Solved

Why won't IIS generate a SessionId in the ASPState database when the default page loads?

Posted on 2010-08-27
6
890 Views
Last Modified: 2012-06-27
At first I thought it wasn't storing SessionId's at all but it eventually does.  The default page merely has a user field and password field.  The moment the user clicks the Login Button the SessionId generates in the ASPState databse.  Furthermore if I open a new tab and log in it doesnt generate a new SessionId.  

On the C# end I caught the current SessionId after login and posted it to the user table so I can see what sessionId the user has and in fact both users have the same SessionId.

Any help would be appreciated.  Thank you...
0
Comment
Question by:chrisjmccrum
  • 3
  • 3
6 Comments
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33550591
Generally a session ID isn't created until it's required because of an event triggering it (like logging in) so it sounds like you are describing by design behavior
0
 

Author Comment

by:chrisjmccrum
ID: 33550727
After testing it more and more last night I came to the same conclusion but still the same problem.  I do not use LDAP or SQL Authentication (sql usernames) but rather validate against a table in the database to see if the username, roles and password match. I need a different SessionId for each user.  Right now I can open a browser window and login and a SessionId is issued. If close the window and reopen the browser and log in with a different user the new user has the same SessionId.  I'm not sure what to do being that I'm fairly new at this
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33551618
That sounds like a code problem.  Are you using ASP.NET?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:chrisjmccrum
ID: 33551647
Yes we are... So my assumption that SessionIds shouldn't be able to be reused by another user is correct?
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 500 total points
ID: 33553972
The only reason they would be reused is a mistake in your code.  Likely a static variable which is global to all users.

By any chance did you create your own authentication system instead of using Microsoft's 'Form Based Authentication'?  There are two ways to use (one includes using your own data source) and if you use it properly it works great with no chance of session reuse.
0
 

Author Closing Comment

by:chrisjmccrum
ID: 33984128
Looks like it was a mistake in the code.. Thanks for your help man
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now