Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Same sessionID retuned to diff browsers in diff machines

Reply
Thread Tools

Same sessionID retuned to diff browsers in diff machines

 
 
Berrucho
Guest
Posts: n/a
 
      12-05-2003
Please Help!

I recently posted this same issue but got no answer... please help

Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
Using forms authentication, persistent cookie = false

Recently my asp.net app is returning wrong data to users. Users frequently
get data that should only be seen by other user.

Upon authentication against database in the login page, I set auth cookie
and fill some session variables like userid, user role ... this info is
then read and used as criteria for database query.

In search for an answer I set a hidden field = session.sessionID.tostring
that gets filled every page_load and discovered that sometimes the
sessionID returned is exactly the same in two browsers running in two
different machines. Also noticed that when this happens to user B, user A
had been recently logged.

I thought I was changing session data somewhere in my app, thus the
described errors, but now I understand that as the browser gets a sessionID
that is already being used by another user my queries get the session
values of the other user and not the current user

I also noticed that sometimes the hidden field of user A of page1.aspx was
sessionID ex. xxxxaaaa... and when navigating to another page the sessionID
value was diferent but = to sessionID of user B

Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
login page, and sometimes users are redirected meaning that the sessionID
is not the same...

All pages have EnableSessionState=True

I have session_start and session_end counting number of users online in
global.asax

Please Help, Looking for a resolution for some days, read dozens of
threads, my books, msdn ... no way...

Thanks

B
 
Reply With Quote
 
 
 
 
Infant Newbie
Guest
Posts: n/a
 
      12-05-2003
I dont know why this is so but I use a different approach. Note that the
HttpContext.Current.User returns the current user (note that i am just
writing no code here). Check where u logon the user and put the userid there
as username. U can then find out who is logged in at any time.

Will email u some code in a few minutes

http://www.velocityreviews.com/forums/(E-Mail Removed)
http://www.meshcode.net

"Berrucho" <(E-Mail Removed)> wrote in message
news:kolqr4525v4d$(E-Mail Removed)...
> Please Help!
>
> I recently posted this same issue but got no answer... please help
>
> Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
> Using forms authentication, persistent cookie = false
>
> Recently my asp.net app is returning wrong data to users. Users frequently
> get data that should only be seen by other user.
>
> Upon authentication against database in the login page, I set auth cookie
> and fill some session variables like userid, user role ... this info is
> then read and used as criteria for database query.
>
> In search for an answer I set a hidden field = session.sessionID.tostring
> that gets filled every page_load and discovered that sometimes the
> sessionID returned is exactly the same in two browsers running in two
> different machines. Also noticed that when this happens to user B, user A
> had been recently logged.
>
> I thought I was changing session data somewhere in my app, thus the
> described errors, but now I understand that as the browser gets a

sessionID
> that is already being used by another user my queries get the session
> values of the other user and not the current user
>
> I also noticed that sometimes the hidden field of user A of page1.aspx was
> sessionID ex. xxxxaaaa... and when navigating to another page the

sessionID
> value was diferent but = to sessionID of user B
>
> Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
> login page, and sometimes users are redirected meaning that the sessionID
> is not the same...
>
> All pages have EnableSessionState=True
>
> I have session_start and session_end counting number of users online in
> global.asax
>
> Please Help, Looking for a resolution for some days, read dozens of
> threads, my books, msdn ... no way...
>
> Thanks
>
> B



 
Reply With Quote
 
 
 
 
Infant Newbie
Guest
Posts: n/a
 
      12-05-2003
couldnt send u the mail but if u email me i will send u the code

"Berrucho" <(E-Mail Removed)> wrote in message
news:kolqr4525v4d$(E-Mail Removed)...
> Please Help!
>
> I recently posted this same issue but got no answer... please help
>
> Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
> Using forms authentication, persistent cookie = false
>
> Recently my asp.net app is returning wrong data to users. Users frequently
> get data that should only be seen by other user.
>
> Upon authentication against database in the login page, I set auth cookie
> and fill some session variables like userid, user role ... this info is
> then read and used as criteria for database query.
>
> In search for an answer I set a hidden field = session.sessionID.tostring
> that gets filled every page_load and discovered that sometimes the
> sessionID returned is exactly the same in two browsers running in two
> different machines. Also noticed that when this happens to user B, user A
> had been recently logged.
>
> I thought I was changing session data somewhere in my app, thus the
> described errors, but now I understand that as the browser gets a

sessionID
> that is already being used by another user my queries get the session
> values of the other user and not the current user
>
> I also noticed that sometimes the hidden field of user A of page1.aspx was
> sessionID ex. xxxxaaaa... and when navigating to another page the

sessionID
> value was diferent but = to sessionID of user B
>
> Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
> login page, and sometimes users are redirected meaning that the sessionID
> is not the same...
>
> All pages have EnableSessionState=True
>
> I have session_start and session_end counting number of users online in
> global.asax
>
> Please Help, Looking for a resolution for some days, read dozens of
> threads, my books, msdn ... no way...
>
> Thanks
>
> B



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
running same script on same data on two different machines -->different result Christopher Brewster Python 5 11-14-2008 08:19 PM
RE: twice same SessionID =?Utf-8?B?U2FtdWVs?= ASP .Net 0 08-31-2004 07:31 AM
Re: twice same SessionID Cowboy \(Gregory A. Beamer\) [MVP] ASP .Net 0 08-30-2004 03:34 PM
Re: twice same SessionID Curt_C [MVP] ASP .Net 1 08-30-2004 02:33 PM
generate own unique sessionid instead standard asp.net 120bit sessionid Ronald ASP .Net 6 02-23-2004 08:03 AM



Advertisments