473,395 Members | 1,730 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > visual basic .net > questions > this should be an easy question....

Join Bytes to post your question to a community of 473,395 software developers and data experts.

This SHOULD be an easy question....

As someone who's had a "fair" amount of web development experience, I
shocked that I can't answer this question myself:

Q: How does one maintain state and pass data across web pages and do so in a
secured manner?

Before you answer, let me assure you that I familiar with the normal methods

1- Passing data in the Query String
2 - Hidden form fields
3- Session Variables
4 - Cookies

option 1
For option 1 to be secure, I would need to encrypt the query string before
sending. This is OK, but the query string is limited and I have too much
state data that I need to store. I could store this data in a database, but
how would I identify the state data at the BROWSER INSTANCE level? Note that
if one browser window spawns a nother, they share the same session ID, so I
can't use this as a key to the data in the database. This is really my main
problem. I need to maintain separate state info for each browser regardless
of how the browser was instantiated.

Option 2-
Yeah, that would work, but it is clumbsy to have hidden fields and it isn't
practical for storing a lot of data. It also is not secure since you can
view it using "View Source". I could encrypt it. Yuck.

Option 3-
Same problem as 1, I think. If you spawn a new browser using <Control N>,
the new browser window is sharing the session state with the old. What I
think the browser should do is tell IIS that a new browser window was
created so IIS would COPY the session data of the current session and create
a new session with the data from the old session as a starting point, but
from that point on, they would be separate sessions.

4-Insecure, and could be disabled and may not be supported on mobile
devices, which I need to target.

The major issue is that I need to be able to unqiue identify a BROWSER
instance. I don't know how to handle when two browser windows share the same
session data. This was a surprise when I realize that this is what happens.
I suspect too that it is also the soure of many potential bugs for existing
web apps.

Your thoughts would be appreciated.


Feb 7 '07 #1
3 1133
"Chad Dokmanovich" <ch*************@comcast.netwrote in
news:Xv******************************@comcast.com:
The major issue is that I need to be able to unqiue identify a BROWSER
instance. I don't know how to handle when two browser windows share
the same session data. This was a surprise when I realize that this is
what happens. I suspect too that it is also the soure of many
potential bugs for existing web apps.
This is how your web browser works (I assume IE) so unless your browser
send some sort of unique identifier... you're SOL.

How about if you load a Java/ActiveX/Javascript applet in the background
which generates a session identifier (i.e. Random Form/URL variable?). Keep
this applet/script running on all pages (IFrame perhaps). When CTRL+N is
hit, I believe the "OnLoad" even should fire - in which case you can triger
the javascript to create a new session id.

You could make the applet even fancier and poll the server to get the login
status... Thus the server could even kick particular windows/sessions out
:-)

Feb 7 '07 #2
Thanks for the reply.

Interesting idea, it would probably work, I imagine, though I would have to
think that this SHOULDn't be necessary. Also, I am ultimately trying to
write a mobile web app and a downloadable component doesn't sound to me like
it could be applied to any device.

One idea I was considering was to have a hidden form field on each web form
that would store a running sequencial number of the last "post count" from a
unique sessionid. If a user opened a new vrowser, posted, and then returned
to the first and tried to post, the expected sequence of the first would be
off from what was expected and the server would know to start a new session
id and send them to the log on screen.

This interfered more with the user experience but was more of a server based
solution, which is what I was looking for.
What I think IE should do it tell IIS to start a new session number but
copy over all the session info of the spawning session. From there, the
there should be a new session.

There got to be a better way to handle this, I can't accept otherwise.

"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn*********************************@140.99.99 .130...
"Chad Dokmanovich" <ch*************@comcast.netwrote in
news:Xv******************************@comcast.com:
>The major issue is that I need to be able to unqiue identify a BROWSER
instance. I don't know how to handle when two browser windows share
the same session data. This was a surprise when I realize that this is
what happens. I suspect too that it is also the soure of many
potential bugs for existing web apps.

This is how your web browser works (I assume IE) so unless your browser
send some sort of unique identifier... you're SOL.

How about if you load a Java/ActiveX/Javascript applet in the background
which generates a session identifier (i.e. Random Form/URL variable?).
Keep
this applet/script running on all pages (IFrame perhaps). When CTRL+N is
hit, I believe the "OnLoad" even should fire - in which case you can
triger
the javascript to create a new session id.

You could make the applet even fancier and poll the server to get the
login
status... Thus the server could even kick particular windows/sessions out
:-)

Feb 8 '07 #3
"Chad Dokmanovich" <ch*************@comcast.netwrote in
news:js******************************@comcast.com:
Thanks for the reply.

Interesting idea, it would probably work, I imagine, though I would
have to think that this SHOULDn't be necessary. Also, I am ultimately
trying to write a mobile web app and a downloadable component doesn't
sound to me like it could be applied to any device.
Your problem is compounded by two things:

1. There is no defined standard for HTTP sessions - sessions are
provided by the web application framework

2. Multiple windows is a feature of your web browser. Again there is no
standard on how this feature should work. HTTP only defines the
underlying transfer protocol. Thus IE "chose" to keep a session on each
load which is totally legitimate since it doesn't break the HTTP
protocol.

So due to the way HTTP works - we have to live with it's limitations :-(
One idea I was considering was to have a hidden form field on each web
form that would store a running sequencial number of the last "post
count" from a unique sessionid. If a user opened a new vrowser,
posted, and then returned to the first and tried to post, the expected
sequence of the first would be off from what was expected and the
server would know to start a new session id and send them to the log
on screen.
Yes that could work too - but what if a user reloads the form?
What I think IE should do it tell IIS to start a new session number
but copy over all the session info of the spawning session. From
there, the there should be a new session.
Like I said above, HTTP doesn't define these features... so the
characteristic of IE keeping the session while opening a new window is
just how IE works. Another browser could do something totally different.
There got to be a better way to handle this, I can't accept otherwise.
Take a look at the HTTP RFCs, there are no provisions for this sort of
thing.

How about if you fix your web application and don't depend on global
session variables so much? You could fetch the database on each page
load... that'll ensure each page gets rendered correctly. I've seen
several websites where users can have multiple windows opens and still
surf the site OK.
Feb 8 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
should be easy query question
by: Tim | last post by:
hi all, I have a table of customers. I have a table of products they have ordered. How can I find all customers who have ordered productA and productB at any time. It sounds so easy, but...
Microsoft SQL Server
2
Easy combo box question
by: Mason Wood | last post by:
I have another question for the community, and hopefully it's an easy one. It seems ridiculously simple, but I can't find anything on it. I have a combo box that is bound to a table. When a...
Microsoft Access / VBA
59
Is ASP.NET really as good as they claim? (No, this isn't a troll, please read)
by: Alan Silver | last post by:
Hello, This is NOT a troll, it's a genuine question. Please read right through to see why. I have been using Vusual Basic and Classic ASP for some years, and have now started looking at...
ASP.NET
13
Easy question for all expert
by: Ghislain Tanguay | last post by:
I have a compiled vb.net app and I want to give the user a choice to launch it from the start line command and pass it a parameter or not. How can I do that in my code? Is it possible? Ex. :...
Visual Basic .NET
23
Is there an easy way to copies all files in a directory into another directory?
by: **Developer** | last post by:
Is there an easy way to copies all files in a directory into another directory? What about coping subdirectories too? Thanks in advance for any info
Visual Basic .NET
8
Very Easy Question, How to write log to SECURTY Event Log? Please help
by: John | last post by:
Is there any special code I have to write to log event to Security Event Log? The following code give me "Very Easy Question, How to write log to SECURTY Event Log? Please help" Error // Create...
C# / C Sharp
3
Everything you need can be found in this site.
by: vijaykokate | last post by:
Our company http://www.softnmation.com/ offers its customers a great variety of products. Everything you need can be found in this site. Web Template, CSS Template, Logo Template, Corporate...
HTML / CSS
6
Easy question about redefining a function
by: Martin Bootsma | last post by:
I have a C question, which looks very easy, but no one here seems to know an easy answer. I have a function "powell" (from Numerical Recipes) which takes an argument of the type "double...
C / C++
28
Is there an obvious way to do this in python?
by: H J van Rooyen | last post by:
Hi, I want to write a small system that is transaction based. I want to split the GUI front end data entry away from the file handling and record keeping. Now it seems almost trivially easy...
Python
27
strncpy not that easy to use
by: smnoff | last post by:
How does( or should user use) strncpy() to allocate enough memory space for the destination string, s1? I guess I am having trouble using strncpy as it seems to be giving me errors. And just...
C / C++
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!