Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

I need to protect session variable corruption when a user opens more than one instance of a web application

Hi,
I have a web app that uses Session variables to store user specific details between pages. Unfortunately if a single user starts an additional instance of the application in a new browser window this can result in unpredictable results. Suggestions appreciated. For example, is there a reliable way to detect if another instance of an ASP.Net application is already running?

Thanks
0
tjlm
Asked:
tjlm
  • 3
  • 3
1 Solution
 
tjlmAuthor Commented:
Any suggestions on how to detect another instance of the same web application?
0
 
Bob LearnedCommented:
If you need a separation between multiple sessions and Session variables, one possible solution is to use the Session ID as part of the variable name.
0
 
tjlmAuthor Commented:
Hi,
I think I am going to abandon session variables and impement the page parameter linkage via query strings. It is unfortunate that .Net provides a useful tool in session variables but does not make them entirely safe to use.

Thanks for the advice though, I may use it in the future.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Bob LearnedCommented:
They are safe for the context of a session, so I fail to recognize your hesitation.  Do you to expose the inner working of your site to your user through the browser address bar?
0
 
tjlmAuthor Commented:
Hi,

What I mean is that a session variable can be compromised if the same user opens another instance of the web app in another browser window. I have been unable to determine a "foolproof" means of preventing this. As you suggeted with your post there are ways to circumvent this by adding a unique suffix to each session variable key.
I also understand your hesitation regarding query string usage. In my case the app is run on an Intranet so security is not a primary concern.

Comments?

0
 
Bob LearnedCommented:
Intranet security is much different than Internet security, so its a go for launch.  *GRIN*.  I haven't had problems with Session variable cross contamination, but I do understand that the problem exists.  


0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now