Intermittent loss of session variables and cookie contents

Discussion in 'ASP .Net' started by Steve Remer, Dec 29, 2003.

  1. Steve Remer

    Steve Remer Guest

    My application (relevant code snippets below) originally used Session
    variables in order to maintain state from page to page. After being
    unable to solve the mystery of why those variables were intermittently
    inaccessible, (all Session variables gone, not using InProc Session
    state mode), I moved to a cookies-based solution. Now I have cookie
    contents that are intermittently inaccessible. Someone suggested using
    session variables to "back-up" the cookie functionality, so if one was
    not available, I could fall back on the other. Now it turns out that
    when one is missing, the other is missing as well.

    This is a simple retrieval (from a MSSQL DB) and storage (in a cookie
    and session variable at the same time) of a Customer ID upon
    successful logon. Then, when customer info in needed, an attempt is
    made to get the necessary Customer ID from the cookie. If that is
    null, an attempt is made to get it from the Session variable. If that
    is null, a 0 value is used for the Cust ID, eventually resulting in an
    empty Datareader object.

    We've done tons of Google searches on "disappearing cookies"
    "disappearing session variables", etc. Until today, when we came up
    with the idea of using Session variables to "backup" cookie contents,
    we were not aware that both "cookies disappearing" and "Session
    variables disappearing" were happening at the same time.

    Let me emaphisize that this is only happening about a third of the
    time. I have not been able to replicate either the "disappearing
    cookie" and disappearing Session variable" behavior myself. I have an
    error-trapping routine that emails me with the stack trace upon the
    first invalid read of the empty datareader. Also, for what it's worth,
    Verio is the hosting company involved.

    CODE
    _____
    Cookie and session variable setting in Logon page:

    Dim CustInfo As CWI.CustomersDB = New CWI.CustomersDB()
    Dim rdr As SqlDataReader

    rdr = CustInfo.CustomerLogin(tbxEmail.Text, tbxPassword.Text)

    If Not rdr.Read() Then
    lblLogonFailed.Text = "No such Email/Password"

    Else
    Session.Add("CustID", rdr.GetValue(0))


    Dim cookCustID As New HttpCookie("CID")
    cookCustID.Values.Add("CustID", CStr(rdr.GetValue(0)))
    Dim dtNow As New DateTime()
    Dim tsMinutes As New TimeSpan(0, 2, 0, 0)
    dtNow = Now.Add(tsMinutes)
    cookCustID.Expires = dtNow
    Response.Cookies.Add(cookCustID)
    End If


    COOKIE & SESSION Retrival logic (standard read logic at end omitted)

    Dim CustID As Integer
    Dim cookCustID As HttpCookie
    Dim context As HttpContext = HttpContext.Current

    cookCustID = context.Request.Cookies("CID")

    If cookCustID Is Nothing Then
    If IsDBNull(context.Session.Item("CustID")) Then
    CustID = 0
    Else
    CustID = CInt(context.Session.Item("CustID"))
    End If
    Else
    CustID = cookCustID.Values.Item("CustID")
    End If
     
    Steve Remer, Dec 29, 2003
    #1
    1. Advertising

  2. Hi Steve,

    You've probably checked, but make sure you don't have anti-virus software
    scanning your Webs or the Temporary files location. They've been known to
    make ASP.NET think that a file has changed, causing it to reset the whole
    application - taking the Sessions with it. Worse, some virus scanners detect
    changes to files, so they scan them again and the vicious circle continues.

    "Steve Remer" <> wrote in message
    news:...
    > My application (relevant code snippets below) originally used Session
    > variables in order to maintain state from page to page. After being
    > unable to solve the mystery of why those variables were intermittently
    > inaccessible, (all Session variables gone, not using InProc Session
    > state mode), I moved to a cookies-based solution. Now I have cookie
    > contents that are intermittently inaccessible. Someone suggested using
    > session variables to "back-up" the cookie functionality, so if one was
    > not available, I could fall back on the other. Now it turns out that
    > when one is missing, the other is missing as well.
    >
    > This is a simple retrieval (from a MSSQL DB) and storage (in a cookie
    > and session variable at the same time) of a Customer ID upon
    > successful logon. Then, when customer info in needed, an attempt is
    > made to get the necessary Customer ID from the cookie. If that is
    > null, an attempt is made to get it from the Session variable. If that
    > is null, a 0 value is used for the Cust ID, eventually resulting in an
    > empty Datareader object.
    >
    > We've done tons of Google searches on "disappearing cookies"
    > "disappearing session variables", etc. Until today, when we came up
    > with the idea of using Session variables to "backup" cookie contents,
    > we were not aware that both "cookies disappearing" and "Session
    > variables disappearing" were happening at the same time.
    >
    > Let me emaphisize that this is only happening about a third of the
    > time. I have not been able to replicate either the "disappearing
    > cookie" and disappearing Session variable" behavior myself. I have an
    > error-trapping routine that emails me with the stack trace upon the
    > first invalid read of the empty datareader. Also, for what it's worth,
    > Verio is the hosting company involved.
    >
    > CODE
    > _____
    > Cookie and session variable setting in Logon page:
    >
    > Dim CustInfo As CWI.CustomersDB = New CWI.CustomersDB()
    > Dim rdr As SqlDataReader
    >
    > rdr = CustInfo.CustomerLogin(tbxEmail.Text, tbxPassword.Text)
    >
    > If Not rdr.Read() Then
    > lblLogonFailed.Text = "No such Email/Password"
    >
    > Else
    > Session.Add("CustID", rdr.GetValue(0))
    >
    >
    > Dim cookCustID As New HttpCookie("CID")
    > cookCustID.Values.Add("CustID", CStr(rdr.GetValue(0)))
    > Dim dtNow As New DateTime()
    > Dim tsMinutes As New TimeSpan(0, 2, 0, 0)
    > dtNow = Now.Add(tsMinutes)
    > cookCustID.Expires = dtNow
    > Response.Cookies.Add(cookCustID)
    > End If
    >
    >
    > COOKIE & SESSION Retrival logic (standard read logic at end omitted)
    >
    > Dim CustID As Integer
    > Dim cookCustID As HttpCookie
    > Dim context As HttpContext = HttpContext.Current
    >
    > cookCustID = context.Request.Cookies("CID")
    >
    > If cookCustID Is Nothing Then
    > If IsDBNull(context.Session.Item("CustID")) Then
    > CustID = 0
    > Else
    > CustID = CInt(context.Session.Item("CustID"))
    > End If
    > Else
    > CustID = cookCustID.Values.Item("CustID")
    > End If
     
    Ken Cox [Microsoft MVP], Dec 30, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Remer

    Intermittent loss of session variables

    Steve Remer, Nov 26, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    523
    Steve Remer
    Dec 1, 2003
  2. Michael Carr

    Bizarre loss of Session variables

    Michael Carr, Jan 13, 2004, in forum: ASP .Net
    Replies:
    14
    Views:
    731
    Michael Carr
    Jan 14, 2004
  3. Shapper

    Cookie and Session Cookie Questions.

    Shapper, Apr 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    576
  4. Joey
    Replies:
    2
    Views:
    396
    Robozel
    Mar 11, 2006
  5. peprom

    Session data loss during user logged session

    peprom, Aug 15, 2007, in forum: ASP .Net Security
    Replies:
    3
    Views:
    264
    Navneet khehra
    Sep 11, 2007
Loading...

Share This Page