Link to home
Create AccountLog in
Avatar of thrillingryan
thrillingryan

asked on

ASP.NET 2.0 ViewState Persistence

Ugh.  I have 2 pages:  a login page and a report page.  When user 1 logs in they see a treeView and a gridView that updates based on the node a user chooses in the treeView.  Now, the problem is that when user 1 logs out and then user 2 logs in they get all of user 1's data in the 2 controls, even though the controls seem to be binding to user 2's data as expected.  I'm having a tough time with this.  I'm assuming this has something to do with the viewstate and/or HTTPContext, but I can't lick it and I'm in a real hurry to get this fixed.  
Avatar of Raju Srivatsavaye
Raju Srivatsavaye
Flag of United States of America image

Can we see how you are saving the data viewstate/http../session??
Avatar of thrillingryan
thrillingryan

ASKER

Page Properties:
<%@ Page Language="C#" Async="true" EnableViewState="false" AutoEventWireup="true" CodeFile="InspectionReports.aspx.cs"
    Inherits="InspectionReports" Trace="true" %>

TreeView Properties:
            <asp:TreeView ID="TreeView1" runat="server" ImageSet="Arrows" Width="120px" EnableViewState="false"
                OnSelectedNodeChanged="TreeView1_SelectedNodeChanged1"   AutoGenerateDataBindings="False" PopulateNodesFromClient="false" EnableClientScript="false">


Page Load:
      protected void Page_Load(object sender, EventArgs e)
      {
            if (!IsPostBack)
            {
                  
                  ViewState["ContactId"] = getContactId();  <---  I check this and its getting the correct value...
                  XmlDocument _xmlDoc = new XmlDocument();
                  XmlDataSource xds = new XmlDataSource();
                  _xmlDoc = ReportPermissionsCollection.ToXML(Int32.Parse(ViewState["ContactId"].ToString()));

                  xds.Data = _xmlDoc.InnerXml; <--- this is getting the correct data, too!
                  TreeView1.DataSource = xds;
                  TreeView1.DataBind();  <----  Why am I getting the previous user's data here?  ...Or am I?

                  ServiceName.Text = "Your newest reports:";
      
                  BindGrid(ReportConstraintsEnum.OnlyNew);
            }
      }
Also, from my web.config:

<sessionState mode="InProc" cookieName="WEBREPORTING" cookieless="UseCookies" ></sessionState>
why dont you try doing this:

in the beginning of the page load..
treeview1.Nodes.Clear()
Didn't work.  So Wierd! Even if it did, then that would be just the treeview and I'd still have to deal with the gridview... plus it would be a hack and I need to figure out what the real problem is here. I guess I'm gonna have to educate myself on the state persistence behavior of these controls.  If this wasn't tested before release, users would totally be getting other users data presented to them - a huge security problem.  Using ASP.NET everything looks so cool and easy until you start really getting into things then to become so complicted.  There's probably one little setting or a simple line of code I need to add, but it could be any number of things. ggrrr...  so frustrated.  Please, doesn't anyone have a clue?


OK... So I enable tracing on the application level (in the web.config) and when I hit the logout link (while logged in as user 1), the section titled "ControlTree" still outputs data about the controls that were used after being logged in (see below).  How can I clear the ControlTree state data?


Control UniqueID Type Render Size Bytes (including children) ViewState Size Bytes (excluding children) ControlState Size Bytes (excluding children)
__Page ASP.default_aspx 5300 0 0
    ctl02 System.Web.UI.LiteralControl 175 0 0
    ctl00 System.Web.UI.HtmlControls.HtmlHead 46 0 0
        ctl01 System.Web.UI.HtmlControls.HtmlTitle 33 0 0
    ctl03 System.Web.UI.LiteralControl 14 0 0
    form1 System.Web.UI.HtmlControls.HtmlForm 5045 0 0
        ctl04 System.Web.UI.LiteralControl 10 0 0
        Panel1 System.Web.UI.WebControls.Panel 1962 0 0
            ctl05 System.Web.UI.LiteralControl 15 0 0
            ftcLogoImage System.Web.UI.WebControls.Image 95 0 0
            ctl06 System.Web.UI.LiteralControl 20 0 0
            Login1 System.Web.UI.WebControls.Login 1745 0 0
                Login1$ctl00 System.Web.UI.WebControls.Login+LoginContainer 1745 0 0
                    Login1$ctl01 System.Web.UI.WebControls.ChildTable 1745 0 0
                        Login1$ctl10 System.Web.UI.WebControls.TableRow 1554 0 0
                            Login1$ctl11 System.Web.UI.WebControls.TableCell 1537 0 0
                                Login1$ctl02 System.Web.UI.WebControls.Table 1525 0 0
                                    Login1$ctl12 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 168 0 0
                                        Login1$ctl13 System.Web.UI.WebControls.TableCell 147 0 0
                                            Login1$ctl03 System.Web.UI.WebControls.Literal 27 0 0
                                    Login1$ctl14 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 0 0 0
                                        Login1$ctl15 System.Web.UI.WebControls.TableCell 0 0 0
                                            Login1$ctl04 System.Web.UI.WebControls.Literal 0 0 0
                                    Login1$ctl16 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 302 0 0
                                        Login1$ctl17 System.Web.UI.WebControls.TableCell 75 0 0
                                            Login1$ctl05 System.Web.UI.WebControls.LabelLiteral 47 0 0
                                        Login1$ctl18 System.Web.UI.WebControls.TableCell 210 0 0
                                            Login1$UserName System.Web.UI.WebControls.TextBox 90 0 0
                                            Login1$UserNameRequired System.Web.UI.WebControls.RequiredFieldValidator 111 0 0
                                    Login1$ctl19 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 304 0 0
                                        Login1$ctl20 System.Web.UI.WebControls.TableCell 74 0 0
                                            Login1$ctl06 System.Web.UI.WebControls.LabelLiteral 46 0 0
                                        Login1$ctl21 System.Web.UI.WebControls.TableCell 213 0 0
                                            Login1$Password System.Web.UI.WebControls.TextBox 94 0 0
                                            Login1$PasswordRequired System.Web.UI.WebControls.RequiredFieldValidator 110 0 0
                                    Login1$ctl22 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 177 0 0
                                        Login1$ctl23 System.Web.UI.WebControls.TableCell 160 0 0
                                            Login1$RememberMe System.Web.UI.WebControls.CheckBox 134 0 0
                                    Login1$ctl24 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 0 0 0
                                        Login1$ctl25 System.Web.UI.WebControls.TableCell 0 0 0
                                            Login1$FailureText System.Web.UI.WebControls.Literal 0 0 0
                                    Login1$ctl26 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 466 0 0
                                        Login1$ctl27 System.Web.UI.WebControls.TableCell 449 0 0
                                            Login1$LoginLinkButton System.Web.UI.WebControls.LinkButton 0 0 0
                                            Login1$LoginImageButton System.Web.UI.WebControls.ImageButton 0 0 0
                                            Login1$LoginButton System.Web.UI.WebControls.Button 409 0 0
                                    Login1$ctl28 System.Web.UI.WebControls.LoginUtil+DisappearingTableRow 0 0 0
                                        Login1$ctl29 System.Web.UI.WebControls.TableCell 0 0 0
                                            Login1$ctl07 System.Web.UI.WebControls.Image 0 0 0
                                            Login1$CreateUserLink System.Web.UI.WebControls.HyperLink 0 0 0
                                            Login1$ctl30 System.Web.UI.LiteralControl 0 0 0
                                            Login1$ctl08 System.Web.UI.WebControls.Image 0 0 0
                                            Login1$PasswordRecoveryLink System.Web.UI.WebControls.HyperLink 0 0 0
                                            Login1$ctl31 System.Web.UI.LiteralControl 0 0 0
                                            Login1$ctl09 System.Web.UI.WebControls.Image 0 0 0
                                            Login1$HelpLink System.Web.UI.WebControls.HyperLink 0 0 0
            ctl07 System.Web.UI.LiteralControl 10 0 0
        ctl08 System.Web.UI.LiteralControl 6 0 0
    ctl09 System.Web.UI.LiteralControl 20 0 0
Ok... so I was able to create a simpler version of the same website.  So far, it's not happening on the new version.  I'm going to try to reproduce it.
OK... case closed.  I was able to reproduce it.  Its all in the web.config as far as I can tell;  The RoleManagementProvider was causing it.  When I removed the following code from the production site, the problem disappears:

<roleManager enabled="true">
<providers>
<remove name="AspNetSqlRoleProvider"/>
<add connectionStringName="ConnectionString" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>

Wierd.  Maybe a bug?
ASKER CERTIFIED SOLUTION
Avatar of GranMod
GranMod

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer