Solved

Session Variable Lost - Back Button

Posted on 2013-12-17
7
879 Views
Last Modified: 2013-12-23
Hi

I have an ASP.Net website where users create an application and then proceed to a confirmation page and then a payment page.

This is all working fine but I have an issue when users click the back button on the payment page.

The confirmation page has a Submit button and this creates a record in the database and stores this in a session variable with the intention that if they click the back button on the payment page and then click submit again I can check this value and not create a new record.

However, when the user click the back button on the payment page the confirmation page is reloaded and the session variable is nothing.

This does not make sense to me as I though that the loading of pages from the local cache would not have any affect upon session variables that had been set.

Grateful for any advice regarding this.
0
Comment
Question by:BorisMatthews
  • 4
  • 3
7 Comments
 
LVL 27

Expert Comment

by:Chinmay Patel
ID: 39723824
Without looking at your code it will be difficult to provide you guidance. Kindly post your code.
0
 

Author Comment

by:BorisMatthews
ID: 39724002
Hi

OK, here is the code in the Confirm button.  This checks if there is a RaceEntryID Session variable set and if so does not create a new record in the database.  Then the code sets the variable before transferring top the payment confirmation page using server.transfer.

If, once on the Payment Confirmation page I click the back button the RaceEntryID session variable = nothing.

    Protected Sub cmdConfrim_Click(sender As Object, e As System.EventArgs) Handles cmdConfrim.Click

        Dim strConn As String
        Dim strSQL As String
        Dim intRaceEntryID As Integer
        Dim strOrderID As String

        'Refresh the values after postback
        _Title = Me.lbTitle.Text
        _FirstName = Me.lbFirstName.Text
        _LastName = Me.lbLastName.Text
        _FullName = Me.lbName.Text
        _Address1 = Me.lbAddress1.Text
        _Address2 = Me.lbAddress2.Text
        _Address3 = Me.lbAddress3.Text
        _PostTown = Me.lbPostTown.Text
        _PostCode = Me.lbPostCode.Text
        _CountryID = Me.lbCountryID.text
        _TelNumber = Me.lbTelNumber.Text
        _MobileNumber = Me.lbMobileNumber.Text
        _EmailAddress = Me.lbEmailAddress.Text
        _Gender = Me.lbGender.Text
        _DoB = CDate(Me.lbDoB.Text)
        _RaceTypeID = Me.lbRaceTypeID.Text
        _TeamEntry = Me.lbTeamEntry.Text
        _TeamName = Me.lbTeamName.Text
        _FirstMudMadness = Me.lbFirstMudMadness.Text
        _TShirtSizeID = Me.lbTShirtSizeID.Text
        _MarieCurieOptIn = Me.lbMarieCurieOptIn.Text
        _DonationValue = Me.lbDonationValue.Text
        _MedicalConditions = Me.lbMedicalConditions.Text
        _EmergencyContactName = Me.lbEmergencyContactName.Text
        _EmergencyContactNumber = Me.lbEmergencyContactNumber.Text
        _HowDidYouHear = Me.lbHowDidYouHear.Text

        _RaceFee = Me.lbRaceFee.Text
        _TotalValue = _RaceFee + _DonationValue

        'Create DB record and assign the RaceEntryID
        'If the user clicks the back button on the final payment form
        'Then we must ensure that they do not create a second record in the database
        If IsNothing(Session("RaceEntryID")) Then
            Try
                strConn = GetConnString()

                Using cnnDR = New OleDbConnection(strConn)
                    Using cmdDR = cnnDR.CreateCommand
                        cnnDR.Open()

                        'Insert race entry
                        strSQL = "INSERT INTO tblRaceEntries (RaceTypeID, Title, LastName, FirstName, Address1, Address2, Address3, PostTown, PostCode, CountryID, " _
                            & "TelNumber, MobileNumber, Gender, DoB, EntryFee, TeamEntry, TeamName, MarieCurieOptIn, DonationValue, GiftAid, " _
                            & "TCAccepted, EmailAddress, FirstMudMadness, TShirtSizeID, MedicalConditions, EmergencyContactName, EmergencyContactNumber, HowDidYouHear) " _
                            & "VALUES (" & _RaceTypeID & ", '" & _Title.Replace("'", "''") & "', '" & _LastName.Replace("'", "''") & "', '" & _FirstName.Replace("'", "''") _
                            & "', '" & _Address1.Replace("'", "''") & "', '" & _Address2.Replace("'", "''") & "', '" & _Address3.Replace("'", "''") _
                            & "', '" & _PostTown.Replace("'", "''") & "', '" & _PostCode.Replace("'", "''") & "', " & _CountryID & ", '" & _TelNumber.Replace("'", "''") _
                            & "', '" & _MobileNumber.Replace("'", "''") & "', '" & _Gender.Replace("'", "''") _
                            & "', '" & Format(_DoB, "yyyy/MM/dd") & "', " & _RaceFee & ", " & _TeamEntry & ", '" & _TeamName.Replace("'", "''") & "', " & _MarieCurieOptIn _
                            & ", " & _DonationValue & ", " & _GiftAid & ", True, '" & _EmailAddress.Replace("'", "''") & "', " & _FirstMudMadness & ", " & _TShirtSizeID _
                            & ", '" & _MedicalConditions & "', '" & _EmergencyContactName & "', '" & _EmergencyContactNumber & "', '" & _HowDidYouHear & "')"
                        cmdDR.CommandType = CommandType.Text
                        cmdDR.CommandText = strSQL
                        cmdDR.ExecuteNonQuery()

                        'get new race Entry ID
                        strSQL = "SELECT @@IDENTITY"
                        cmdDR.CommandText = strSQL
                        intRaceEntryID = cmdDR.ExecuteScalar()

                        strOrderID = "MM2014_" & CStr(intRaceEntryID)
                        _OrderID = strOrderID

                        'Update table with OrderID - This is then used to identify the record when returning from payment gateway
                        strSQL = "UPDATE tblRaceEntries SET OrderID = '" & strOrderID & "' WHERE RaceEntryID = " & intRaceEntryID
                        cmdDR.CommandText = strSQL
                        cmdDR.ExecuteNonQuery()
                    End Using

                End Using

            Catch ae As OleDbException
                intRaceEntryID = 0
                Throw
            End Try

        Else
            'In here if the user has hit back button and is clicking this button again
            intRaceEntryID = Session("RaceEntryID")
            strOrderID = "MM2014_" & CStr(intRaceEntryID)
            _OrderID = strOrderID
        End If

        'This will be set to 0 if there is an exception
        If intRaceEntryID <> 0 Then
            _RaceEntryID = intRaceEntryID
            Session("RaceEntryID") = intRaceEntryID
            Server.Transfer("~/EntryPayment.aspx")
        End If

    End Sub

Open in new window

0
 

Author Comment

by:BorisMatthews
ID: 39734655
Hi

No one got any idea on this?

I did winder if the fact that I am using server.transfer might be a cause?

Thanks
Andy
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 27

Expert Comment

by:Chinmay Patel
ID: 39735380
Yes. Try Response.Redirect. Any specific reason you resorted to Server.Transfer?
0
 

Author Comment

by:BorisMatthews
ID: 39735545
Hi

We looked at the various options for passing lots of form data from one page to another and decided on the Server.Transfer and PreviousPage option.

Ideally would not want to rework this now so was hoping for a solution that did not require such a change.

Is it a know issue/fact that Server.Transfer affects the Session variables as I have experienced?
0
 
LVL 27

Accepted Solution

by:
Chinmay Patel earned 500 total points
ID: 39735592
No. Server.Transfer should not destroy your session.

Just to cross check Session State is enabled on the entire site? and these two pages also right?
Also can you set EnableViewStateMac to false for both pages?
0
 

Author Comment

by:BorisMatthews
ID: 39735669
Hi

We had not explicitly set the sessionstate mode in web.config as we understood that the default was InProc in any case?

Have now set it and it does appear to be behaving.

Thanks
Andy
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AJAX ModalPopupExtender has a required property "TargetControlID" which may seem to be very confusing to new users. It means the server control that will be extended by the ModalPopup, for instance, if when you click a button, a ModalPopup displays,…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now