Dnx_7
asked on
Lost Session Variable
Hi experts,
i have some issue into my web application
i have a lot of session variable :
session("userid")
session("guid")
etc...
when i test my website, i log into my website many many times (without logout method, just close window => like many users do... (just simulate for debugging))
the problem is after 2 or 3 login, sometimes i lost the content of the session variable!
here is my webconfig :
<authentication mode="Forms">
<forms name=".SESSION" loginUrl="Log.aspx" protection="All"/>
</authentication>
I also tried this :
<authentication mode="Forms">
<forms name=".SESSION" loginUrl="Log.aspx" protection="All" timeout = "30"/>
</authentication>
i lost my session variable as always...
i don't where is the problem, i use IE 6
please help.
regards
i have some issue into my web application
i have a lot of session variable :
session("userid")
session("guid")
etc...
when i test my website, i log into my website many many times (without logout method, just close window => like many users do... (just simulate for debugging))
the problem is after 2 or 3 login, sometimes i lost the content of the session variable!
here is my webconfig :
<authentication mode="Forms">
<forms name=".SESSION" loginUrl="Log.aspx" protection="All"/>
</authentication>
I also tried this :
<authentication mode="Forms">
<forms name=".SESSION" loginUrl="Log.aspx" protection="All" timeout = "30"/>
</authentication>
i lost my session variable as always...
i don't where is the problem, i use IE 6
please help.
regards
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
In page load of your first aspx page (think is log.aspx), just execute once will do.
ASKER
ok, i'll test.
regards
regards
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
can you explain me how can i see if the cookie has changed in fiddler?
regards
regards
Sure. Assuming you have Fiddler running:
-your requests are shown on the left hand side.
-open and log in to your application
-click on the requests for the first page once you have logged in.
-On the right handd side of Fiddler, click on Session Inspector
-Underneath the Headers tab, there is a State tree node. Underneath this is a cookie for the session. It will say something like ASP.NET_SessionId=lskjjr55 tq1z2fudcu qsnl55.
-Now log out, log in again, compare the cookies for the protected pages.
Then you can see if the session Id changes when you "lose" your session variables.
You may need to click on Tools, Fiddler Options and change the state of the "Reuse connections" checkbox if you are having any unexpected problems.
Andy
-your requests are shown on the left hand side.
-open and log in to your application
-click on the requests for the first page once you have logged in.
-On the right handd side of Fiddler, click on Session Inspector
-Underneath the Headers tab, there is a State tree node. Underneath this is a cookie for the session. It will say something like ASP.NET_SessionId=lskjjr55
-Now log out, log in again, compare the cookies for the protected pages.
Then you can see if the session Id changes when you "lose" your session variables.
You may need to click on Tools, Fiddler Options and change the state of the "Reuse connections" checkbox if you are having any unexpected problems.
Andy
By the way, this question (https://www.experts-exchange.com/questions/21781920/About-Session-Add-and-Session.html) may help you a little as well. In particular the reference I mention to http://msdn.microsoft.com/msdnmag/issues/03/04/aspnetuserstate/default.aspx.
Andy
Andy
ASKER
sorry for the late
you are right AGBrown!!!
the cookie session doesn't change when i logged in and then logged out and then logged in again
how could it be?
because i use this in the loggingOut
Session.RemoveAll()
Session.Abandon()
FormsAuthentication.SignOu t()
what can i do to "renew" the cookie?
regards
you are right AGBrown!!!
the cookie session doesn't change when i logged in and then logged out and then logged in again
how could it be?
because i use this in the loggingOut
Session.RemoveAll()
Session.Abandon()
FormsAuthentication.SignOu
what can i do to "renew" the cookie?
regards
Dnx_7,
At first this was confusing, so I went off and did some more reading, and found this:
http://msdn.microsoft.com/library/en-us/dnaspp/html/aspnetsessionstate.asp?frame=true
The key paragraph being:
"The session ID of stateless applications doesn't change with the next access if the session timed out or is abandoned. By design, even though the session state expires, the session ID lasts until the browser session is ended. This means that the same session ID is used to represent multiple sessions over time as long as the browser instance remains the same."
Now what is odd is that this is the behaviour that you observer, and yet it is _not_ the behaviour that I observe in my application. My logout button simply calls Session.Abandon() and then FormsAuthentication.SignOu t(). The next login then has a new session associated with it.
The only possible difference that I can see might be between your code and mine is that I have code inside the Session_Start and Session_End event handlers in Global, but there is nothing that would affect the session.
It might be worth starting another question and see if anyone has any idea.
Andy
At first this was confusing, so I went off and did some more reading, and found this:
http://msdn.microsoft.com/library/en-us/dnaspp/html/aspnetsessionstate.asp?frame=true
The key paragraph being:
"The session ID of stateless applications doesn't change with the next access if the session timed out or is abandoned. By design, even though the session state expires, the session ID lasts until the browser session is ended. This means that the same session ID is used to represent multiple sessions over time as long as the browser instance remains the same."
Now what is odd is that this is the behaviour that you observer, and yet it is _not_ the behaviour that I observe in my application. My logout button simply calls Session.Abandon() and then FormsAuthentication.SignOu
The only possible difference that I can see might be between your code and mine is that I have code inside the Session_Start and Session_End event handlers in Global, but there is nothing that would affect the session.
It might be worth starting another question and see if anyone has any idea.
Andy
Scratch that, I checked again and in fact it _is_ the behaviour that I see. However, Session.Abandon() definitely clears my session variables consistently so that the next login is effectively starting from scratch.
So when I said "When the browser is exited, that cookie will disappear." this is correct. However, the postscript to this is that if you only log out, then you will have the same session id when you next log back in. Session.Abandon() will have abandoned the previous "session" (i.e., all the variables will be gone), this fits with what that reference says:
"The session ID of stateless applications doesn't change with the next access if the session timed out or is abandoned. By design, even though the session state expires, the session ID lasts until the browser session is ended. This means that the same session ID is used to represent multiple sessions over time as long as the browser instance remains the same."
And FormsAuthentication.SignOu t() ensures that the cookie that the browser is using is no longer associated with an authenticated user.
Andy
So when I said "When the browser is exited, that cookie will disappear." this is correct. However, the postscript to this is that if you only log out, then you will have the same session id when you next log back in. Session.Abandon() will have abandoned the previous "session" (i.e., all the variables will be gone), this fits with what that reference says:
"The session ID of stateless applications doesn't change with the next access if the session timed out or is abandoned. By design, even though the session state expires, the session ID lasts until the browser session is ended. This means that the same session ID is used to represent multiple sessions over time as long as the browser instance remains the same."
And FormsAuthentication.SignOu
Andy
ASKER
in the session start?
or in the page load of "log.aspx"