Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session bug?

Status
Not open for further replies.
Schimsky

Schimsky

Programmer
Oct 4, 2003
23
0
0
US
Hi,

Here's my situation:

I wrote an asp.net application that assigns a user a unique Id when he logs into the application. I store this unique Id in a session variable, Session("Id") = 'MyUniqueId'. I create this session variable only 1 time in the entire application, right after the user logs in.

The bug I have discovered is that about 10 percent of the time, when 2 users are logged into the application at the same time, the user who logged in first will assume the 2nd users Session("id"). Hence they will both have the same Session("id"). This causes mucho problems, as you can imagine.

I was able to prove this by saving the user's unique id on a hidden field within the page and constently checking to see if it does not match the session("id") field. Sure enough, after a user called to complain, I checked a temporary file I created to show me that the intial session("id") is no longer matching the hidden field value. It now is the same as the 2nd user to log in.

I have tried a few times to duplicate this behavior of shared session variables while I am in my application, but I have not been able to do so. Nonetheless it does appear to be happening to my users.

I have also tried to use the state server. I thought for sure this would fix the problem... But it appears to be still happening.

Am I missing something here???? Session variables seem to be pretty straight forward???

Any advice?

Thanks.

Steve

 
Sort by date Sort by votes
The unique id is made up of the user's Last Name and current time in milliseconds. The uniqueness of the id is NOT the problem.

:-(

 
Upvote 0 Downvote
Upvote 0 Downvote
Here's a piece of the code...


If Not Page.IsPostBack Then
Session("ControlFileName") = "CONTROL.TXT"
Session("KeyFileName") = "OnlinePr.00k"
Session("id") = Session("LastName") & "." & Now.TimeOfDay.TotalMilliseconds
Session("CurrentQuestion") = 1
.
.
.
.
End If
 
Upvote 0 Downvote
It's pretty sure an error somewhere in your code...

Are you using cookies for sessions or have you activated cookieless sessions?

Check to see if you have by any chance users who's Session("LastName") is empty...

--------------------------
"two wrongs don't make a right, but three lefts do" - the unknown sage
 
Upvote 0 Downvote
The session("LastName") is being set on the default.aspx page...

Session("LastName") = Left(txtLastName.Text.Trim.ToUpper & "xxxxxxxxxxxxxxx", 15)


After looking over the code, I decided to move the Session("Id") initialization closer to the Session("LastName") line of code. The session("id") initialization was previously placed inside a page_load event (if not ispostback).... Even though this should not have caused the problem, it might be in a bit "volitile" area.. so i moved it.

Steve

 
Upvote 0 Downvote
Why does each user have to have a unique ID, and if there is a valid reason, why can't you use Session.SessionID?


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
Hi all, Sorry I did not get back to this thread to update it.

I was using cookieless sessions which we all know add a unique identifier to the address of the website, which specifies the session id.

It turns out that a link to my website from someone elses web site had that unique session identifier in the address link, (the webmaster copied the link from the address bar instead of using the link I supplied to him)... Therefore anyone who used that particular link would appear to be in the same session.

I had the webmaster update his link... problem solved.

Thanks everyone

Steve
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

WIREMESH
  • Locked
  • Question
Google Chrome Lost Session
Replies
0
Views
131
WIREMESH
WIREMESH
dvannoy
  • Locked
  • Question
Session Timeout Question
Replies
1
Views
75
jbenson001
jbenson001
tshad
  • Locked
  • Question
Bug in cmd.Parameters statement and byte?
Replies
8
Views
59
jbenson001
jbenson001
XgrinderX
  • Locked
  • Question
Update Session ID after login, prevent Session Fixation
Replies
0
Views
60
XgrinderX
XgrinderX
ApocY85
  • Locked
  • Question
Session ends when accessing an object stored in a session variable
Replies
4
Views
56
MarkSweetland
MarkSweetland

Part and Inventory Search

Sponsor

Back
Top