nettboyz
asked on
Session Variable problem
i have an appln wherein many session vars are used and the most imp one is Loginname.
For any db operation i.e add/update/delete i log the user who did it using the <session.loginname>.
The problem is when we open two browsers simultaneously and logon as different users and do certain db operations the logging occurs with incorrect loginnames.i.e loginnames are interchanged for both users that too randomly.
Any help would be appreciated.
For any db operation i.e add/update/delete i log the user who did it using the <session.loginname>.
The problem is when we open two browsers simultaneously and logon as different users and do certain db operations the logging occurs with incorrect loginnames.i.e loginnames are interchanged for both users that too randomly.
Any help would be appreciated.
in fact i would extend on what cheekyci suggests and recommend that you drop all session variables completely using StructClear(session)
cheers.
cheers.
You may want to try client var instead of session var. There is really no way around session var failing when using multiple browsers. (we have had this problem here) Using client var usually take care of the problem because they are stored differently on the server (registry or DB table, not memory like app and session)
Hope this helps
Bryan
Hope this helps
Bryan
Why don't you just log the CFID and CFTOKEN as well. The you can differentiate.
:) dapperry
:) dapperry
use cflock tag
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I already tell to use cflock tag
Hi all,
My expertise has shown that in a environtmet like Internet with proxies and other similar stuff isn't a good idea the use of session, client, or any kind of this variables.
In order to garantize the process you must use URL based parameters. It increments the difficult, because you must develop a coding method that garantize the confidenciality of the users making codes difficult to predict but...
Also you must implement a validation method to prevent user to attack directly to a pages with thied IDs or making a testing attack to gain access.
Hope this helps,
cfmrulez!
(I think I've made myself a whirpool :-P).
My expertise has shown that in a environtmet like Internet with proxies and other similar stuff isn't a good idea the use of session, client, or any kind of this variables.
In order to garantize the process you must use URL based parameters. It increments the difficult, because you must develop a coding method that garantize the confidenciality of the users making codes difficult to predict but...
Also you must implement a validation method to prevent user to attack directly to a pages with thied IDs or making a testing attack to gain access.
Hope this helps,
cfmrulez!
(I think I've made myself a whirpool :-P).
If its the same browser, I can see how you run into a problem.
What you should do is check if Session.loginname exists... and if does
then don't let the person login again... they must logout first... session.loginname is set to null and then log in.
CJ