tjlm
asked on
I need to protect session variable corruption when a user opens more than one instance of a web application
Hi,
I have a web app that uses Session variables to store user specific details between pages. Unfortunately if a single user starts an additional instance of the application in a new browser window this can result in unpredictable results. Suggestions appreciated. For example, is there a reliable way to detect if another instance of an ASP.Net application is already running?
Thanks
I have a web app that uses Session variables to store user specific details between pages. Unfortunately if a single user starts an additional instance of the application in a new browser window this can result in unpredictable results. Suggestions appreciated. For example, is there a reliable way to detect if another instance of an ASP.Net application is already running?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
I think I am going to abandon session variables and impement the page parameter linkage via query strings. It is unfortunate that .Net provides a useful tool in session variables but does not make them entirely safe to use.
Thanks for the advice though, I may use it in the future.
I think I am going to abandon session variables and impement the page parameter linkage via query strings. It is unfortunate that .Net provides a useful tool in session variables but does not make them entirely safe to use.
Thanks for the advice though, I may use it in the future.
They are safe for the context of a session, so I fail to recognize your hesitation. Do you to expose the inner working of your site to your user through the browser address bar?
ASKER
Hi,
What I mean is that a session variable can be compromised if the same user opens another instance of the web app in another browser window. I have been unable to determine a "foolproof" means of preventing this. As you suggeted with your post there are ways to circumvent this by adding a unique suffix to each session variable key.
I also understand your hesitation regarding query string usage. In my case the app is run on an Intranet so security is not a primary concern.
Comments?
What I mean is that a session variable can be compromised if the same user opens another instance of the web app in another browser window. I have been unable to determine a "foolproof" means of preventing this. As you suggeted with your post there are ways to circumvent this by adding a unique suffix to each session variable key.
I also understand your hesitation regarding query string usage. In my case the app is run on an Intranet so security is not a primary concern.
Comments?
Intranet security is much different than Internet security, so its a go for launch. *GRIN*. I haven't had problems with Session variable cross contamination, but I do understand that the problem exists.
ASKER