Session Variable Lost - Back Button

Hi

I have an ASP.Net website where users create an application and then proceed to a confirmation page and then a payment page.

This is all working fine but I have an issue when users click the back button on the payment page.

The confirmation page has a Submit button and this creates a record in the database and stores this in a session variable with the intention that if they click the back button on the payment page and then click submit again I can check this value and not create a new record.

However, when the user click the back button on the payment page the confirmation page is reloaded and the session variable is nothing.

This does not make sense to me as I though that the loading of pages from the local cache would not have any affect upon session variables that had been set.

Grateful for any advice regarding this.
BorisMatthewsAsked:
Who is Participating?
 
Chinmay PatelConnect With a Mentor Enterprise ArchitectCommented:
No. Server.Transfer should not destroy your session.

Just to cross check Session State is enabled on the entire site? and these two pages also right?
Also can you set EnableViewStateMac to false for both pages?
0
 
Chinmay PatelEnterprise ArchitectCommented:
Without looking at your code it will be difficult to provide you guidance. Kindly post your code.
0
 
BorisMatthewsAuthor Commented:
Hi

OK, here is the code in the Confirm button.  This checks if there is a RaceEntryID Session variable set and if so does not create a new record in the database.  Then the code sets the variable before transferring top the payment confirmation page using server.transfer.

If, once on the Payment Confirmation page I click the back button the RaceEntryID session variable = nothing.

    Protected Sub cmdConfrim_Click(sender As Object, e As System.EventArgs) Handles cmdConfrim.Click

        Dim strConn As String
        Dim strSQL As String
        Dim intRaceEntryID As Integer
        Dim strOrderID As String

        'Refresh the values after postback
        _Title = Me.lbTitle.Text
        _FirstName = Me.lbFirstName.Text
        _LastName = Me.lbLastName.Text
        _FullName = Me.lbName.Text
        _Address1 = Me.lbAddress1.Text
        _Address2 = Me.lbAddress2.Text
        _Address3 = Me.lbAddress3.Text
        _PostTown = Me.lbPostTown.Text
        _PostCode = Me.lbPostCode.Text
        _CountryID = Me.lbCountryID.text
        _TelNumber = Me.lbTelNumber.Text
        _MobileNumber = Me.lbMobileNumber.Text
        _EmailAddress = Me.lbEmailAddress.Text
        _Gender = Me.lbGender.Text
        _DoB = CDate(Me.lbDoB.Text)
        _RaceTypeID = Me.lbRaceTypeID.Text
        _TeamEntry = Me.lbTeamEntry.Text
        _TeamName = Me.lbTeamName.Text
        _FirstMudMadness = Me.lbFirstMudMadness.Text
        _TShirtSizeID = Me.lbTShirtSizeID.Text
        _MarieCurieOptIn = Me.lbMarieCurieOptIn.Text
        _DonationValue = Me.lbDonationValue.Text
        _MedicalConditions = Me.lbMedicalConditions.Text
        _EmergencyContactName = Me.lbEmergencyContactName.Text
        _EmergencyContactNumber = Me.lbEmergencyContactNumber.Text
        _HowDidYouHear = Me.lbHowDidYouHear.Text

        _RaceFee = Me.lbRaceFee.Text
        _TotalValue = _RaceFee + _DonationValue

        'Create DB record and assign the RaceEntryID
        'If the user clicks the back button on the final payment form
        'Then we must ensure that they do not create a second record in the database
        If IsNothing(Session("RaceEntryID")) Then
            Try
                strConn = GetConnString()

                Using cnnDR = New OleDbConnection(strConn)
                    Using cmdDR = cnnDR.CreateCommand
                        cnnDR.Open()

                        'Insert race entry
                        strSQL = "INSERT INTO tblRaceEntries (RaceTypeID, Title, LastName, FirstName, Address1, Address2, Address3, PostTown, PostCode, CountryID, " _
                            & "TelNumber, MobileNumber, Gender, DoB, EntryFee, TeamEntry, TeamName, MarieCurieOptIn, DonationValue, GiftAid, " _
                            & "TCAccepted, EmailAddress, FirstMudMadness, TShirtSizeID, MedicalConditions, EmergencyContactName, EmergencyContactNumber, HowDidYouHear) " _
                            & "VALUES (" & _RaceTypeID & ", '" & _Title.Replace("'", "''") & "', '" & _LastName.Replace("'", "''") & "', '" & _FirstName.Replace("'", "''") _
                            & "', '" & _Address1.Replace("'", "''") & "', '" & _Address2.Replace("'", "''") & "', '" & _Address3.Replace("'", "''") _
                            & "', '" & _PostTown.Replace("'", "''") & "', '" & _PostCode.Replace("'", "''") & "', " & _CountryID & ", '" & _TelNumber.Replace("'", "''") _
                            & "', '" & _MobileNumber.Replace("'", "''") & "', '" & _Gender.Replace("'", "''") _
                            & "', '" & Format(_DoB, "yyyy/MM/dd") & "', " & _RaceFee & ", " & _TeamEntry & ", '" & _TeamName.Replace("'", "''") & "', " & _MarieCurieOptIn _
                            & ", " & _DonationValue & ", " & _GiftAid & ", True, '" & _EmailAddress.Replace("'", "''") & "', " & _FirstMudMadness & ", " & _TShirtSizeID _
                            & ", '" & _MedicalConditions & "', '" & _EmergencyContactName & "', '" & _EmergencyContactNumber & "', '" & _HowDidYouHear & "')"
                        cmdDR.CommandType = CommandType.Text
                        cmdDR.CommandText = strSQL
                        cmdDR.ExecuteNonQuery()

                        'get new race Entry ID
                        strSQL = "SELECT @@IDENTITY"
                        cmdDR.CommandText = strSQL
                        intRaceEntryID = cmdDR.ExecuteScalar()

                        strOrderID = "MM2014_" & CStr(intRaceEntryID)
                        _OrderID = strOrderID

                        'Update table with OrderID - This is then used to identify the record when returning from payment gateway
                        strSQL = "UPDATE tblRaceEntries SET OrderID = '" & strOrderID & "' WHERE RaceEntryID = " & intRaceEntryID
                        cmdDR.CommandText = strSQL
                        cmdDR.ExecuteNonQuery()
                    End Using

                End Using

            Catch ae As OleDbException
                intRaceEntryID = 0
                Throw
            End Try

        Else
            'In here if the user has hit back button and is clicking this button again
            intRaceEntryID = Session("RaceEntryID")
            strOrderID = "MM2014_" & CStr(intRaceEntryID)
            _OrderID = strOrderID
        End If

        'This will be set to 0 if there is an exception
        If intRaceEntryID <> 0 Then
            _RaceEntryID = intRaceEntryID
            Session("RaceEntryID") = intRaceEntryID
            Server.Transfer("~/EntryPayment.aspx")
        End If

    End Sub

Open in new window

0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
BorisMatthewsAuthor Commented:
Hi

No one got any idea on this?

I did winder if the fact that I am using server.transfer might be a cause?

Thanks
Andy
0
 
Chinmay PatelEnterprise ArchitectCommented:
Yes. Try Response.Redirect. Any specific reason you resorted to Server.Transfer?
0
 
BorisMatthewsAuthor Commented:
Hi

We looked at the various options for passing lots of form data from one page to another and decided on the Server.Transfer and PreviousPage option.

Ideally would not want to rework this now so was hoping for a solution that did not require such a change.

Is it a know issue/fact that Server.Transfer affects the Session variables as I have experienced?
0
 
BorisMatthewsAuthor Commented:
Hi

We had not explicitly set the sessionstate mode in web.config as we understood that the default was InProc in any case?

Have now set it and it does appear to be behaving.

Thanks
Andy
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.