I need to protect session variable corruption when a user opens more than one instance of a web application

I have a web app that uses Session variables to store user specific details between pages. Unfortunately if a single user starts an additional instance of the application in a new browser window this can result in unpredictable results. Suggestions appreciated. For example, is there a reliable way to detect if another instance of an ASP.Net application is already running?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tjlmAuthor Commented:
Any suggestions on how to detect another instance of the same web application?
Bob LearnedCommented:
If you need a separation between multiple sessions and Session variables, one possible solution is to use the Session ID as part of the variable name.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tjlmAuthor Commented:
I think I am going to abandon session variables and impement the page parameter linkage via query strings. It is unfortunate that .Net provides a useful tool in session variables but does not make them entirely safe to use.

Thanks for the advice though, I may use it in the future.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Bob LearnedCommented:
They are safe for the context of a session, so I fail to recognize your hesitation.  Do you to expose the inner working of your site to your user through the browser address bar?
tjlmAuthor Commented:

What I mean is that a session variable can be compromised if the same user opens another instance of the web app in another browser window. I have been unable to determine a "foolproof" means of preventing this. As you suggeted with your post there are ways to circumvent this by adding a unique suffix to each session variable key.
I also understand your hesitation regarding query string usage. In my case the app is run on an Intranet so security is not a primary concern.


Bob LearnedCommented:
Intranet security is much different than Internet security, so its a go for launch.  *GRIN*.  I haven't had problems with Session variable cross contamination, but I do understand that the problem exists.  

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.