Session Management - Cookieless & Session ID

[fletchsod]

Hi!

After a few days of research, trial and error, I’m no closer to making progress on this project.

I’m working on making ASP.NET session be cookieless because of problems with web-browser’s tabs/windows sharing the cookie file.

--snip—
<sessionState timeout="60" cookieless="true" regenerateExpiredSessionId="false" mode="InProc"></sessionState>
--snip—

Since ASP.NET create session-id automatically, so what I want is to force a new session id to be created on the login webpage (before signing in) no matter what. I have found no way to make this work. I saw this example below but that doesn’t work as the following webpages after login doesn't use this session-id.

--snip—
System.Web.SessionState.SessionIDManager oSessionIdManager = new System.Web.SessionState.SessionIDManager();

bool bRedirected = false;

bool bCookieAdded = false;

string sSessionId = oSessionIdManager.CreateSessionID(HttpContext.Current);
oSessionIdManager.SaveSessionID(HttpContext.Current, sSessionId, out bRedirected, out bCookieAdded);
--snip—

What I want is an unique Session ID for every login so the session data are tie-in to the login access only (unique session id for every logged-in account with no overlapping between multiple users account). Is there a way for us to control the ASP.NET session management and not the other way around? Not to be at the mercy of ASP.NET?

I also saw someone’s comment in the forum that AJAX wouldn’t work with this, I haven’t gotten this far to find out.

Thanks…

 

[jmeckley]

session isn't tied to the log-on, it's tied to the client. you won't be able to have separate sessions per tab. if the cookie is giving you problems with multiple tabs you should look at restructuring the information in the cookie. this would make more sense then attempting to get the web enviornment to do something it's not designed for.


Jason Meckley
Programmer
Specialty Bakers, Inc.

faq855-7190
faq732-7259