I want to use session variables to transmit data from one page to another, e.g the user selects a Customer from a list and I save the ID as session("Customer_ID") for use when finding their orders, contact details etc on other pages.
We've had a number of cases where one set of customer details have been overwritten onto another customer record. I think this is because the session has become 'shared'.
Initially this was found to be when a user had two tabs open on our website at the same time, processing differnt (he thought!) customers. But it's also happened when one user emails the url (containing the session_ID) to another who pastes it while the
initial user/session is still active. Chaos!
So, to the question. When first entering my website I want to find out if the session is already active.
The way I do it at the moment is to set a session variable on my Login page (and don't set it anywhere else in the app). Then I check on each page if this variable exists. If it doesn't it means we have arrived via a 'duplicate' session and I redirect to
a error page.
Note:When the Abandon method is called, the current Session object is queued for deletion but is not actually deleted until all of the script commands on the current page have been processed.
jacob s crac...
Member
11 Points
8 Posts
How to stop session sharing?
Feb 21, 2012 08:49 AM|LINK
I want to use session variables to transmit data from one page to another, e.g the user selects a Customer from a list and I save the ID as session("Customer_ID") for use when finding their orders, contact details etc on other pages.
We've had a number of cases where one set of customer details have been overwritten onto another customer record. I think this is because the session has become 'shared'.
Initially this was found to be when a user had two tabs open on our website at the same time, processing differnt (he thought!) customers. But it's also happened when one user emails the url (containing the session_ID) to another who pastes it while the initial user/session is still active. Chaos!
So, to the question. When first entering my website I want to find out if the session is already active.
The way I do it at the moment is to set a session variable on my Login page (and don't set it anywhere else in the app). Then I check on each page if this variable exists. If it doesn't it means we have arrived via a 'duplicate' session and I redirect to a error page.
Any other more elegant ideas?
srinanthuram
Contributor
6800 Points
1549 Posts
Re: How to stop session sharing?
Feb 21, 2012 09:24 AM|LINK
hi
using
session abandon()
thank u
jacob s crac...
Member
11 Points
8 Posts
Re: How to stop session sharing?
Feb 21, 2012 09:27 AM|LINK
Thanks, and that's what I do when a user logs off. But the point is that the second user joins the session while the first user is still active.
Frank Jiang ...
All-Star
16006 Points
1728 Posts
Microsoft
Re: How to stop session sharing?
Feb 23, 2012 09:32 AM|LINK
Note:When the Abandon method is called, the current Session object is queued for deletion but is not actually deleted until all of the script commands on the current page have been processed.
http://msdn.microsoft.com/en-us/library/ms524310.aspx
http://forums.asp.net/t/1096251.aspx/1
Feedback to us
Develop and promote your apps in Windows Store