Solved

Session Variable Lost - Back Button

Posted on 2013-12-17
7
862 Views
Last Modified: 2013-12-23
Hi

I have an ASP.Net website where users create an application and then proceed to a confirmation page and then a payment page.

This is all working fine but I have an issue when users click the back button on the payment page.

The confirmation page has a Submit button and this creates a record in the database and stores this in a session variable with the intention that if they click the back button on the payment page and then click submit again I can check this value and not create a new record.

However, when the user click the back button on the payment page the confirmation page is reloaded and the session variable is nothing.

This does not make sense to me as I though that the loading of pages from the local cache would not have any affect upon session variables that had been set.

Grateful for any advice regarding this.
0
Comment
Question by:BorisMatthews
  • 4
  • 3
7 Comments
 
LVL 27

Expert Comment

by:Chinmay Patel
ID: 39723824
Without looking at your code it will be difficult to provide you guidance. Kindly post your code.
0
 

Author Comment

by:BorisMatthews
ID: 39724002
Hi

OK, here is the code in the Confirm button.  This checks if there is a RaceEntryID Session variable set and if so does not create a new record in the database.  Then the code sets the variable before transferring top the payment confirmation page using server.transfer.

If, once on the Payment Confirmation page I click the back button the RaceEntryID session variable = nothing.

    Protected Sub cmdConfrim_Click(sender As Object, e As System.EventArgs) Handles cmdConfrim.Click

        Dim strConn As String
        Dim strSQL As String
        Dim intRaceEntryID As Integer
        Dim strOrderID As String

        'Refresh the values after postback
        _Title = Me.lbTitle.Text
        _FirstName = Me.lbFirstName.Text
        _LastName = Me.lbLastName.Text
        _FullName = Me.lbName.Text
        _Address1 = Me.lbAddress1.Text
        _Address2 = Me.lbAddress2.Text
        _Address3 = Me.lbAddress3.Text
        _PostTown = Me.lbPostTown.Text
        _PostCode = Me.lbPostCode.Text
        _CountryID = Me.lbCountryID.text
        _TelNumber = Me.lbTelNumber.Text
        _MobileNumber = Me.lbMobileNumber.Text
        _EmailAddress = Me.lbEmailAddress.Text
        _Gender = Me.lbGender.Text
        _DoB = CDate(Me.lbDoB.Text)
        _RaceTypeID = Me.lbRaceTypeID.Text
        _TeamEntry = Me.lbTeamEntry.Text
        _TeamName = Me.lbTeamName.Text
        _FirstMudMadness = Me.lbFirstMudMadness.Text
        _TShirtSizeID = Me.lbTShirtSizeID.Text
        _MarieCurieOptIn = Me.lbMarieCurieOptIn.Text
        _DonationValue = Me.lbDonationValue.Text
        _MedicalConditions = Me.lbMedicalConditions.Text
        _EmergencyContactName = Me.lbEmergencyContactName.Text
        _EmergencyContactNumber = Me.lbEmergencyContactNumber.Text
        _HowDidYouHear = Me.lbHowDidYouHear.Text

        _RaceFee = Me.lbRaceFee.Text
        _TotalValue = _RaceFee + _DonationValue

        'Create DB record and assign the RaceEntryID
        'If the user clicks the back button on the final payment form
        'Then we must ensure that they do not create a second record in the database
        If IsNothing(Session("RaceEntryID")) Then
            Try
                strConn = GetConnString()

                Using cnnDR = New OleDbConnection(strConn)
                    Using cmdDR = cnnDR.CreateCommand
                        cnnDR.Open()

                        'Insert race entry
                        strSQL = "INSERT INTO tblRaceEntries (RaceTypeID, Title, LastName, FirstName, Address1, Address2, Address3, PostTown, PostCode, CountryID, " _
                            & "TelNumber, MobileNumber, Gender, DoB, EntryFee, TeamEntry, TeamName, MarieCurieOptIn, DonationValue, GiftAid, " _
                            & "TCAccepted, EmailAddress, FirstMudMadness, TShirtSizeID, MedicalConditions, EmergencyContactName, EmergencyContactNumber, HowDidYouHear) " _
                            & "VALUES (" & _RaceTypeID & ", '" & _Title.Replace("'", "''") & "', '" & _LastName.Replace("'", "''") & "', '" & _FirstName.Replace("'", "''") _
                            & "', '" & _Address1.Replace("'", "''") & "', '" & _Address2.Replace("'", "''") & "', '" & _Address3.Replace("'", "''") _
                            & "', '" & _PostTown.Replace("'", "''") & "', '" & _PostCode.Replace("'", "''") & "', " & _CountryID & ", '" & _TelNumber.Replace("'", "''") _
                            & "', '" & _MobileNumber.Replace("'", "''") & "', '" & _Gender.Replace("'", "''") _
                            & "', '" & Format(_DoB, "yyyy/MM/dd") & "', " & _RaceFee & ", " & _TeamEntry & ", '" & _TeamName.Replace("'", "''") & "', " & _MarieCurieOptIn _
                            & ", " & _DonationValue & ", " & _GiftAid & ", True, '" & _EmailAddress.Replace("'", "''") & "', " & _FirstMudMadness & ", " & _TShirtSizeID _
                            & ", '" & _MedicalConditions & "', '" & _EmergencyContactName & "', '" & _EmergencyContactNumber & "', '" & _HowDidYouHear & "')"
                        cmdDR.CommandType = CommandType.Text
                        cmdDR.CommandText = strSQL
                        cmdDR.ExecuteNonQuery()

                        'get new race Entry ID
                        strSQL = "SELECT @@IDENTITY"
                        cmdDR.CommandText = strSQL
                        intRaceEntryID = cmdDR.ExecuteScalar()

                        strOrderID = "MM2014_" & CStr(intRaceEntryID)
                        _OrderID = strOrderID

                        'Update table with OrderID - This is then used to identify the record when returning from payment gateway
                        strSQL = "UPDATE tblRaceEntries SET OrderID = '" & strOrderID & "' WHERE RaceEntryID = " & intRaceEntryID
                        cmdDR.CommandText = strSQL
                        cmdDR.ExecuteNonQuery()
                    End Using

                End Using

            Catch ae As OleDbException
                intRaceEntryID = 0
                Throw
            End Try

        Else
            'In here if the user has hit back button and is clicking this button again
            intRaceEntryID = Session("RaceEntryID")
            strOrderID = "MM2014_" & CStr(intRaceEntryID)
            _OrderID = strOrderID
        End If

        'This will be set to 0 if there is an exception
        If intRaceEntryID <> 0 Then
            _RaceEntryID = intRaceEntryID
            Session("RaceEntryID") = intRaceEntryID
            Server.Transfer("~/EntryPayment.aspx")
        End If

    End Sub

Open in new window

0
 

Author Comment

by:BorisMatthews
ID: 39734655
Hi

No one got any idea on this?

I did winder if the fact that I am using server.transfer might be a cause?

Thanks
Andy
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 27

Expert Comment

by:Chinmay Patel
ID: 39735380
Yes. Try Response.Redirect. Any specific reason you resorted to Server.Transfer?
0
 

Author Comment

by:BorisMatthews
ID: 39735545
Hi

We looked at the various options for passing lots of form data from one page to another and decided on the Server.Transfer and PreviousPage option.

Ideally would not want to rework this now so was hoping for a solution that did not require such a change.

Is it a know issue/fact that Server.Transfer affects the Session variables as I have experienced?
0
 
LVL 27

Accepted Solution

by:
Chinmay Patel earned 500 total points
ID: 39735592
No. Server.Transfer should not destroy your session.

Just to cross check Session State is enabled on the entire site? and these two pages also right?
Also can you set EnableViewStateMac to false for both pages?
0
 

Author Comment

by:BorisMatthews
ID: 39735669
Hi

We had not explicitly set the sessionstate mode in web.config as we understood that the default was InProc in any case?

Have now set it and it does appear to be behaving.

Thanks
Andy
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now