Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Why won't IIS generate a SessionId in the ASPState database when the default page loads?

Posted on 2010-08-27
Last Modified: 2012-06-27
At first I thought it wasn't storing SessionId's at all but it eventually does.  The default page merely has a user field and password field.  The moment the user clicks the Login Button the SessionId generates in the ASPState databse.  Furthermore if I open a new tab and log in it doesnt generate a new SessionId.  

On the C# end I caught the current SessionId after login and posted it to the user table so I can see what sessionId the user has and in fact both users have the same SessionId.

Any help would be appreciated.  Thank you...
Question by:chrisjmccrum
  • 3
  • 3
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33550591
Generally a session ID isn't created until it's required because of an event triggering it (like logging in) so it sounds like you are describing by design behavior

Author Comment

ID: 33550727
After testing it more and more last night I came to the same conclusion but still the same problem.  I do not use LDAP or SQL Authentication (sql usernames) but rather validate against a table in the database to see if the username, roles and password match. I need a different SessionId for each user.  Right now I can open a browser window and login and a SessionId is issued. If close the window and reopen the browser and log in with a different user the new user has the same SessionId.  I'm not sure what to do being that I'm fairly new at this
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33551618
That sounds like a code problem.  Are you using ASP.NET?
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 33551647
Yes we are... So my assumption that SessionIds shouldn't be able to be reused by another user is correct?
LVL 51

Accepted Solution

Ted Bouskill earned 500 total points
ID: 33553972
The only reason they would be reused is a mistake in your code.  Likely a static variable which is global to all users.

By any chance did you create your own authentication system instead of using Microsoft's 'Form Based Authentication'?  There are two ways to use (one includes using your own data source) and if you use it properly it works great with no chance of session reuse.

Author Closing Comment

ID: 33984128
Looks like it was a mistake in the code.. Thanks for your help man

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question