How to isolate sessions

M

Mehdi

Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?


Thanks for your time



Kind Regards


Mehdi
 
H

Hermit Dave

window.open or file >> new >> window or target=_blank causes a new instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of IE... say
using quick lauch browser icon or from you start menu. The instance started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
 
M

Mehdi

Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards


Mehdi

Hermit Dave said:
window.open or file >> new >> window or target=_blank causes a new
instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of IE...
say
using quick lauch browser icon or from you start menu. The instance
started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Mehdi said:
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?


Thanks for your time



Kind Regards


Mehdi
 
H

Hermit Dave

okay first why are you passing the value of user id in the query string.
wont a slightly intelligent user be able to log in as someone else just by
randomly changing the value in user id ?

a better way is to just stored it in a ticket. if a new instance sharing the
current session is opened then you dont have a problem cause even that will
share the same session and the user info.

or you can use querystring based session identifier instead of normal cookie
based session.. that way the url itself will contain the session.
--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Mehdi said:
Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards


Mehdi

Hermit Dave said:
window.open or file >> new >> window or target=_blank causes a new
instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of IE...
say
using quick lauch browser icon or from you start menu. The instance
started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Mehdi said:
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?


Thanks for your time



Kind Regards


Mehdi
 
M

Mehdi

Dave,


My asp.net application lifecycle:

There are several users with their own profile(e.g. css, page color scheme
etc) to manage their pages. Then they input some data. There is a global
search facility to include all users items. Againts each item in the search
result, there is a hyperlink "Go to sender's page" that opens a new page
using window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
users page which at this point I use the userid to load their profile.
Amending userid in query string will not allow automatic login. They have
to go to login page for this which I user forms authenticaions and tickets.
Basically I examine userid QueryString in Global.asax
Global_PreRequestHandlerExecute to set as session and load users profile.

I know using sessions for this purpose is not a good idea, but I could't
think of any other methodology. i think you can see the problem here as
when the session changes in the new window, it sets the session of the
global search page to a specific user as well!


Thanks for the reply


Regards

Mehdi





Hermit Dave said:
okay first why are you passing the value of user id in the query string.
wont a slightly intelligent user be able to log in as someone else just by
randomly changing the value in user id ?

a better way is to just stored it in a ticket. if a new instance sharing
the
current session is opened then you dont have a problem cause even that
will
share the same session and the user info.

or you can use querystring based session identifier instead of normal
cookie
based session.. that way the url itself will contain the session.
--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Mehdi said:
Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink
is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards


Mehdi

Hermit Dave said:
window.open or file >> new >> window or target=_blank causes a new
instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of
IE...
say
using quick lauch browser icon or from you start menu. The instance
started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?


Thanks for your time



Kind Regards


Mehdi
 
H

Hermit Dave

well firstly i still dont understand why you need to use this approach.
for a global search i presume you are searching the database and local
folders. why cant you have an access based on roles.
say all users can see the following things from all over users..
make sure the things that can be seen by all users are not bound to a
particular user.. atleast as far as viewing is concerned.. you can always
lock down on others making any modifications allowing only the owner of item
to modify.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Mehdi said:
Dave,


My asp.net application lifecycle:

There are several users with their own profile(e.g. css, page color scheme
etc) to manage their pages. Then they input some data. There is a global
search facility to include all users items. Againts each item in the search
result, there is a hyperlink "Go to sender's page" that opens a new page
using window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
users page which at this point I use the userid to load their profile.
Amending userid in query string will not allow automatic login. They have
to go to login page for this which I user forms authenticaions and tickets.
Basically I examine userid QueryString in Global.asax
Global_PreRequestHandlerExecute to set as session and load users profile.

I know using sessions for this purpose is not a good idea, but I could't
think of any other methodology. i think you can see the problem here as
when the session changes in the new window, it sets the session of the
global search page to a specific user as well!


Thanks for the reply


Regards

Mehdi





Hermit Dave said:
okay first why are you passing the value of user id in the query string.
wont a slightly intelligent user be able to log in as someone else just by
randomly changing the value in user id ?

a better way is to just stored it in a ticket. if a new instance sharing
the
current session is opened then you dont have a problem cause even that
will
share the same session and the user info.

or you can use querystring based session identifier instead of normal
cookie
based session.. that way the url itself will contain the session.
--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Mehdi said:
Dave,

Thanks for the suggestion but window.open(...) occures when a hyperlink
is
clicked. Unfortuntely I can not ask users of my site to open another
instance of their browser and type the whole url in the address bar.

Regards


Mehdi

window.open or file >> new >> window or target=_blank causes a new
instance
of IE which shares the same session as the window from which it was
executed.

if you need it to have a different session, open a new instance of
IE...
say
using quick lauch browser icon or from you start menu. The instance
started
that way will not share the session with the other instances.

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Hi,

In my asp.net (C#) application I use javascript(i.e
window.open('/MyApplication/home.aspx?userid=345', '', '')) to open
another
copy of my application in a new window.

In global.asax I set a Session["UserId"] based on QueryString["userid"].
Obviously when I open a new window, the original session of the first
calling window changes as well, but I need to be unchanged. How can I
achieve this?


Thanks for your time



Kind Regards


Mehdi
 
M

Mehdi

Dave,

I think I need to change my design approach. Thanks for replying.


Regards


Mehdi
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,830
Latest member
ZADIva7383

Latest Threads

Top