Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > .NET > .NET 1.0 and Visual Studio.NET > VS.NET 2002/2003
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
VS.NET 2002/2003 Discussions about the Visual Studio.NET programming environment, the 2002 (1.0) and 2003 (1.1). ** Please don't post code questions here ** For issues specific to a particular language in .NET, please see the other forum categories.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the VS.NET 2002/2003 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #61 (permalink)  
Old December 27th, 2004, 06:23 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Depending on the sensitivity of your user's data, I think you need to persuade management to reconsider their "No". See it like this:

A Session ID is like the number you get when you have to wait in line at the local post office, butcher or bakery. This number is "fairly unique over a period of time", so when number 58 is called for, only one person will yell "me". This is good enough to avoid fights for the highly popular first place in the queue.

However, your baker won't use this unique ID to hook the customer up to an account balance. If he did that, it would be too easy to order half a dozen of those delicious baquettes he has and have the bill send to the guy that had number 58 yesterday, or the day before.

So, all in all, there is a major flaw in the design of your application which should be fixed, if you ask me.

I think you can reproduce it like this:

1. Open a browser window with one browser, like IE. Write down the URL that has the unique ID of the session. Do something with the app so you get "user data".

2. Open a new browser, like Firefox, and browse to the same URL with the Session ID of the previous browser.

I think this way, both browsers share the same session. Usually, this won't happen (very frequently), because it's likely that each user gets their unique ID.
However, after some time, the same Session ID is handed out again. This ID is then hooked up to your back end system, resulting in other user's data.....

Is it an option to make the ID uniquer, by appending something you generate to the QueryString??

Cheers,

Imar
Reply With Quote
  #62 (permalink)  
Old December 28th, 2004, 10:19 AM
Authorized User
 
Join Date: Dec 2004
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well,
I tried to reproduce the error same way you explained, and got the same data for both users (although i used the same browser for both users; IE and tested in local LAN environment). but this can happen if some x user emailed/sent a link (As it appears in his/her browser address bar) to the user y ..and user y used the same link to log in ...what happens is, X opens a browser->sent a link to Yloges in -> -> Y loges in -> X accesses a next page and sees Y's data..(seems Y's session overrides the X's session info)..

This is a very limited scenerio, i looked into users error comment (she called to the customer support about it) and she does not maintain anything about emailing or telling a link to anyone..so that's weired..(it's like a 1 in milion chance of generating same session id for another use when she loged in).

I'll persue the idea of generating our custom unique id, and addding some client-base (like currnet timestamp) at the end of that querystring session id..

..by the way how can we generate our own NEXT session id ? we abandon the session at the log off..it does clears all session variables and stuff but it keeps the same session id..i want to generate a new session id at that moment.

Thanks a lot for your valuable inputs.
Reply With Quote
  #63 (permalink)  
Old December 28th, 2004, 05:21 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

AFAIK, when you use Session.Abandon and then redirect to a new page, and write out the Session.SessionID, the new page should have a new sessionID.

Is that now how it works for you??

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #64 (permalink)  
Old December 29th, 2004, 10:09 AM
Authorized User
 
Join Date: Dec 2004
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

nop...it keeps the same session id.
Reply With Quote
  #65 (permalink)  
Old December 29th, 2004, 01:18 PM
Authorized User
 
Join Date: Dec 2004
Location: , , .
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

hello imar,

i have created a new topic for this thing.."Session ID saga"
Reply With Quote
  #66 (permalink)  
Old January 14th, 2005, 06:47 AM
Registered User
 
Join Date: Jan 2005
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello there,

We have the same problem "Session Variables Randomly Disappear".
We have IIS 5 , windows 2000, sqlserver , wa are frecnh, and we developpe a web application in Asp.net / C#.
We works very nice but since 2 days, we have this trouble !
We searched the reason in long list of solutions about recycling ...
   and NO results !

But a BIG INFORMATION : This loss of session appear ONLY ON INTERNET EXPLORER and not appear on other browser (firefox) ! Why ? This can't be a server trouble .

Can you help me ?


Reply With Quote
  #67 (permalink)  
Old January 20th, 2005, 02:07 PM
Registered User
 
Join Date: Jan 2005
Location: , , .
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello davydrey,

I would like to say that you are not alone. In the last week, I have started experiencing exactly the same problem with a website in development. We run Windows 2000, IIS 5, ASP 3.0. We have a development copy on a webserver in-house and an identical copy of the site on a live webserver so the client can check progress.

Suddenly i am having session variables disappearing!

The situation is as follows:

1. I have debugged the code very thoroughly and had a colleague check it for errors. All fine.
2. Only 1 of my session variables disappears between pages. Others are fine.
3. It only disappears in Internet Explorer on a PC. Not on a Mac or in Firefox, or Opera!?
4. It only disappears running on the live server, not the development server. Again, it is identical code, identical platform.
5. It has only started happening very recently.

What I have tried:

1. Changing the domain name of the site.
2. Changing the name of the problem session variable.
3. Deleting the site entirely from IIS and recreating it.

I rarely post to forums. I joined this one specially because of the post from davydrey. I am totally stumped by this problem. Can anyone help? At the moment I am suspecting a microsoft update of some kind. Perhaps this one...? http://support.microsoft.com/default...b;EN-US;316112
Reply With Quote
  #68 (permalink)  
Old January 20th, 2005, 03:52 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

gatecrasher005,

Given that session variables are maintained based on a cookie value, if they aren't working than a general cookie problem would be suspect.

Are you running Virus protection on the problem box? I had this problem until I shut off real time virus scanning. (If you are afraid to off real time scanning, might I suggest shutting down outlook (express) being that it's the source of most worms these days.)

-Peter
Reply With Quote
  #69 (permalink)  
Old January 20th, 2005, 06:31 PM
Registered User
 
Join Date: Jan 2005
Location: Edmonton, , Canada.
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I had to reply here... I think I have found a solution to the random loss of Session Variables issue on IIS6.

Here is what we experienced:
- Session variables seemed to just disappear for no apparent reason
- not reproducible on demand - erratic, sometimes happens every couple of seconds. sometimes it's fine for minutes.
- We have seen the session variables disappear for one page in the site and then re-appear for a different page (or even the same page) later on, not actually having lost the variable for good.
- we actually run those sites load-balanced and it only happened on one of the servers in the webfarm.

[u]Our Solution</u>
For some strange reason we had a non-default setting in the Application Pools Properties. The webgarden was configured to use a maximum of 2 worker processes. With this setting we had the server randomly using process 1 or 2... causing this erratic behavior.
[u]To fix this:</u>
- open the IIS management console
- get properties on: "Application Pools"
- tab to: "Performance"
- find the setting under "Web garden" and decrease the "Maximum Number of Worker Processes" to "1"
- do an IISReset and test your application

This worked for us and saved me a lot of time, as I was just about to re-build the server (I had all my hair pulled out already :(

Good luck to all!

Thomas


Reply With Quote
  #70 (permalink)  
Old January 20th, 2005, 10:11 PM
Registered User
 
Join Date: Jan 2005
Location: , , .
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Mr Tom,

Thanks for your solution to IIS6 and the disappearing session variables. Unfortunately it doesn't solve my particular problem. We are not load balancing - it is a single server - and we are using IIS5.

After more hours of pulling my site apart and trying different test scripts, i have discovered the final problem and a nasty work-around:

The problem occurs only for session variables set in my default web page (default.asp). I set an initial value of 1 for my session variable on this default page: session("area")=1. On another page I change this value: session("area")=2. This only works for the duration of that page. When i then navigate to a third page where no alteration to the session variable occurs, session("area") will magically revert to 1....

... BUT ONLY when viewing the site in Internet Explorer on a PC! In Firefox, the third page will maintain the value 2.

Does that make sense?

The nasty work around (which doesn't explain why the problem occurs) is to make a copy of my default web page as default2.asp and only set session variables on that page.

I want a proper explanation as it's driving me nuts.

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Session Variables Randomly Disappeared Dmitriy .NET Framework 1.x 1 November 30th, 2006 01:24 AM
Session Variables in C# shikha09 C# 1 November 28th, 2006 10:38 AM
Session Variables Randomly Disappeared Dmitriy General .NET 0 November 20th, 2006 08:42 AM
Is it possible for me using session variables into see07 ASP.NET 1.x and 2.0 Application Design 4 March 9th, 2005 07:46 PM
session variables help face Classic ASP Databases 4 September 12th, 2003 03:57 PM



All times are GMT -4. The time now is 02:57 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.