?
Solved

Why won't IIS generate a SessionId in the ASPState database when the default page loads?

Posted on 2010-08-27
6
Medium Priority
?
931 Views
Last Modified: 2012-06-27
At first I thought it wasn't storing SessionId's at all but it eventually does.  The default page merely has a user field and password field.  The moment the user clicks the Login Button the SessionId generates in the ASPState databse.  Furthermore if I open a new tab and log in it doesnt generate a new SessionId.  

On the C# end I caught the current SessionId after login and posted it to the user table so I can see what sessionId the user has and in fact both users have the same SessionId.

Any help would be appreciated.  Thank you...
0
Comment
Question by:chrisjmccrum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33550591
Generally a session ID isn't created until it's required because of an event triggering it (like logging in) so it sounds like you are describing by design behavior
0
 

Author Comment

by:chrisjmccrum
ID: 33550727
After testing it more and more last night I came to the same conclusion but still the same problem.  I do not use LDAP or SQL Authentication (sql usernames) but rather validate against a table in the database to see if the username, roles and password match. I need a different SessionId for each user.  Right now I can open a browser window and login and a SessionId is issued. If close the window and reopen the browser and log in with a different user the new user has the same SessionId.  I'm not sure what to do being that I'm fairly new at this
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33551618
That sounds like a code problem.  Are you using ASP.NET?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:chrisjmccrum
ID: 33551647
Yes we are... So my assumption that SessionIds shouldn't be able to be reused by another user is correct?
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 2000 total points
ID: 33553972
The only reason they would be reused is a mistake in your code.  Likely a static variable which is global to all users.

By any chance did you create your own authentication system instead of using Microsoft's 'Form Based Authentication'?  There are two ways to use (one includes using your own data source) and if you use it properly it works great with no chance of session reuse.
0
 

Author Closing Comment

by:chrisjmccrum
ID: 33984128
Looks like it was a mistake in the code.. Thanks for your help man
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question