ASP.NET 2.0 ViewState Persistence

Posted on 2006-03-24
Last Modified: 2008-03-17
Ugh.  I have 2 pages:  a login page and a report page.  When user 1 logs in they see a treeView and a gridView that updates based on the node a user chooses in the treeView.  Now, the problem is that when user 1 logs out and then user 2 logs in they get all of user 1's data in the 2 controls, even though the controls seem to be binding to user 2's data as expected.  I'm having a tough time with this.  I'm assuming this has something to do with the viewstate and/or HTTPContext, but I can't lick it and I'm in a real hurry to get this fixed.  
Question by:thrillingryan
    LVL 9

    Expert Comment

    Can we see how you are saving the data viewstate/http../session??

    Author Comment

    Page Properties:
    <%@ Page Language="C#" Async="true" EnableViewState="false" AutoEventWireup="true" CodeFile="InspectionReports.aspx.cs"
        Inherits="InspectionReports" Trace="true" %>

    TreeView Properties:
                <asp:TreeView ID="TreeView1" runat="server" ImageSet="Arrows" Width="120px" EnableViewState="false"
                    OnSelectedNodeChanged="TreeView1_SelectedNodeChanged1"   AutoGenerateDataBindings="False" PopulateNodesFromClient="false" EnableClientScript="false">

    Page Load:
          protected void Page_Load(object sender, EventArgs e)
                if (!IsPostBack)
                      ViewState["ContactId"] = getContactId();  <---  I check this and its getting the correct value...
                      XmlDocument _xmlDoc = new XmlDocument();
                      XmlDataSource xds = new XmlDataSource();
                      _xmlDoc = ReportPermissionsCollection.ToXML(Int32.Parse(ViewState["ContactId"].ToString()));

                      xds.Data = _xmlDoc.InnerXml; <--- this is getting the correct data, too!
                      TreeView1.DataSource = xds;
                      TreeView1.DataBind();  <----  Why am I getting the previous user's data here?  ...Or am I?

                      ServiceName.Text = "Your newest reports:";

    Author Comment

    Also, from my web.config:

    <sessionState mode="InProc" cookieName="WEBREPORTING" cookieless="UseCookies" ></sessionState>
    LVL 9

    Expert Comment

    why dont you try doing this:

    in the beginning of the page load..

    Author Comment

    Didn't work.  So Wierd! Even if it did, then that would be just the treeview and I'd still have to deal with the gridview... plus it would be a hack and I need to figure out what the real problem is here. I guess I'm gonna have to educate myself on the state persistence behavior of these controls.  If this wasn't tested before release, users would totally be getting other users data presented to them - a huge security problem.  Using ASP.NET everything looks so cool and easy until you start really getting into things then to become so complicted.  There's probably one little setting or a simple line of code I need to add, but it could be any number of things. ggrrr...  so frustrated.  Please, doesn't anyone have a clue?


    Author Comment

    OK... So I enable tracing on the application level (in the web.config) and when I hit the logout link (while logged in as user 1), the section titled "ControlTree" still outputs data about the controls that were used after being logged in (see below).  How can I clear the ControlTree state data?

    Control UniqueID Type Render Size Bytes (including children) ViewState Size Bytes (excluding children) ControlState Size Bytes (excluding children)
    __Page ASP.default_aspx 5300 0 0
        ctl02 System.Web.UI.LiteralControl 175 0 0
        ctl00 System.Web.UI.HtmlControls.HtmlHead 46 0 0
            ctl01 System.Web.UI.HtmlControls.HtmlTitle 33 0 0
        ctl03 System.Web.UI.LiteralControl 14 0 0
        form1 System.Web.UI.HtmlControls.HtmlForm 5045 0 0
            ctl04 System.Web.UI.LiteralControl 10 0 0
            Panel1 System.Web.UI.WebControls.Panel 1962 0 0
                ctl05 System.Web.UI.LiteralControl 15 0 0
                ftcLogoImage System.Web.UI.WebControls.Image 95 0 0
                ctl06 System.Web.UI.LiteralControl 20 0 0
                Login1 System.Web.UI.WebControls.Login 1745 0 0
                    Login1$ctl00 System.Web.UI.WebControls.Login+LoginContainer 1745 0 0
                        Login1$ctl01 System.Web.UI.WebControls.ChildTable 1745 0 0
                            Login1$ctl10 System.Web.UI.WebControls.TableRow 1554 0 0
                                Login1$ctl11 System.Web.UI.WebControls.TableCell 1537 0 0
                                    Login1$ctl02 System.Web.UI.WebControls.Table 1525 0 0
                                        Login1$ctl12 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 168 0 0
                                            Login1$ctl13 System.Web.UI.WebControls.TableCell 147 0 0
                                                Login1$ctl03 System.Web.UI.WebControls.Literal 27 0 0
                                        Login1$ctl14 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 0 0 0
                                            Login1$ctl15 System.Web.UI.WebControls.TableCell 0 0 0
                                                Login1$ctl04 System.Web.UI.WebControls.Literal 0 0 0
                                        Login1$ctl16 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 302 0 0
                                            Login1$ctl17 System.Web.UI.WebControls.TableCell 75 0 0
                                                Login1$ctl05 System.Web.UI.WebControls.LabelLiteral 47 0 0
                                            Login1$ctl18 System.Web.UI.WebControls.TableCell 210 0 0
                                                Login1$UserName System.Web.UI.WebControls.TextBox 90 0 0
                                                Login1$UserNameRequired System.Web.UI.WebControls.RequiredFieldValidator 111 0 0
                                        Login1$ctl19 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 304 0 0
                                            Login1$ctl20 System.Web.UI.WebControls.TableCell 74 0 0
                                                Login1$ctl06 System.Web.UI.WebControls.LabelLiteral 46 0 0
                                            Login1$ctl21 System.Web.UI.WebControls.TableCell 213 0 0
                                                Login1$Password System.Web.UI.WebControls.TextBox 94 0 0
                                                Login1$PasswordRequired System.Web.UI.WebControls.RequiredFieldValidator 110 0 0
                                        Login1$ctl22 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 177 0 0
                                            Login1$ctl23 System.Web.UI.WebControls.TableCell 160 0 0
                                                Login1$RememberMe System.Web.UI.WebControls.CheckBox 134 0 0
                                        Login1$ctl24 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 0 0 0
                                            Login1$ctl25 System.Web.UI.WebControls.TableCell 0 0 0
                                                Login1$FailureText System.Web.UI.WebControls.Literal 0 0 0
                                        Login1$ctl26 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 466 0 0
                                            Login1$ctl27 System.Web.UI.WebControls.TableCell 449 0 0
                                                Login1$LoginLinkButton System.Web.UI.WebControls.LinkButton 0 0 0
                                                Login1$LoginImageButton System.Web.UI.WebControls.ImageButton 0 0 0
                                                Login1$LoginButton System.Web.UI.WebControls.Button 409 0 0
                                        Login1$ctl28 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 0 0 0
                                            Login1$ctl29 System.Web.UI.WebControls.TableCell 0 0 0
                                                Login1$ctl07 System.Web.UI.WebControls.Image 0 0 0
                                                Login1$CreateUserLink System.Web.UI.WebControls.HyperLink 0 0 0
                                                Login1$ctl30 System.Web.UI.LiteralControl 0 0 0
                                                Login1$ctl08 System.Web.UI.WebControls.Image 0 0 0
                                                Login1$PasswordRecoveryLink System.Web.UI.WebControls.HyperLink 0 0 0
                                                Login1$ctl31 System.Web.UI.LiteralControl 0 0 0
                                                Login1$ctl09 System.Web.UI.WebControls.Image 0 0 0
                                                Login1$HelpLink System.Web.UI.WebControls.HyperLink 0 0 0
                ctl07 System.Web.UI.LiteralControl 10 0 0
            ctl08 System.Web.UI.LiteralControl 6 0 0
        ctl09 System.Web.UI.LiteralControl 20 0 0

    Author Comment

    Ok... so I was able to create a simpler version of the same website.  So far, it's not happening on the new version.  I'm going to try to reproduce it.

    Author Comment

    OK... case closed.  I was able to reproduce it.  Its all in the web.config as far as I can tell;  The RoleManagementProvider was causing it.  When I removed the following code from the production site, the problem disappears:

    <roleManager enabled="true">
    <remove name="AspNetSqlRoleProvider"/>
    <add connectionStringName="ConnectionString" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

    Wierd.  Maybe a bug?

    Accepted Solution

    Closed, 500 points refunded.
    The Experts Exchange
    Community Support Moderator of all Ages

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
    Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now