ASP.NET sessionstate mix-up, static question

Discussion in 'ASP .Net' started by =?iso-8859-1?B?Sm9oYW4gU2r2c3Ry9m0=?=, Jan 9, 2007.

  1. It seems that many people experience problems with mix-ups and
    non-intentional sharing of sessions in ASP.NET. This is often tracked
    down to the use of static variables for user data, which are indeed
    shared and overwritten among all users.

    I have this problem as well in one of my applications. However, there
    are no static variables, but there are static methods in my (sealed)
    SessionStateManager class, like this one:

    public static User CurrentUser
    {
    get
    {
    if(HttpContext.Current.Session[SessionUser]==null)
    {
    User currentUser = new User();
    HttpContext.Current.Session[SessionUser] = currentUser;
    return currentUser;
    }
    else
    {
    return (User)HttpContext.Current.Session[SessionUser];
    }
    }
    set
    {
    HttpContext.Current.Session[SessionUser] = value;
    }
    }


    Will this design cause trouble? I mean, HttpContext.Current.Session
    should still be unique, right or wrong?

    Cheers,
    Johan Sjöström
    MSc, MCAD, MCTS, MCITP
     
    =?iso-8859-1?B?Sm9oYW4gU2r2c3Ry9m0=?=, Jan 9, 2007
    #1
    1. Advertising

  2. I am not sure why you are doing what you are doing, but static methods do
    not pose a huge problem. The output will be determined as the routine is run
    and it will not, as written, cache anything.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA
    http://gregorybeamer.spaces.live.com

    ********************************************
    Think outside the box!
    ********************************************
    "Johan Sjöström" <> wrote in message
    news:...
    It seems that many people experience problems with mix-ups and
    non-intentional sharing of sessions in ASP.NET. This is often tracked
    down to the use of static variables for user data, which are indeed
    shared and overwritten among all users.

    I have this problem as well in one of my applications. However, there
    are no static variables, but there are static methods in my (sealed)
    SessionStateManager class, like this one:

    public static User CurrentUser
    {
    get
    {
    if(HttpContext.Current.Session[SessionUser]==null)
    {
    User currentUser = new User();
    HttpContext.Current.Session[SessionUser] = currentUser;
    return currentUser;
    }
    else
    {
    return (User)HttpContext.Current.Session[SessionUser];
    }
    }
    set
    {
    HttpContext.Current.Session[SessionUser] = value;
    }
    }


    Will this design cause trouble? I mean, HttpContext.Current.Session
    should still be unique, right or wrong?

    Cheers,
    Johan Sjöström
    MSc, MCAD, MCTS, MCITP
     
    Cowboy \(Gregory A. Beamer\), Jan 9, 2007
    #2
    1. Advertising

  3. Thanks Gregory,

    I am trying to pin-point the reason why the sessions in my ASP.NET 1.1
    web application sometimes get mixed up, i.e. why userA all of the
    sudden sees userB's data. This topic has been dealt with before in this
    newsgroup, and it often comes down to the (mis)use of static variables.
    Some have insinuated that there are bugs in ASP.NET due to the high
    frequency of posts similar to this one. More often that not though,
    coding errors prove to be the cause.

    The example showed one of the typical methods in my SessionStateManager
    class. I use static methods but not static variables. Even so, session
    mix-ups do occur sometimes. Not often, but too often to be neglected.

    But you confirm that this method, as displayed, should be safe to use
    in a multi-(inproc)-session web application? (In that case, the error
    is elsewhere and is not static-related).

    Cheers,
    Johan Sjöström
    MSc, MCAD, MCTS, MCITP


    Cowboy (Gregory A. Beamer) skrev:

    > I am not sure why you are doing what you are doing, but static methods do
    > not pose a huge problem. The output will be determined as the routine is run
    > and it will not, as written, cache anything.
    >
    > --
    > Gregory A. Beamer
    > MVP; MCP: +I, SE, SD, DBA
    > http://gregorybeamer.spaces.live.com
    >
    > ********************************************
    > Think outside the box!
    > ********************************************
    > "Johan Sjöström" <> wrote in message
    > news:...
    > It seems that many people experience problems with mix-ups and
    > non-intentional sharing of sessions in ASP.NET. This is often tracked
    > down to the use of static variables for user data, which are indeed
    > shared and overwritten among all users.
    >
    > I have this problem as well in one of my applications. However, there
    > are no static variables, but there are static methods in my (sealed)
    > SessionStateManager class, like this one:
    >
    > public static User CurrentUser
    > {
    > get
    > {
    > if(HttpContext.Current.Session[SessionUser]==null)
    > {
    > User currentUser = new User();
    > HttpContext.Current.Session[SessionUser] = currentUser;
    > return currentUser;
    > }
    > else
    > {
    > return (User)HttpContext.Current.Session[SessionUser];
    > }
    > }
    > set
    > {
    > HttpContext.Current.Session[SessionUser] = value;
    > }
    > }
    >
    >
    > Will this design cause trouble? I mean, HttpContext.Current.Session
    > should still be unique, right or wrong?
    >
    > Cheers,
    > Johan Sjöström
    > MSc, MCAD, MCTS, MCITP
     
    =?iso-8859-1?B?Sm9oYW4gU2r2c3Ry9m0=?=, Jan 9, 2007
    #3
  4. =?iso-8859-1?B?Sm9oYW4gU2r2c3Ry9m0=?=

    bruce barker Guest

    your sample code is thread safe. static methods are fine, only static
    data is shared. object methods are really static, they just have access
    to the instance data.

    another common problem of mixed data is using a sta com object, and not
    telling asp.net to use a single thread for each request (aspcompat). of
    course the only supported way to use a sta in a webservice is to start
    your own thread.


    -- bruce (sqlwork.com)


    Johan Sjöström wrote:
    > Thanks Gregory,
    >
    > I am trying to pin-point the reason why the sessions in my ASP.NET 1.1
    > web application sometimes get mixed up, i.e. why userA all of the
    > sudden sees userB's data. This topic has been dealt with before in this
    > newsgroup, and it often comes down to the (mis)use of static variables.
    > Some have insinuated that there are bugs in ASP.NET due to the high
    > frequency of posts similar to this one. More often that not though,
    > coding errors prove to be the cause.
    >
    > The example showed one of the typical methods in my SessionStateManager
    > class. I use static methods but not static variables. Even so, session
    > mix-ups do occur sometimes. Not often, but too often to be neglected.
    >
    > But you confirm that this method, as displayed, should be safe to use
    > in a multi-(inproc)-session web application? (In that case, the error
    > is elsewhere and is not static-related).
    >
    > Cheers,
    > Johan Sjöström
    > MSc, MCAD, MCTS, MCITP
    >
    >
    > Cowboy (Gregory A. Beamer) skrev:
    >
    >> I am not sure why you are doing what you are doing, but static methods do
    >> not pose a huge problem. The output will be determined as the routine is run
    >> and it will not, as written, cache anything.
    >>
    >> --
    >> Gregory A. Beamer
    >> MVP; MCP: +I, SE, SD, DBA
    >> http://gregorybeamer.spaces.live.com
    >>
    >> ********************************************
    >> Think outside the box!
    >> ********************************************
    >> "Johan Sjöström" <> wrote in message
    >> news:...
    >> It seems that many people experience problems with mix-ups and
    >> non-intentional sharing of sessions in ASP.NET. This is often tracked
    >> down to the use of static variables for user data, which are indeed
    >> shared and overwritten among all users.
    >>
    >> I have this problem as well in one of my applications. However, there
    >> are no static variables, but there are static methods in my (sealed)
    >> SessionStateManager class, like this one:
    >>
    >> public static User CurrentUser
    >> {
    >> get
    >> {
    >> if(HttpContext.Current.Session[SessionUser]==null)
    >> {
    >> User currentUser = new User();
    >> HttpContext.Current.Session[SessionUser] = currentUser;
    >> return currentUser;
    >> }
    >> else
    >> {
    >> return (User)HttpContext.Current.Session[SessionUser];
    >> }
    >> }
    >> set
    >> {
    >> HttpContext.Current.Session[SessionUser] = value;
    >> }
    >> }
    >>
    >>
    >> Will this design cause trouble? I mean, HttpContext.Current.Session
    >> should still be unique, right or wrong?
    >>
    >> Cheers,
    >> Johan Sjöström
    >> MSc, MCAD, MCTS, MCITP

    >
     
    bruce barker, Jan 9, 2007
    #4
  5. Thanks for the acknowledgement Bruce.

    I'll keep looking for other type of coding errors then.

    Cheers,
    Johan Sjöström
    MSc, MCAD, MCTS, MCITP


    bruce barker skrev:

    > your sample code is thread safe. static methods are fine, only static
    > data is shared. object methods are really static, they just have access
    > to the instance data.
    >
    > another common problem of mixed data is using a sta com object, and not
    > telling asp.net to use a single thread for each request (aspcompat). of
    > course the only supported way to use a sta in a webservice is to start
    > your own thread.
    >
    >
    > -- bruce (sqlwork.com)
    >
    >
    > Johan Sjöström wrote:
    > > Thanks Gregory,
    > >
    > > I am trying to pin-point the reason why the sessions in my ASP.NET 1.1
    > > web application sometimes get mixed up, i.e. why userA all of the
    > > sudden sees userB's data. This topic has been dealt with before in this
    > > newsgroup, and it often comes down to the (mis)use of static variables.
    > > Some have insinuated that there are bugs in ASP.NET due to the high
    > > frequency of posts similar to this one. More often that not though,
    > > coding errors prove to be the cause.
    > >
    > > The example showed one of the typical methods in my SessionStateManager
    > > class. I use static methods but not static variables. Even so, session
    > > mix-ups do occur sometimes. Not often, but too often to be neglected.
    > >
    > > But you confirm that this method, as displayed, should be safe to use
    > > in a multi-(inproc)-session web application? (In that case, the error
    > > is elsewhere and is not static-related).
    > >
    > > Cheers,
    > > Johan Sjöström
    > > MSc, MCAD, MCTS, MCITP
    > >
    > >
    > > Cowboy (Gregory A. Beamer) skrev:
    > >
    > >> I am not sure why you are doing what you are doing, but static methods do
    > >> not pose a huge problem. The output will be determined as the routine is run
    > >> and it will not, as written, cache anything.
    > >>
    > >> --
    > >> Gregory A. Beamer
    > >> MVP; MCP: +I, SE, SD, DBA
    > >> http://gregorybeamer.spaces.live.com
    > >>
    > >> ********************************************
    > >> Think outside the box!
    > >> ********************************************
    > >> "Johan Sjöström" <> wrote in message
    > >> news:...
    > >> It seems that many people experience problems with mix-ups and
    > >> non-intentional sharing of sessions in ASP.NET. This is often tracked
    > >> down to the use of static variables for user data, which are indeed
    > >> shared and overwritten among all users.
    > >>
    > >> I have this problem as well in one of my applications. However, there
    > >> are no static variables, but there are static methods in my (sealed)
    > >> SessionStateManager class, like this one:
    > >>
    > >> public static User CurrentUser
    > >> {
    > >> get
    > >> {
    > >> if(HttpContext.Current.Session[SessionUser]==null)
    > >> {
    > >> User currentUser = new User();
    > >> HttpContext.Current.Session[SessionUser] = currentUser;
    > >> return currentUser;
    > >> }
    > >> else
    > >> {
    > >> return (User)HttpContext.Current.Session[SessionUser];
    > >> }
    > >> }
    > >> set
    > >> {
    > >> HttpContext.Current.Session[SessionUser] = value;
    > >> }
    > >> }
    > >>
    > >>
    > >> Will this design cause trouble? I mean, HttpContext.Current.Session
    > >> should still be unique, right or wrong?
    > >>
    > >> Cheers,
    > >> Johan Sjöström
    > >> MSc, MCAD, MCTS, MCITP

    > >
     
    =?iso-8859-1?B?Sm9oYW4gU2r2c3Ry9m0=?=, Jan 10, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kristofer Liljeblad
    Replies:
    0
    Views:
    602
    Kristofer Liljeblad
    Jun 30, 2003
  2. =?Utf-8?B?Sg==?=

    ASP.NET /Classic ASP Security Mix

    =?Utf-8?B?Sg==?=, Jul 13, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    628
    Raterus
    Jul 13, 2004
  3. Urs Eichmann

    Mix Coldfusion and ASP.NET pages

    Urs Eichmann, Apr 1, 2005, in forum: ASP .Net
    Replies:
    5
    Views:
    927
    Steve C. Orr [MVP, MCSD]
    Apr 2, 2005
  4. NJSS
    Replies:
    2
    Views:
    576
    kumarm
    Oct 10, 2006
  5. Alan T

    Old website mix with asp.net 2

    Alan T, Feb 20, 2007, in forum: ASP .Net
    Replies:
    4
    Views:
    374
    Laurent Bugnion [MVP]
    Feb 20, 2007
Loading...

Share This Page