chrisjmccrum
asked on
Why won't IIS generate a SessionId in the ASPState database when the default page loads?
At first I thought it wasn't storing SessionId's at all but it eventually does. The default page merely has a user field and password field. The moment the user clicks the Login Button the SessionId generates in the ASPState databse. Furthermore if I open a new tab and log in it doesnt generate a new SessionId.
On the C# end I caught the current SessionId after login and posted it to the user table so I can see what sessionId the user has and in fact both users have the same SessionId.
Any help would be appreciated. Thank you...
On the C# end I caught the current SessionId after login and posted it to the user table so I can see what sessionId the user has and in fact both users have the same SessionId.
Any help would be appreciated. Thank you...
Ted Bouskill
Generally a session ID isn't created until it's required because of an event triggering it (like logging in) so it sounds like you are describing by design behavior
ASKER
After testing it more and more last night I came to the same conclusion but still the same problem. I do not use LDAP or SQL Authentication (sql usernames) but rather validate against a table in the database to see if the username, roles and password match. I need a different SessionId for each user. Right now I can open a browser window and login and a SessionId is issued. If close the window and reopen the browser and log in with a different user the new user has the same SessionId. I'm not sure what to do being that I'm fairly new at this
That sounds like a code problem. Are you using ASP.NET?
ASKER
Yes we are... So my assumption that SessionIds shouldn't be able to be reused by another user is correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Looks like it was a mistake in the code.. Thanks for your help man