Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Lost Session Variable

Posted on 2006-03-20
11
Medium Priority
?
408 Views
Last Modified: 2012-06-21
Hi experts,

i have some issue into my web application

i have a lot of session variable :

session("userid")
session("guid")
etc...

when i test my website, i log into my website many many times (without logout method, just close window => like many users do... (just simulate for debugging))
the problem is after 2 or 3 login, sometimes i lost the content of the session variable!

here is my webconfig :

<authentication mode="Forms">
      <forms name=".SESSION" loginUrl="Log.aspx" protection="All"/>
</authentication>

I also tried this :


<authentication mode="Forms">
      <forms name=".SESSION" loginUrl="Log.aspx" protection="All" timeout = "30"/>
</authentication>

i lost my session variable as always...

i don't where is the problem, i use IE 6

please help.

regards
0
Comment
Question by:Dnx_7
  • 5
  • 4
  • 2
11 Comments
 
LVL 12

Assisted Solution

by:bsdotnet
bsdotnet earned 200 total points
ID: 16235463
Login timeout is different from session variable timeout (by default is 20min), you can set session variable timeout (e.g. to one hour) by
 Session.Timeout = 60
0
 
LVL 2

Author Comment

by:Dnx_7
ID: 16235625
where i have to put this?
in the session start?
or in the page load of "log.aspx"
0
 
LVL 12

Expert Comment

by:bsdotnet
ID: 16235652
In page load of your first aspx page (think is log.aspx), just execute once will do.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:Dnx_7
ID: 16235666
ok, i'll test.

regards
0
 
LVL 12

Accepted Solution

by:
AGBrown earned 800 total points
ID: 16236354
Dnx_7,

I'm a little confused by your scenario. As far as I can work out, you shouldn't ever be able to recover the session variables once you have closed your browser. If you close your browser, and then open a new browser window, you will create a new session altogether - so you shouldn't be able to access the session variable. Session's are defined using a cookie that is sent to the user's browser. When the browser is exited, that cookie will disappear.

In this case, the only way to keep information between sessions would be to permanently persist it to a database, or to store it in the ApplicationState - but the latter is accessible by all users, so you need to be very careful.

Have you tried using something like Fiddler (available for free on the web) to check your cookies? I would expect that when you "lose" your session variable it's because the session cookie has changed.

Andy
0
 
LVL 2

Author Comment

by:Dnx_7
ID: 16266552
can you explain me how can i see if the cookie has changed in fiddler?

regards
0
 
LVL 12

Expert Comment

by:AGBrown
ID: 16269385
Sure. Assuming you have Fiddler running:
-your requests are shown on the left hand side.
-open and log in to your application
-click on the requests for the first page once you have logged in.
-On the right handd side of Fiddler, click on Session Inspector
-Underneath the Headers tab, there is a State tree node. Underneath this is a cookie for the session. It will say something like ASP.NET_SessionId=lskjjr55tq1z2fudcuqsnl55.
-Now log out, log in again, compare the cookies for the protected pages.

Then you can see if the session Id changes when you "lose" your session variables.

You may need to click on Tools, Fiddler Options and change the state of the "Reuse connections" checkbox if you are having any unexpected problems.

Andy
0
 
LVL 12

Expert Comment

by:AGBrown
ID: 16269408
0
 
LVL 2

Author Comment

by:Dnx_7
ID: 16308635
sorry for the late

you are right AGBrown!!!

the cookie session doesn't change when i logged in and then logged out and then logged in again
how could it be?

because i use this in the loggingOut

        Session.RemoveAll()
        Session.Abandon()
        FormsAuthentication.SignOut()

what can i do to "renew" the cookie?

regards
0
 
LVL 12

Expert Comment

by:AGBrown
ID: 16319934
Dnx_7,

At first this was confusing, so I went off and did some more reading, and found this:
http://msdn.microsoft.com/library/en-us/dnaspp/html/aspnetsessionstate.asp?frame=true

The key paragraph being:
"The session ID of stateless applications doesn't change with the next access if the session timed out or is abandoned. By design, even though the session state expires, the session ID lasts until the browser session is ended. This means that the same session ID is used to represent multiple sessions over time as long as the browser instance remains the same."

Now what is odd is that this is the behaviour that you observer, and yet it is _not_ the behaviour that I observe in my application. My logout button simply calls Session.Abandon() and then FormsAuthentication.SignOut(). The next login then has a new session associated with it.

The only possible difference that I can see might be between your code and mine is that I have code inside the Session_Start and Session_End event handlers in Global, but there is nothing that would affect the session.

It might be worth starting another question and see if anyone has any idea.

Andy
0
 
LVL 12

Expert Comment

by:AGBrown
ID: 16320018
Scratch that, I checked again and in fact it _is_ the behaviour that I see. However, Session.Abandon() definitely clears my session variables consistently so that the next login is effectively starting from scratch.

So when I said "When the browser is exited, that cookie will disappear." this is correct. However, the postscript to this is that if you only log out, then you will have the same session id when you next log back in. Session.Abandon() will have abandoned the previous "session" (i.e., all the variables will be gone), this fits with what that reference says:

"The session ID of stateless applications doesn't change with the next access if the session timed out or is abandoned. By design, even though the session state expires, the session ID lasts until the browser session is ended. This means that the same session ID is used to represent multiple sessions over time as long as the browser instance remains the same."

And FormsAuthentication.SignOut() ensures that the cookie that the browser is using is no longer associated with an authenticated user.

Andy
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question