Problem with Session Variable

G

Guest

Hello:

This was posted in a wrong forum; that's why I am posting here again. Sorry.

I just wrote my first ASP.Net application, tested it on my development
environment and deployed it on a production server. That's when I encountered
a problem. The anonymous access is turned of and Integrated Windows
Authentication is turned on.

In my Global.ASCX, I have coded the Session_Start event
1. I read Request.ServerVariables("Auth_User")
2. Save it as a variable, userid, in the session variable.

Here is the problem:

1. User A signs in and the screen shows that the userid is "User A".
2. User B signs in through another workstation and his user ID shows "User
A" when in fact it should show "User B".

I thought the session is private to the user?

I got feedback that I should not do anything in Global. Also, setting
session variables in the Session_start event is loopy!

Can somebody tell me what I am doing wrong?

Venki
 
G

Guest

strage... not sure if this will be of any help.. you may want to check if
you are using any static variables to assign this value later in some
pages/assembly.. I have seen similar issue with session values getting mixed,
when using a STATIC variable ..
 
D

Daniel Walzenbach

Venki,

could you post your code. This would make it much easier to help you!
Nevertheless from what you write it seems to me that you want to write your
onw authentication code. Check out the authentication part of your web
config. You can get a first impression by reading
http://www.15seconds.com/issue/020220.htm

Does this help?

Best regards

Daniel Walzenbach
 
G

Guest

Daniel:

Here is the code from Global.ASPX:

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the application is started
End Sub

Sub Session_Start(ByVal Sender As Object, ByVal E As EventArgs)

Dim lbOutcome As InnoBox_BO.User._Outcome

loUser = InnoBox_BO.User.GetInstance
loUser.DBConnString = ConfigurationSettings.AppSettings("DSN1")
Try
lbOutcome =
loUser.CreateByUserID(Request.ServerVariables("Auth_User").ToUpper)
Catch ex As Exception
Server.Transfer("Errors.aspx")
End Try
Session("User") = loUser
Session("DSN1") = ConfigurationSettings.AppSettings("DSN1")
Session("DSN2") = ConfigurationSettings.AppSettings("DSN2")

End Sub

In addition, each form has a Init event coded to make sure that the object,
UserID is available (I am giving an example of one such form):

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()

Dim lbOutcome As InnoBox_BO.User._Outcome
Dim loUser As InnoBox_BO.User

If Session("User") Is Nothing Then
loUser = InnoBox_BO.User.GetInstance
Try
lbOutcome =
loUser.CreateByUserID(Request.ServerVariables("Auth_User").ToUpper)
Catch ex As Exception
Server.Transfer("Errors.aspx")
End Try
loUser = Session("User")
End If
If Session("User").FirstName = Nothing Or Session("User").LastName =
Nothing Then
Server.Transfer("MyProfile.aspx")
End If
End Sub

Thanks for our help
Venki
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top