Why won't IIS generate a SessionId in the ASPState database when the default page loads?

Posted on 2010-08-27
Last Modified: 2012-06-27
At first I thought it wasn't storing SessionId's at all but it eventually does.  The default page merely has a user field and password field.  The moment the user clicks the Login Button the SessionId generates in the ASPState databse.  Furthermore if I open a new tab and log in it doesnt generate a new SessionId.  

On the C# end I caught the current SessionId after login and posted it to the user table so I can see what sessionId the user has and in fact both users have the same SessionId.

Any help would be appreciated.  Thank you...
Question by:chrisjmccrum
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33550591
Generally a session ID isn't created until it's required because of an event triggering it (like logging in) so it sounds like you are describing by design behavior

Author Comment

ID: 33550727
After testing it more and more last night I came to the same conclusion but still the same problem.  I do not use LDAP or SQL Authentication (sql usernames) but rather validate against a table in the database to see if the username, roles and password match. I need a different SessionId for each user.  Right now I can open a browser window and login and a SessionId is issued. If close the window and reopen the browser and log in with a different user the new user has the same SessionId.  I'm not sure what to do being that I'm fairly new at this
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33551618
That sounds like a code problem.  Are you using ASP.NET?
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

ID: 33551647
Yes we are... So my assumption that SessionIds shouldn't be able to be reused by another user is correct?
LVL 51

Accepted Solution

Ted Bouskill earned 500 total points
ID: 33553972
The only reason they would be reused is a mistake in your code.  Likely a static variable which is global to all users.

By any chance did you create your own authentication system instead of using Microsoft's 'Form Based Authentication'?  There are two ways to use (one includes using your own data source) and if you use it properly it works great with no chance of session reuse.

Author Closing Comment

ID: 33984128
Looks like it was a mistake in the code.. Thanks for your help man

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below.…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question