Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem with lossing session after redirect

Posted on 2006-07-11
5
Medium Priority
?
401 Views
Last Modified: 2012-05-05
I am in the process of completing a project and ran into a issue. The backend of the site allows the administrator to create and remove a simple website for the instructors who work for the company. Everything works well, except when you delete the instructors website it signs you out of the backend.
I am using a session to manage the userid and then it loops through a database which contains the allowed permissions by checking against a list of id numbers. I can find no area where it clears the session that would be called. I will try to post some code and would appreiciate any help that would be available:

Thanks in advance
CJSantora

Call to delete website:
            protected void cmdDelete_Click(object sender, System.EventArgs e)
            {

            // check for files and delete if they exist
            try
            {
                if (Directory.Exists(hidInstructorsPath.Text))
                {
                    Directory.Delete(hidInstructorsPath.Text, true);
                }
            }
            catch (Exception ex)
            {
                Response.Write("Error with deletion of folders " + ex.ToString());
            }

                  // update database
                  // assign values
                  string intuserid = lblUserid.Text.Trim();                  
                  string strwebaddress = "";
                  
                  SqlConnection oConn;
                  oConn = new SqlConnection(ConfigurationManager.AppSettings["connString"]);

                  string oString = "";

                  oString = "Update tbl_users Set webaddress = @webaddress Where userid = @userid ";

                  SqlCommand oCommand = new SqlCommand(oString,oConn);
                  oCommand.Parameters.Add(new SqlParameter("@userid", intuserid));
                  oCommand.Parameters.Add(new SqlParameter("@webaddress", strwebaddress));
                  
                  
                  try
                  {
                        oConn.Open();
                        int irecords = oCommand.ExecuteNonQuery();                        
                        lblUserMessage.Text = "You have successfully removed this users website.";
                        lblUserMessage.ForeColor = Color.Red;
                  }
                  catch(Exception ee)
                  {
                        bool bReturnLog = false;
                        ErrorLog.LogFilePath = "ErrorLogFile.txt";
                        bReturnLog  = ErrorLog.ErrorRoutine(false,ee);
                  }
                  finally
                  {
                        oConn.Close();
                        oConn.Dispose();                                                
                  }

             
                  Response.Redirect("~/admin/Default.aspx?load=user_list");      
            }


Check permissions:

public partial class _Default : System.Web.UI.Page
      {
      
            protected void Page_Load(object sender, System.EventArgs e)
            {

                  string load = "";
                  if( Session["userid"] == null )
                  {
                                                                 Response.Write("No Session");  //testing session
               

                        if( Request.QueryString["load"] == "reset" )
                        {
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/ResetPassword.ascx"));
                        }
                        else
                        {
                              notAuth();
                              loadPage(load);
                        }
                  }
                  else
                  {
                Response.Write(Session["userid"].ToString());


                        // set defaults                        
                        if( Request.QueryString["load"] != null )
                        {

                    Response.Write(Request.QueryString["load"].ToString());

                              chkPermissions(Convert.ToInt32(Session["userid"]));
                              load = Request.QueryString["load"];
                        }
                        loadPage(load);
                  }      

            }

            private void loadPage(string load)
            {

            //BodyCell.Controls.Clear();

                  // Handles loading of appropriate pages into main table
                  switch(load)
                  {
                        case("main"):
                        {
                              MenuCell.Controls.Add(LoadControl("~/includes/_private/adminMenu.ascx"));
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/adminMain.ascx"));
                              break;
                        }
                                       case("user_list"):
                        {            
                              MenuCell.Controls.Add(LoadControl("~/includes/_private/adminUserMenu.ascx"));
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/adminUserList.ascx"));
                              break;
                        }
                        case("user_edit"):
                        {
                              MenuCell.Controls.Add(LoadControl("~/includes/_private/adminUserMenu.ascx"));
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/adminUserEdit.ascx"));
                              break;
                        }
                        case("user_rights"):
                        {
                              MenuCell.Controls.Add(LoadControl("~/includes/_private/adminUserMenu.ascx"));
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/adminUserRights.ascx"));
                              break;
                        }
                        case("logout"):
                        {
                              notAuth();
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/login.ascx"));
                              break;
                        }
                        case "reset":
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/ResetPassword.ascx"));
                              break;
                        default:
                        {
                    BodyCell.Controls.Clear();
                              BodyCell.Controls.Add(LoadControl("~/includes/_private/login.ascx"));
                              break;
                        }

                  }
            }

            private void notAuth()
            {
                  Session["firstname"] = null;
                  Session["lastname"] = null;
                  Session["userid"] = null;                                                                                                      
                  Session["title"] = null;
                  Session["department"] = null;
                  Session["browserStatus"] = null;
            }

            private void chkPermissions(int uid)
            {
                  string req = "";
                  int reqid = 0;
                  string straction = "denied";

                  // capture Request.QueryString["load"]
                  if( Request.QueryString["load"] != null )
                  {
                        req = Request.QueryString["load"];
                  }
                  
                  // returns list of adminsections
                  foreach( DataRow dr in auth.Adminsections().Tables[0].Rows )
                  {
                        // matches the request to the database entry
                        //Response.Write(dr["shortname"].ToString() + " == " +  req  + "<br>");
                        if( dr["shortname"].ToString() == req )
                        {
                              reqid = Convert.ToInt32(dr["id"]);
                              Response.Write(reqid  + "<br>");
                              // returns a list of the users permissions
                              foreach( DataRow perm in auth.Permissions(uid).Tables[0].Rows )
                              {
                                    // assigns the list to an array
                                    string[] arr = perm["sectionid"].ToString().Split(new Char[]{','});
                                    foreach( string i in arr )
                                    {
                                          // matches the id in the array of permissions with the id of the requested section
                                          if( Convert.ToInt32(i) == reqid )
                                          {
                                                straction = "approved";
                                                break;
                                          }
                                    }
                              }
                        }
                  }

                  if( straction == "denied" )
                        Response.Redirect("~/admin/default.aspx?load=main&m=denied");
            }

            #region Web Form Designer generated code
            override protected void OnInit(EventArgs e)
            {
                  //
                  // CODEGEN: This call is required by the ASP.NET Web Form Designer.
                  //
                  InitializeComponent();
                  base.OnInit(e);
            }
            
            /// <summary>
            /// Required method for Designer support - do not modify
            /// the contents of this method with the code editor.
            /// </summary>
            private void InitializeComponent()
            {    

            }
            #endregion
      }
}



0
Comment
Question by:CJSantora
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:whatsit2002
ID: 17084222
CJSantora,

Is the directory that is being deleted in the same virtual directory as the application doing the deleting? If so, changing the folder structure within the application's virtual directory is probably causing the worker process to cycle. That would explain why you are loosing your sessions.

You can see the same results by changing the Web.config or recompiling and replacing the contents of the /bin folder.

Also, one more question: does everyone using the web app loose their session or just the user doing the deleting?

Jason
0
 

Author Comment

by:CJSantora
ID: 17085521
Hi Jason the only time the session is lost is after the deleting of the directory. Everything else is fine. And the folder structure is within the application. Is there a way round this?

CJSantora
0
 
LVL 7

Accepted Solution

by:
whatsit2002 earned 2000 total points
ID: 17085590
The only way around the "disappearing session" problem that I know of is to use an out of process state store. Your options include: IIS State Server, a Microsoft SQL Server, or rolling your own (yuck).

IIS State Server can run on the same server your app is running on and should preserve your sessions when the worker process recycles itself. I believe it is faster than the SQL Server option.

Jason
0
 

Author Comment

by:CJSantora
ID: 17085602
Thanks I will look into the IIS Server and let you know how it works.

CJsantora
0
 

Author Comment

by:CJSantora
ID: 17086137
Hi Jason, I appreciate your help, I battled with this for a while and thought it was in the code. But your suggestion worked perfectly, thanks again.

CJSantora
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary: Persistence is the capability of an application to store the state of objects and recover it when necessary. This article compares the two common types of serialization in aspects of data access, readability, and runtime cost. A ready-to…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question