Why won't IIS generate a SessionId in the ASPState database when the default page loads?

Posted on 2010-08-27
Last Modified: 2012-06-27
At first I thought it wasn't storing SessionId's at all but it eventually does.  The default page merely has a user field and password field.  The moment the user clicks the Login Button the SessionId generates in the ASPState databse.  Furthermore if I open a new tab and log in it doesnt generate a new SessionId.  

On the C# end I caught the current SessionId after login and posted it to the user table so I can see what sessionId the user has and in fact both users have the same SessionId.

Any help would be appreciated.  Thank you...
Question by:chrisjmccrum
  • 3
  • 3
LVL 51

Expert Comment

ID: 33550591
Generally a session ID isn't created until it's required because of an event triggering it (like logging in) so it sounds like you are describing by design behavior

Author Comment

ID: 33550727
After testing it more and more last night I came to the same conclusion but still the same problem.  I do not use LDAP or SQL Authentication (sql usernames) but rather validate against a table in the database to see if the username, roles and password match. I need a different SessionId for each user.  Right now I can open a browser window and login and a SessionId is issued. If close the window and reopen the browser and log in with a different user the new user has the same SessionId.  I'm not sure what to do being that I'm fairly new at this
LVL 51

Expert Comment

ID: 33551618
That sounds like a code problem.  Are you using ASP.NET?
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!


Author Comment

ID: 33551647
Yes we are... So my assumption that SessionIds shouldn't be able to be reused by another user is correct?
LVL 51

Accepted Solution

tedbilly earned 500 total points
ID: 33553972
The only reason they would be reused is a mistake in your code.  Likely a static variable which is global to all users.

By any chance did you create your own authentication system instead of using Microsoft's 'Form Based Authentication'?  There are two ways to use (one includes using your own data source) and if you use it properly it works great with no chance of session reuse.

Author Closing Comment

ID: 33984128
Looks like it was a mistake in the code.. Thanks for your help man

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now