Same sessionID retuned to diff browsers in diff machines

Discussion in 'ASP .Net' started by Berrucho, Dec 5, 2003.

  1. Berrucho

    Berrucho Guest

    Please Help!

    I recently posted this same issue but got no answer... please help

    Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
    Using forms authentication, persistent cookie = false

    Recently my asp.net app is returning wrong data to users. Users frequently
    get data that should only be seen by other user.

    Upon authentication against database in the login page, I set auth cookie
    and fill some session variables like userid, user role ... this info is
    then read and used as criteria for database query.

    In search for an answer I set a hidden field = session.sessionID.tostring
    that gets filled every page_load and discovered that sometimes the
    sessionID returned is exactly the same in two browsers running in two
    different machines. Also noticed that when this happens to user B, user A
    had been recently logged.

    I thought I was changing session data somewhere in my app, thus the
    described errors, but now I understand that as the browser gets a sessionID
    that is already being used by another user my queries get the session
    values of the other user and not the current user

    I also noticed that sometimes the hidden field of user A of page1.aspx was
    sessionID ex. xxxxaaaa... and when navigating to another page the sessionID
    value was diferent but = to sessionID of user B

    Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
    login page, and sometimes users are redirected meaning that the sessionID
    is not the same...

    All pages have EnableSessionState=True

    I have session_start and session_end counting number of users online in
    global.asax

    Please Help, Looking for a resolution for some days, read dozens of
    threads, my books, msdn ... no way...

    Thanks

    B
     
    Berrucho, Dec 5, 2003
    #1
    1. Advertising

  2. I dont know why this is so but I use a different approach. Note that the
    HttpContext.Current.User returns the current user (note that i am just
    writing no code here). Check where u logon the user and put the userid there
    as username. U can then find out who is logged in at any time.

    Will email u some code in a few minutes


    http://www.meshcode.net

    "Berrucho" <> wrote in message
    news:kolqr4525v4d$...
    > Please Help!
    >
    > I recently posted this same issue but got no answer... please help
    >
    > Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
    > Using forms authentication, persistent cookie = false
    >
    > Recently my asp.net app is returning wrong data to users. Users frequently
    > get data that should only be seen by other user.
    >
    > Upon authentication against database in the login page, I set auth cookie
    > and fill some session variables like userid, user role ... this info is
    > then read and used as criteria for database query.
    >
    > In search for an answer I set a hidden field = session.sessionID.tostring
    > that gets filled every page_load and discovered that sometimes the
    > sessionID returned is exactly the same in two browsers running in two
    > different machines. Also noticed that when this happens to user B, user A
    > had been recently logged.
    >
    > I thought I was changing session data somewhere in my app, thus the
    > described errors, but now I understand that as the browser gets a

    sessionID
    > that is already being used by another user my queries get the session
    > values of the other user and not the current user
    >
    > I also noticed that sometimes the hidden field of user A of page1.aspx was
    > sessionID ex. xxxxaaaa... and when navigating to another page the

    sessionID
    > value was diferent but = to sessionID of user B
    >
    > Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
    > login page, and sometimes users are redirected meaning that the sessionID
    > is not the same...
    >
    > All pages have EnableSessionState=True
    >
    > I have session_start and session_end counting number of users online in
    > global.asax
    >
    > Please Help, Looking for a resolution for some days, read dozens of
    > threads, my books, msdn ... no way...
    >
    > Thanks
    >
    > B
     
    Infant Newbie, Dec 5, 2003
    #2
    1. Advertising

  3. couldnt send u the mail but if u email me i will send u the code

    "Berrucho" <> wrote in message
    news:kolqr4525v4d$...
    > Please Help!
    >
    > I recently posted this same issue but got no answer... please help
    >
    > Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
    > Using forms authentication, persistent cookie = false
    >
    > Recently my asp.net app is returning wrong data to users. Users frequently
    > get data that should only be seen by other user.
    >
    > Upon authentication against database in the login page, I set auth cookie
    > and fill some session variables like userid, user role ... this info is
    > then read and used as criteria for database query.
    >
    > In search for an answer I set a hidden field = session.sessionID.tostring
    > that gets filled every page_load and discovered that sometimes the
    > sessionID returned is exactly the same in two browsers running in two
    > different machines. Also noticed that when this happens to user B, user A
    > had been recently logged.
    >
    > I thought I was changing session data somewhere in my app, thus the
    > described errors, but now I understand that as the browser gets a

    sessionID
    > that is already being used by another user my queries get the session
    > values of the other user and not the current user
    >
    > I also noticed that sometimes the hidden field of user A of page1.aspx was
    > sessionID ex. xxxxaaaa... and when navigating to another page the

    sessionID
    > value was diferent but = to sessionID of user B
    >
    > Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
    > login page, and sometimes users are redirected meaning that the sessionID
    > is not the same...
    >
    > All pages have EnableSessionState=True
    >
    > I have session_start and session_end counting number of users online in
    > global.asax
    >
    > Please Help, Looking for a resolution for some days, read dozens of
    > threads, my books, msdn ... no way...
    >
    > Thanks
    >
    > B
     
    Infant Newbie, Dec 5, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cyril Vi?ville

    diff Process under diff users

    Cyril Vi?ville, Jun 29, 2004, in forum: Perl
    Replies:
    1
    Views:
    512
    Joe Smith
    Jun 29, 2004
  2. Ronald
    Replies:
    6
    Views:
    6,958
    Andy Mortimer [MS]
    Feb 23, 2004
  3. A Traveler

    Diff CSS styles for diff INPUT TYPE='s?

    A Traveler, Aug 31, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    4,929
    Steve Fulton
    Aug 31, 2004
  4. El Kabong

    Browsers, browsers! Quo vadis?

    El Kabong, May 11, 2007, in forum: HTML
    Replies:
    23
    Views:
    902
    dorayme
    May 13, 2007
  5. Christopher Brewster
    Replies:
    5
    Views:
    345
    John Machin
    Nov 14, 2008
Loading...

Share This Page