page from the cache and not re-run it from
scratch? My understanding of the second param in the function
signature (False) is that it tells asp.net to stop processing the
current page (the login page that's doing the redirect).

Anyway, what I really need is some code to tell my default.aspx page
that it needs to go out and grab the very latest values of all the
session variables -- is there a way of doing this?

Thanks in advance.

-- Ned

Ned,

Do you think it's possible that the caching is happening at the browser
level? Have you checked your browser settings to see if it is set to
look for a new version of the page on each visit?

You may want to check into settings that will tell browsers not to
cache your pages at all. I don't have the actual property settings and
method calls handy, but that may help.

Gary

Ned Balzer wrote:

Hi all,

I posted this question some time ago in an earlier thread but so far I
still don't have an understanding of why this is happening or what I
can do to fix it.

I use Session variables, such as Session("username") to store a lot of
information about who is logged in to my app and what they can do.
Since the app permits certain users to impersonate other users (permits
some users to delegate their work to assistants, who are therefore
impersonating the principals), I allow a user to go back to the login
page and re-log in. But when they return to the home page, which reads
these session variables and displays controls based on what they can or
cannot do, I have to click the browser's refresh button to get the home
page to re-read the session variables. I can't count on my users to do
this (click refresh). How can I guarantee that a page is going to
re-read the session variables when it loads?

I have a simple page for debugging that displays session variables:
<%@ Page Language="VB" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
Protected Sub Page_Load()
lblusername.Text = Session("username").ToString()
End Sub
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Display Session Vars</title>
</head>
<body>
<form id="form1" runat="server">
<div>
username: <asp:Label id="lblusername" runat="server"
/><br/>
</div>
</form>
</body>
</html>

Even this page I have to manually refresh to get it to show the new
value. My web.config file is bare -- there is nothing in there except
for a connection string for a database, and in this case I am not doing
any database calls.

I am wondering if this problem is related to the way this page is
called. When someone changes their username, they go to a login page
to select a new username from a dropdownlist, and when they click the
button to submit the form, code like the following is run:
Dim newUsernameDdl As DropDownList
newUsernameDdl = CType(form.FindControl("ddlUsername"), DropDownList)
Dim newUsername As String = newUsernameDdl.SelectedValue
Session("username") = newUsername
Response.Redirect("default.aspx", False)

When I do a response.redirect, is that somehow telling the app to
reload the default.aspx page from the cache and not re-run it from
scratch? My understanding of the second param in the function
signature (False) is that it tells asp.net to stop processing the
current page (the login page that's doing the redirect).

Anyway, what I really need is some code to tell my default.aspx page
that it needs to go out and grab the very latest values of all the
session variables -- is there a way of doing this?

Thanks in advance.

-- Ned

Yeah, you may be right. I have been doing all my development and
testing with Firefox 1.5 (most of my users will be using firefox), and
it does claim to cache pages -- no way I've found yet to tell it not to
(in browser settings -- maybe I should add some sort of nocache meta
tag in the head of each page's html. But I would hope that browsers
would see the .aspx extension on the pages they're requesting and know
that the content is dynamic.

Thanks, I'll keep looking (but anyone else reading this, if you have
any suggestions on how to force browsers from the server side to
reload, please chime in!)

-- Ned

Gary wrote:

Ned,

Do you think it's possible that the caching is happening at the browser
level? Have you checked your browser settings to see if it is set to
look for a new version of the page on each visit?

You may want to check into settings that will tell browsers not to
cache your pages at all. I don't have the actual property settings and
method calls handy, but that may help.

Gary

Ned Balzer wrote:

Hi all,
>
I posted this question some time ago in an earlier thread but so far I
still don't have an understanding of why this is happening or what I
can do to fix it.
>
I use Session variables, such as Session("username") to store a lot of
information about who is logged in to my app and what they can do.
Since the app permits certain users to impersonate other users (permits
some users to delegate their work to assistants, who are therefore
impersonating the principals), I allow a user to go back to the login
page and re-log in. But when they return to the home page, which reads
these session variables and displays controls based on what they can or
cannot do, I have to click the browser's refresh button to get the home
page to re-read the session variables. I can't count on my users to do
this (click refresh). How can I guarantee that a page is going to
re-read the session variables when it loads?
>
I have a simple page for debugging that displays session variables:
<%@ Page Language="VB" %>
>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>
<script runat="server">
Protected Sub Page_Load()
lblusername.Text = Session("username").ToString()
End Sub
</script>
>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Display Session Vars</title>
</head>
<body>
<form id="form1" runat="server">
<div>
username: <asp:Label id="lblusername" runat="server"
/><br/>
</div>
</form>
</body>
</html>
>
Even this page I have to manually refresh to get it to show the new
value. My web.config file is bare -- there is nothing in there except
for a connection string for a database, and in this case I am not doing
any database calls.
>
I am wondering if this problem is related to the way this page is
called. When someone changes their username, they go to a login page
to select a new username from a dropdownlist, and when they click the
button to submit the form, code like the following is run:
Dim newUsernameDdl As DropDownList
newUsernameDdl = CType(form.FindControl("ddlUsername"), DropDownList)
Dim newUsername As String = newUsernameDdl.SelectedValue
Session("username") = newUsername
Response.Redirect("default.aspx", False)
>
When I do a response.redirect, is that somehow telling the app to
reload the default.aspx page from the cache and not re-run it from
scratch? My understanding of the second param in the function
signature (False) is that it tells asp.net to stop processing the
current page (the login page that's doing the redirect).
>
Anyway, what I really need is some code to tell my default.aspx page
that it needs to go out and grab the very latest values of all the
session variables -- is there a way of doing this?
>
Thanks in advance.
>
-- Ned