473,403 Members | 2,293 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > strange session restart

Join Bytes to post your question to a community of 473,403 software developers and data experts.

Strange Session Restart

na
I am using form authentication and InProc cookieless session. The
strange thing is that when an authenticated user try to navigate to any
page that is in subfolder of the application root, the session is
restarted and new session id is generated. Thus the user would never be
able to access those pages because each page's InitializeComponent()
checks if (Session.Keys.Count == 0). If yes, then server transfer the
request to login.aspx page again.
Does anyone know why the session is restarted? Thanks. The following
are snippets of the web.config and login.aspx:

Web.config
========
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" defaultRedirect="/accessDenied.aspx"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" cookieless="true" timeout="20" />

<authentication mode="Forms">
<forms
name="my_Authorization"
loginUrl="Login.aspx"
protection="All"
path="/"
requireSSL="false"
slidingExpiration="false">
<credentials passwordFormat = "SHA1"/>
</forms>
</authentication>

<authorization>
<deny users="?"/>
</authorization>

</system.web>

<!-- page that does not require login -->
<location path="main.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

<!-- page that does not require login -->
<location path="_Net/forms/StatusChange.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

Logoin.aspx
=========
private void btnLogin_Click(object sender, System.EventArgs e)
{
if (Page.IsValid)
{
string strAccountName = Server.HtmlEncode(txtAccount.Text);
string strPassword = Server.HtmlEncode(txtPassword.Text);

oUserCredential = new User();
if(oUserCredential.UserCredential(strAccountName, strPassword))
{
Session["Account"] = oUserCredential.Account;
Session["UserID"] = oUserCredential.UserId;
Session["UserOrganization"] = oUserCredential.Organization;
Session["FirstName"] = oUserCredential.FirstName;
Session["LastName"] = oUserCredential.LastName;
Session["UserEmail"] = oUserCredential.Email;
Session["UserRole"] = oUserCredential.Role;
Session["SrmRole"] = oUserCredential.SrmRole;

// Return to the originally requested URL.

System.Web.Security.FormsAuthentication.RedirectFr omLoginPage(strAccount
Name,PersistCookie.Checked);

}
else
Msg.Text = "Invalid Credentials: Please try again. <br/>";
}

*** Sent via Developersdex http://www.developersdex.com ***
Dec 8 '05 #1
3 1831
Is it possible that you write some files in the bin folder? When bin folder
is changed the ASP.NET runtime recicles the worker process.
I have chased similar problem and the problem turn out to be exactly this.
There was third party control that was writing some file in the bin folder.

--

Stoitcho Goutsev (100) [C# MVP]

<na> wrote in message news:O5*************@TK2MSFTNGP15.phx.gbl...
I am using form authentication and InProc cookieless session. The
strange thing is that when an authenticated user try to navigate to any
page that is in subfolder of the application root, the session is
restarted and new session id is generated. Thus the user would never be
able to access those pages because each page's InitializeComponent()
checks if (Session.Keys.Count == 0). If yes, then server transfer the
request to login.aspx page again.
Does anyone know why the session is restarted? Thanks. The following
are snippets of the web.config and login.aspx:

Web.config
========
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" defaultRedirect="/accessDenied.aspx"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" cookieless="true" timeout="20" />

<authentication mode="Forms">
<forms
name="my_Authorization"
loginUrl="Login.aspx"
protection="All"
path="/"
requireSSL="false"
slidingExpiration="false">
<credentials passwordFormat = "SHA1"/>
</forms>
</authentication>

<authorization>
<deny users="?"/>
</authorization>

</system.web>

<!-- page that does not require login -->
<location path="main.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

<!-- page that does not require login -->
<location path="_Net/forms/StatusChange.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

Logoin.aspx
=========
private void btnLogin_Click(object sender, System.EventArgs e)
{
if (Page.IsValid)
{
string strAccountName = Server.HtmlEncode(txtAccount.Text);
string strPassword = Server.HtmlEncode(txtPassword.Text);

oUserCredential = new User();
if(oUserCredential.UserCredential(strAccountName, strPassword))
{
Session["Account"] = oUserCredential.Account;
Session["UserID"] = oUserCredential.UserId;
Session["UserOrganization"] = oUserCredential.Organization;
Session["FirstName"] = oUserCredential.FirstName;
Session["LastName"] = oUserCredential.LastName;
Session["UserEmail"] = oUserCredential.Email;
Session["UserRole"] = oUserCredential.Role;
Session["SrmRole"] = oUserCredential.SrmRole;

// Return to the originally requested URL.

System.Web.Security.FormsAuthentication.RedirectFr omLoginPage(strAccount
Name,PersistCookie.Checked);

}
else
Msg.Text = "Invalid Credentials: Please try again. <br/>";
}

*** Sent via Developersdex http://www.developersdex.com ***

Dec 8 '05 #2
na
Thanks for responding. There are no process that would write to the bin
directory. I investigated that if I don't use the form authentication,
and just use my own navigation, the session variables are kept. Also,
if I flattens the application's directory structure where everything
resides in the same directory, even with form authentication, the
session variables will be persisted. I begin to wonder there is some
sort of buggy logic in .Net Framework Session and Form Authenticaion.
*** Sent via Developersdex http://www.developersdex.com ***
Dec 8 '05 #3
You'd probably get better help in the ASP.NET groups

--

Stoitcho Goutsev (100) [C# MVP]

<na> wrote in message news:um**************@TK2MSFTNGP10.phx.gbl...
Thanks for responding. There are no process that would write to the bin
directory. I investigated that if I don't use the form authentication,
and just use my own navigation, the session variables are kept. Also,
if I flattens the application's directory structure where everything
resides in the same directory, even with form authentication, the
session variables will be persisted. I begin to wonder there is some
sort of buggy logic in .Net Framework Session and Form Authenticaion.
*** Sent via Developersdex http://www.developersdex.com ***

Dec 9 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
ASP.NET Session State
by: ASP.Confused | last post by:
As you can tell from my previous posts on this issue...I'm really confused :-/ I have a few ASP.NET web applications on my web host's "https" server. Our web host has a single "bin" folder for...
ASP.NET
5
Users are randomly losing session and are forced to relogin
by: fbwhite | last post by:
I know this issue has been brought up many times, but I have tried many of the solutions to no avail. I wanted to give my specific case to see if someone could be of any help. We are using the...
ASP.NET
12
Go to Login Page when session expires
by: ACaunter | last post by:
Hi all, I was wondering how i could write some code which would automatically open the Login Page once the session has expired? -- AdamPC@hotmail.com
ASP.NET
13
session empty
by: Alexander Widera | last post by:
hi, who has seen the follow problem or could help please? i visit a page .... i read a sesssion-var . ... everythink works...... i visit the page again..... error ... the sessionvar is null .... i...
ASP.NET
0
Strange Session Restart
by: js | last post by:
I am using form authentication and InProc cookieless session. The strange thing is that when an authenticated user try to navigate to any page that is in subfolder of the application root, the...
ASP.NET
3
Can browser affect the session?
by: HLady | last post by:
I posted earlier about this, I have an application and a sequence of activities will cause the session to restart. My code will go to session_start right after I execute a Response.Redirect(mypage)...
ASP.NET
1
IIS restart + Session Time out
by: abcd | last post by:
I am using classic ASP. When the session times out theglobal.asa event called session_on end is invoked which is absolutely correct. When I explicitely do IIS reset or iis restart then again...
ASP / Active Server Pages
3
strange problem while reorganizing the table, cannot do anything
by: Rahul Babbar | last post by:
Hi, We were trying to run the following set of commands Alter table----successfull reorg table---successfull Alter table---successfull Reorg table----------took lots of time....without...
DB2 Database
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!