thrillingryan
asked on
ASP.NET 2.0 ViewState Persistence
Ugh. I have 2 pages: a login page and a report page. When user 1 logs in they see a treeView and a gridView that updates based on the node a user chooses in the treeView. Now, the problem is that when user 1 logs out and then user 2 logs in they get all of user 1's data in the 2 controls, even though the controls seem to be binding to user 2's data as expected. I'm having a tough time with this. I'm assuming this has something to do with the viewstate and/or HTTPContext, but I can't lick it and I'm in a real hurry to get this fixed.
Can we see how you are saving the data viewstate/http../session??
ASKER
Page Properties:
<%@ Page Language="C#" Async="true" EnableViewState="false" AutoEventWireup="true" CodeFile="InspectionReport s.aspx.cs"
Inherits="InspectionReport s" Trace="true" %>
TreeView Properties:
<asp:TreeView ID="TreeView1" runat="server" ImageSet="Arrows" Width="120px" EnableViewState="false"
OnSelectedNodeChanged="Tre eView1_Sel ectedNodeC hanged1" AutoGenerateDataBindings=" False" PopulateNodesFromClient="f alse" EnableClientScript="false" >
Page Load:
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
ViewState["ContactId"] = getContactId(); <--- I check this and its getting the correct value...
XmlDocument _xmlDoc = new XmlDocument();
XmlDataSource xds = new XmlDataSource();
_xmlDoc = ReportPermissionsCollectio n.ToXML(In t32.Parse( ViewState[ "ContactId "].ToStrin g()));
xds.Data = _xmlDoc.InnerXml; <--- this is getting the correct data, too!
TreeView1.DataSource = xds;
TreeView1.DataBind(); <---- Why am I getting the previous user's data here? ...Or am I?
ServiceName.Text = "Your newest reports:";
BindGrid(ReportConstraints Enum.OnlyN ew);
}
}
<%@ Page Language="C#" Async="true" EnableViewState="false" AutoEventWireup="true" CodeFile="InspectionReport
Inherits="InspectionReport
TreeView Properties:
<asp:TreeView ID="TreeView1" runat="server" ImageSet="Arrows" Width="120px" EnableViewState="false"
OnSelectedNodeChanged="Tre
Page Load:
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
ViewState["ContactId"] = getContactId(); <--- I check this and its getting the correct value...
XmlDocument _xmlDoc = new XmlDocument();
XmlDataSource xds = new XmlDataSource();
_xmlDoc = ReportPermissionsCollectio
xds.Data = _xmlDoc.InnerXml; <--- this is getting the correct data, too!
TreeView1.DataSource = xds;
TreeView1.DataBind(); <---- Why am I getting the previous user's data here? ...Or am I?
ServiceName.Text = "Your newest reports:";
BindGrid(ReportConstraints
}
}
ASKER
Also, from my web.config:
<sessionState mode="InProc" cookieName="WEBREPORTING" cookieless="UseCookies" ></sessionState>
<sessionState mode="InProc" cookieName="WEBREPORTING" cookieless="UseCookies" ></sessionState>
why dont you try doing this:
in the beginning of the page load..
treeview1.Nodes.Clear()
in the beginning of the page load..
treeview1.Nodes.Clear()
ASKER
Didn't work. So Wierd! Even if it did, then that would be just the treeview and I'd still have to deal with the gridview... plus it would be a hack and I need to figure out what the real problem is here. I guess I'm gonna have to educate myself on the state persistence behavior of these controls. If this wasn't tested before release, users would totally be getting other users data presented to them - a huge security problem. Using ASP.NET everything looks so cool and easy until you start really getting into things then to become so complicted. There's probably one little setting or a simple line of code I need to add, but it could be any number of things. ggrrr... so frustrated. Please, doesn't anyone have a clue?
ASKER
OK... So I enable tracing on the application level (in the web.config) and when I hit the logout link (while logged in as user 1), the section titled "ControlTree" still outputs data about the controls that were used after being logged in (see below). How can I clear the ControlTree state data?
Control UniqueID Type Render Size Bytes (including children) ViewState Size Bytes (excluding children) ControlState Size Bytes (excluding children)
__Page ASP.default_aspx 5300 0 0
ctl02 System.Web.UI.LiteralContr ol 175 0 0
ctl00 System.Web.UI.HtmlControls .HtmlHead 46 0 0
ctl01 System.Web.UI.HtmlControls .HtmlTitle 33 0 0
ctl03 System.Web.UI.LiteralContr ol 14 0 0
form1 System.Web.UI.HtmlControls .HtmlForm 5045 0 0
ctl04 System.Web.UI.LiteralContr ol 10 0 0
Panel1 System.Web.UI.WebControls. Panel 1962 0 0
ctl05 System.Web.UI.LiteralContr ol 15 0 0
ftcLogoImage System.Web.UI.WebControls. Image 95 0 0
ctl06 System.Web.UI.LiteralContr ol 20 0 0
Login1 System.Web.UI.WebControls. Login 1745 0 0
Login1$ctl00 System.Web.UI.WebControls. Login+Logi nContainer 1745 0 0
Login1$ctl01 System.Web.UI.WebControls. ChildTable 1745 0 0
Login1$ctl10 System.Web.UI.WebControls. TableRow 1554 0 0
Login1$ctl11 System.Web.UI.WebControls. TableCell 1537 0 0
Login1$ctl02 System.Web.UI.WebControls. Table 1525 0 0
Login1$ctl12 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 168 0 0
Login1$ctl13 System.Web.UI.WebControls. TableCell 147 0 0
Login1$ctl03 System.Web.UI.WebControls. Literal 27 0 0
Login1$ctl14 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 0 0 0
Login1$ctl15 System.Web.UI.WebControls. TableCell 0 0 0
Login1$ctl04 System.Web.UI.WebControls. Literal 0 0 0
Login1$ctl16 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 302 0 0
Login1$ctl17 System.Web.UI.WebControls. TableCell 75 0 0
Login1$ctl05 System.Web.UI.WebControls. LabelLiter al 47 0 0
Login1$ctl18 System.Web.UI.WebControls. TableCell 210 0 0
Login1$UserName System.Web.UI.WebControls. TextBox 90 0 0
Login1$UserNameRequired System.Web.UI.WebControls. RequiredFi eldValidat or 111 0 0
Login1$ctl19 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 304 0 0
Login1$ctl20 System.Web.UI.WebControls. TableCell 74 0 0
Login1$ctl06 System.Web.UI.WebControls. LabelLiter al 46 0 0
Login1$ctl21 System.Web.UI.WebControls. TableCell 213 0 0
Login1$Password System.Web.UI.WebControls. TextBox 94 0 0
Login1$PasswordRequired System.Web.UI.WebControls. RequiredFi eldValidat or 110 0 0
Login1$ctl22 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 177 0 0
Login1$ctl23 System.Web.UI.WebControls. TableCell 160 0 0
Login1$RememberMe System.Web.UI.WebControls. CheckBox 134 0 0
Login1$ctl24 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 0 0 0
Login1$ctl25 System.Web.UI.WebControls. TableCell 0 0 0
Login1$FailureText System.Web.UI.WebControls. Literal 0 0 0
Login1$ctl26 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 466 0 0
Login1$ctl27 System.Web.UI.WebControls. TableCell 449 0 0
Login1$LoginLinkButton System.Web.UI.WebControls. LinkButton 0 0 0
Login1$LoginImageButton System.Web.UI.WebControls. ImageButto n 0 0 0
Login1$LoginButton System.Web.UI.WebControls. Button 409 0 0
Login1$ctl28 System.Web.UI.WebControls. LoginUtil+ Disappeari ngTableRow 0 0 0
Login1$ctl29 System.Web.UI.WebControls. TableCell 0 0 0
Login1$ctl07 System.Web.UI.WebControls. Image 0 0 0
Login1$CreateUserLink System.Web.UI.WebControls. HyperLink 0 0 0
Login1$ctl30 System.Web.UI.LiteralContr ol 0 0 0
Login1$ctl08 System.Web.UI.WebControls. Image 0 0 0
Login1$PasswordRecoveryLin k System.Web.UI.WebControls. HyperLink 0 0 0
Login1$ctl31 System.Web.UI.LiteralContr ol 0 0 0
Login1$ctl09 System.Web.UI.WebControls. Image 0 0 0
Login1$HelpLink System.Web.UI.WebControls. HyperLink 0 0 0
ctl07 System.Web.UI.LiteralContr ol 10 0 0
ctl08 System.Web.UI.LiteralContr ol 6 0 0
ctl09 System.Web.UI.LiteralContr ol 20 0 0
Control UniqueID Type Render Size Bytes (including children) ViewState Size Bytes (excluding children) ControlState Size Bytes (excluding children)
__Page ASP.default_aspx 5300 0 0
ctl02 System.Web.UI.LiteralContr
ctl00 System.Web.UI.HtmlControls
ctl01 System.Web.UI.HtmlControls
ctl03 System.Web.UI.LiteralContr
form1 System.Web.UI.HtmlControls
ctl04 System.Web.UI.LiteralContr
Panel1 System.Web.UI.WebControls.
ctl05 System.Web.UI.LiteralContr
ftcLogoImage System.Web.UI.WebControls.
ctl06 System.Web.UI.LiteralContr
Login1 System.Web.UI.WebControls.
Login1$ctl00 System.Web.UI.WebControls.
Login1$ctl01 System.Web.UI.WebControls.
Login1$ctl10 System.Web.UI.WebControls.
Login1$ctl11 System.Web.UI.WebControls.
Login1$ctl02 System.Web.UI.WebControls.
Login1$ctl12 System.Web.UI.WebControls.
Login1$ctl13 System.Web.UI.WebControls.
Login1$ctl03 System.Web.UI.WebControls.
Login1$ctl14 System.Web.UI.WebControls.
Login1$ctl15 System.Web.UI.WebControls.
Login1$ctl04 System.Web.UI.WebControls.
Login1$ctl16 System.Web.UI.WebControls.
Login1$ctl17 System.Web.UI.WebControls.
Login1$ctl05 System.Web.UI.WebControls.
Login1$ctl18 System.Web.UI.WebControls.
Login1$UserName System.Web.UI.WebControls.
Login1$UserNameRequired System.Web.UI.WebControls.
Login1$ctl19 System.Web.UI.WebControls.
Login1$ctl20 System.Web.UI.WebControls.
Login1$ctl06 System.Web.UI.WebControls.
Login1$ctl21 System.Web.UI.WebControls.
Login1$Password System.Web.UI.WebControls.
Login1$PasswordRequired System.Web.UI.WebControls.
Login1$ctl22 System.Web.UI.WebControls.
Login1$ctl23 System.Web.UI.WebControls.
Login1$RememberMe System.Web.UI.WebControls.
Login1$ctl24 System.Web.UI.WebControls.
Login1$ctl25 System.Web.UI.WebControls.
Login1$FailureText System.Web.UI.WebControls.
Login1$ctl26 System.Web.UI.WebControls.
Login1$ctl27 System.Web.UI.WebControls.
Login1$LoginLinkButton System.Web.UI.WebControls.
Login1$LoginImageButton System.Web.UI.WebControls.
Login1$LoginButton System.Web.UI.WebControls.
Login1$ctl28 System.Web.UI.WebControls.
Login1$ctl29 System.Web.UI.WebControls.
Login1$ctl07 System.Web.UI.WebControls.
Login1$CreateUserLink System.Web.UI.WebControls.
Login1$ctl30 System.Web.UI.LiteralContr
Login1$ctl08 System.Web.UI.WebControls.
Login1$PasswordRecoveryLin
Login1$ctl31 System.Web.UI.LiteralContr
Login1$ctl09 System.Web.UI.WebControls.
Login1$HelpLink System.Web.UI.WebControls.
ctl07 System.Web.UI.LiteralContr
ctl08 System.Web.UI.LiteralContr
ctl09 System.Web.UI.LiteralContr
ASKER
Ok... so I was able to create a simpler version of the same website. So far, it's not happening on the new version. I'm going to try to reproduce it.
ASKER
OK... case closed. I was able to reproduce it. Its all in the web.config as far as I can tell; The RoleManagementProvider was causing it. When I removed the following code from the production site, the problem disappears:
<roleManager enabled="true">
<providers>
<remove name="AspNetSqlRoleProvide r"/>
<add connectionStringName="Conn ectionStri ng" applicationName="/" name="AspNetSqlRoleProvide r" type="System.Web.Security. SqlRolePro vider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a"/>
</providers>
</roleManager>
Wierd. Maybe a bug?
<roleManager enabled="true">
<providers>
<remove name="AspNetSqlRoleProvide
<add connectionStringName="Conn
</providers>
</roleManager>
Wierd. Maybe a bug?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.