Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > .NET > .NET 1.0 and Visual Studio.NET > VS.NET 2002/2003
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
VS.NET 2002/2003 Discussions about the Visual Studio.NET programming environment, the 2002 (1.0) and 2003 (1.1). ** Please don't post code questions here ** For issues specific to a particular language in .NET, please see the other forum categories.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the VS.NET 2002/2003 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #51 (permalink)  
Old December 3rd, 2004, 11:53 AM
Registered User
 
Join Date: Dec 2004
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

My users have been experiencing this problem much more often now that my website has moved from a win2000 server to win2003 web edition clustered servers. In win2000, this error would usually occur for the first person to hit the web site after one of the dlls in the bin folder or the web.config file was updated. Now, it also randomly occurs for 1 out of 20 users on the same web server. Since the other 19 users don't lose their session, the problem is not with the web application restarting.
Reply With Quote
  #52 (permalink)  
Old December 19th, 2004, 02:09 AM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

What method of session state storage are you using? If you are running a site with clustered servers and are using in-memory state management, you are quite likely to have users loose their sessions because of server switching. However, the use of a state server or SQL server state storage could solve most of the problem.
Reply With Quote
  #53 (permalink)  
Old December 20th, 2004, 11:01 AM
Registered User
 
Join Date: Dec 2004
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm storing the session state in process. Since I can't reproduce this error on demand, I'm having a hard time figuring out exactly what's going on. On some occasions, the error is being logged on a different web server from the web server the user logged in on.

There are ways to make sure the user is sent to the same web server on every request. I think my problem is similar to (http://support.microsoft.com/default...b;en-us;251027).

I haven't tried the other session storage options partly because of the large amount of code that will have to be reviewed and tested (the other options only hold serializable objects). I imagine I would have the same problem if I used a state server on each clustered server. A single state server would give me a single point of failure, which defeats the purpose of having the clustered web servers. I have a fail over sqlserver instance, but it is heavily used and using it will greatly slow down my web servers.
Reply With Quote
  #54 (permalink)  
Old December 21st, 2004, 05:33 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Quote:
quote:Originally posted by Mudbugz_38
 A single state server would give me a single point of failure, which defeats the purpose of having the clustered web servers

Some would disagree with that. In some cases, a clustered system is not for failover, but for process/request distribution. In many cases with a processor intensive application, a single database/session server may very well be quite adequate (failover aside) but you may require several web servers to help distribute the application load.

If I'm not mistaken, you should be able to change the session management configuration without re-writing any code because everything is accessed thru the same session object. .NET handles the details of storage. I'm sure that at some point I worked with an application that stored a complicated object in session and we didn't need to re-write anything when we moved to using SQL Server session storage.
Reply With Quote
  #55 (permalink)  
Old December 21st, 2004, 07:11 PM
Registered User
 
Join Date: Dec 2004
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
quote:Originally posted by planoie
 In some cases, a clustered system is not for failover, but for process/request distribution. In many cases with a processor intensive application, a single database/session server may very well be quite adequate (failover aside) but you may require several web servers to help distribute the application load.
I have 2 web servers set up in a cluster not because of the load, but because of the high dependance on the applications running on the web servers. The second server only exists for backup reasons.

Quote:
quote:Originally posted by planoie
 If I'm not mistaken, you should be able to change the session management configuration without re-writing any code because everything is accessed thru the same session object. .NET handles the details of storage.

For objects to be stored in a state server or sqlserver, they must be marked as serializable. I know that some of the code is storing user defined classes and objects such as DataTables that are NOT marked as serializable inside of the session. Changing and testing all of the code that currently puts objects such as datatables into the session to use datasets instead will be time consuming.
Reply With Quote
  #56 (permalink)  
Old December 27th, 2004, 01:28 PM
Authorized User
 
Join Date: Dec 2004
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am having little weired problem and i guess it is related to session but not sure of it.
my web application allows users to log in and see their "own" data...but some time (once/twice a year) i get a complaint that user can see each others data! mean when user A logs in he/she sees data that belongs to user B.
i have gone through the code thousnd of times and cant see any code error.
There is one possiblity of "session id collision" ..if two users use the same session id (that little complex id appears in the address bar and generated by IIS), this is possible that both user can see same data.

any inputs on this kinda problem?
Reply With Quote
  #57 (permalink)  
Old December 27th, 2004, 02:57 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

I wish you posted a separate thread for this problem, as it's not really related to the original topic.

Anyway, Are you using cookieless sessions??

If the session ID is appended to the QueryString, it *is* possible that users open a URL with an ID that belongs to another session.

Session IDs are *not* guaranteed to be unique over a period of time. This means you shouldn't rely on that ID to uniquely identify a user.
I think using cookieless sessions, where the session ID is appended to the URL increases the chances users are seeing each other's data, because it's possible to open a URL (from the history, bookmark etc) with a session ID that now belongs to someone else.

If I were you, I'd not use the Session ID as an identifier; instead generate a truly unique ID for each user by using, for example, a database, or create a new GUID for each user.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #58 (permalink)  
Old December 27th, 2004, 04:31 PM
Authorized User
 
Join Date: Dec 2004
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Imar,

and sorry for posting in a wrong section, but i was looking at other post in this section and everybody was talking about session and IIS, thought this is a right stop for me.

Yes i am using cookieless session, actually we cant change this session id now, as this is already running application and i am assigned to solve this "bug". I already suggested using our own unique id (but requires major change to application so got NO) we also posted a note for user to "close" the old browser and open a new for fresh login..but we cant rely on them!

is there any alternative solution to avoid this problem? i mean without any major changes to existing app?

Thanks for your immediate reply.
Reply With Quote
  #59 (permalink)  
Old December 27th, 2004, 05:39 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Well, I don't think there is much you can do. You are using a non-unique key and treat it as unique. Best way to get you into troubles ;)

One option could be to disable cookieless sessions, and switch to sessions with cookies. Is cookieless session really necessary? Or was that just added to the app for fun by the same blockhead that used the session ID as a unique key?? (sorry if you're that blockhead ;)) If you can turn it off, it will decrease the impact of the problem.

Another solution could be to track the IDs that IIS hands out. For example, on the entry page of the application, you can take a look at the ID people are passing to your app through the QueryString. You'll need to log this ID in a database, and compare each new session against it. If the number is not unique, terminate the session and get a new Session ID.

How often do your users see each other's data? Although Session IDs are not guaranteed to be unique, I believe them to be "fairly unique over a period of time". That is, I don't think IIS hands out the same Session ID during the lifetime of an application (anything between start and stop of the application or server), so I am a bit surprised by this problem.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #60 (permalink)  
Old December 27th, 2004, 06:08 PM
Authorized User
 
Join Date: Dec 2004
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

heheh..no i am not that blockhead..thank god.

Well the story is this application is already built and running from last 2-3 years, never had a problem and suddenly they received this complaint about seeing wrong data. (last time this error has been reported sometime in june this year..and before that somewhere in 2002) so the frequency of error is very very rare.

We had to use cookieless session, as this is internet app and we are not sure of cookie disabled browsers...so thats why cookieless sessions..

i have been trying everything to find out exactly how and why this happens (they also requested me to reproduce this error!!!!) ..going crazy.







Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Session Variables Randomly Disappeared Dmitriy .NET Framework 1.x 1 November 30th, 2006 01:24 AM
Session Variables in C# shikha09 C# 1 November 28th, 2006 10:38 AM
Session Variables Randomly Disappeared Dmitriy General .NET 0 November 20th, 2006 08:42 AM
Is it possible for me using session variables into see07 ASP.NET 1.x and 2.0 Application Design 4 March 9th, 2005 07:46 PM
session variables help face Classic ASP Databases 4 September 12th, 2003 03:57 PM



All times are GMT -4. The time now is 11:55 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.