Last post Feb 14, 2012 03:46 PM by rBlohm
Feb 12, 2012 12:03 PM|rBlohm|LINK
1. I am using .Net Framework 4.x
I am using SQL Server 2008 Standard Edition to serve as Session State service.
I am running VS2010.
Iam running MSIE version 9.x
2. I created the web site (http://mySessionState.Test) using Win 7/IIS-7.x
3. I published my VS2010 project to my LocalHost as a true web site
http://mySessionState.Test. My desktop has Windows 7 64Bits. Witj IIS-7.x installed.
4. I fired up two separate MSIE instances on the same PC. Each with a CreateUserWizard control. In my CreateUserWizard control, I coded the following EventHandler:
protected void RegisterUser_CreatedUser(object sender, EventArgs e)
5. In ViewMySession.aspx page I coded the following EventHandler to examine my SessionID and its Session State value:
protected void Page_Load(object sender, EventArgs e)
6. When I clicked Finish button from the CreateUserWizard control on both MSIE instances (one right after another), I received the same Session ID (yes: same SID). Why?
I read somewhere that each instance of MSIE that a user fires up, the web server would create a unique Session ID just for that very instance. And that the original SID would remain until one exits the web browser (using X to end the MSIE process as example). But
in my case it did not. It uses the same SID on both separate instances on the same PC.
7. Why am I concern? Because I use Session ID as Unique ID to identify Session state values so that people donot get data from each others. By using Session ID, only my browser session would get them!
For example: Session[Session.SessionID+LogonID.Text]=LogonID.Text; This way the logon ID would belong to only one user based on his/her Session ID.
Thanks for your help.
Feb 14, 2012 03:26 AM|Dino He - MSFT|LINK
SessionID property is used to uniquely identify a browser with session data on the server. The SessionID value is randomly generated by ASP.NET and stored in a non-expiring session cookie in the
browser. The SessionID value is then sent in a cookie with each request to the ASP.NET application.
You use the same browser, So the SessionID are the same.
Try to use a IE and a chrome, the Session ID will diffrent.
I have try it on my computer.
You can see diffrent browser diffrent ID.
Hope it helpful.
Feb 14, 2012 09:15 AM|roopeshreddy|LINK
If you want different SessionID, then try File -> New Session in Internet Explorer!
Hope it helps u...
Feb 14, 2012 03:39 PM|rBlohm|LINK
Thanks for your response. No, it is not quite true. You may wish to open as many MSIE instances on your desktop PC as you want. And I just openned two instances (under Windows 7), each gave me a different Session ID against the same application in the same
PC undwer IIS 6.1 (Win 7). However, when I clicked to advance to next page of each instance, then one right after another, both instances gave me the same Session ID of the 2nd instance. As a result the 1st instance got the data from the 2nd instance instead
of its own because IIS 6.x gave it to the 1st one. So I do think it is a bug. Though I have not tested on a true remote (separate) IIS server yet.
If you like and have sometimes, create a simple website (Localhost) with 2 pages. The Login page and a default page. Display Session ID and session states in each page at Page_Load time to see what you get.
In summary, it is not consistent, some times I opened 2 instances of MSIE and each got its own Session ID from the 1st time, some other times not (both got same SID).
It could be a bug! A serious one.
Have good time!
Feb 14, 2012 03:46 PM|rBlohm|LINK
I would like to not worry of that! We are an internet shop. Certainly telling Internet clients click File/New session and others mind-boggling things is not in my mind! And yes, an average Joe and Mary out there will not remember it!