Recyling of sessionID in ASP.NET 2.0

I

Ibrahim.

When a new request is made to the server a new session id is issued to the
client (a browser instance). The problem I’m facing is that session id that
is already assigned to a browser instance is getting recycled for another
browser instance by ASP.NET When the client request is sent to Http server,
the available session id’s (that is already present in the pool) are recycled
from the session pool along with the authentication cookie. Again when a new
request was being done, then available session id is passed on to the client
causing Mix-up of sessions.

The formsauthentication ticket (cookie) is also getting recycled along with
the session cookie session.

Forms authentication ticket is issued if the user selects save me option in
login page.
If the user selects save, then the user id is stored in a cookie encrypted
by forms authentication ticket.


Scenario

In multiuser (concurrent mode) situation, this is causing problem, due to
recyle of session id the forms authencition ticket is getting passed to some
other user who is currently using the site, that means “user z†details are
displayed for “user a†who is some other user accessing the site.

Environement; ASP.NET 2.0, IIS6.0/2003 SERVER.

Please reply if any thoughts
 
A

Anthony Jones

Ibrahim. said:
When a new request is made to the server a new session id is issued to the
client (a browser instance). The problem I'm facing is that session id that
is already assigned to a browser instance is getting recycled for another
browser instance by ASP.NET When the client request is sent to Http server,
the available session id's (that is already present in the pool) are recycled
from the session pool along with the authentication cookie. Again when a new
request was being done, then available session id is passed on to the client
causing Mix-up of sessions.

The formsauthentication ticket (cookie) is also getting recycled along with
the session cookie session.

Forms authentication ticket is issued if the user selects save me option in
login page.
If the user selects save, then the user id is stored in a cookie encrypted
by forms authentication ticket.


Scenario

In multiuser (concurrent mode) situation, this is causing problem, due to
recyle of session id the forms authencition ticket is getting passed to some
other user who is currently using the site, that means "user z" details are
displayed for "user a" who is some other user accessing the site.

Environement; ASP.NET 2.0, IIS6.0/2003 SERVER.

Please reply if any thoughts
Click to expand...

This is group is for classic ASP for ASP.NET help try:-

microsoft.public.dotnet.framework.aspnet
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Recyling of sessionID in ASP.NET 2.0 6
How to retrive payment result value after secure paytabs payment done in PayTabs payment gateway in asp.net 0
ASP.Net [2.0] - SessionID 7
Tabbed Browsing and SessionID 4
sessionId is reused after calling session.abandon 4
Redirecting in ASP.NET 2.0 0
Form Validation/SessionID changes 4
Asp.net Important Topics. 0

Members online

No members online now.
Total: 77 (members: 4, guests: 73)
Robots: 98

Forum statistics

Threads
474,262
Messages
2,571,056
Members
48,769
Latest member
Clifft

Latest Threads

Top