I have an asp.net session that returns previously saved data after a Session.Abandon and Session.Contents.RemoveAll have been applied. Note: This only happens on a single computer running Windows 7 with IE 11. The session variables drop as desired on other IE browsers and Chrome. Also, my development box is running IE 11 and it works fine here. Just this one system seems to have a session ghost.
The code uses a session variable to track an anonymous user that visits the site to provide content. Multiple users may use the same computer so I set up a "change user" routine that Abandons the session and redirect the browser back to the default.aspx page where a login popup requests the new information.
But what results is that every page the "previous user" accessed shows the old user's credentials. Every other page viewed displays the "current user's" credentials. I use one single session variable to track the user through all of these pages.
Change User:
//Drops session and forces user back to default.aspx to be logged in.
protected void Change_User(object sender, EventArgs e)
{
Session.Abandon();
Session.Contents.Abandon();
Session.Contents.RemoveAll();
Response.Redirect("~/default.aspx");
}
This sounds like an IE 11 configuration problem to me. But I have never seen a session variable attach itself to a single URL.
Since this is a shared machine between multiple users, it sounds as though the page(s) might be cached locally. Ask the user to try a hard refresh (CTRL+F5) to confirm this. Then check their local settings:
In IE11 under Internet Options -> General Tab, under the "Browsing history" section -> click the Settings button -> the Website Data Settings dialog will appear.
"Check for newer versions of stored pages:" should be set to "Automatically" or "Every time I visit the webpage"
Alternately, you could modify your code to never cache the page(s), for example adding this to your PageLoad event:
Response.Expires = -1;
Related
In my ASP.NET web application and there is one function will consume a lot server resources.
When running this function, i would like to temporary disallowed user to access to certain page and redirect user to a alert page to inform them come back later.
When this function is completed, users will allowed to access all pages.
Is there any way i can do this?
In the page you do not won't to get user access simply write this line of code under page_Load
Response.Redirect("Thealertpage.aspx");
Then in your alert page place your message to the users and a button to redirect somewhere else in your website using the same line above but with a different page link. Alternatively, just remove the page and name the warning page as per the removed page.
I was also considering to suggest you to use a session variable to be set in your admin page by a check box but you would need to save the checkbox status in the db. Too over designed for something temporary like in your case.
I need to show user log in time details.I have two table.One is UserMaster which contains UserDetails and one is UserLogInTimeDetails contains two columns UserId and LogedInTime.
When User Log in UserId and LogInTime stores in UserLogInTimeDetails.
When User Log Off I am deleting the row of that particular user from UserLogInTimeDetails.
But the problem is if an user close the browser then the details of the user in not deleted from UserLogInTimeDetails table.For which that user will not be able to log in again.
How to solve this issue?
I have googled and saw that browser close event in not possible to handle and in many places they have adviced to use onbeforeunload event which is not working for me.
Please help. I am in big trouble.
Perhaps you could get it working using Session_End in your global.asax file to remove the user when their session expires. Though I'm not 100% sure if you can get the session ID from this method. It may be within the EventArgs...
void Session_End(Object sender, EventArgs e) {
//Remove user from database here
}
Else, another way to store the data is based on last activity, so everytime the user submits a request you update the time of last activity. You could even store this with a session ID in the database along with their login time, and then be able to calculate the duration active from login time to last activity for that session;
Best way to go with this using signalR. You can track user is online or offline. based on even dispose you can track exact logout or browser close too.
Hope this will teach you something new. refer below link for a simple example of signalR.
signalR sample application for online, offline status
Is it important that the user cannot login multiple times from different browsers?
If not, a more common approach is to store a login information variable in a session variable (maybe login time, user id or something like that), and use it to verify if the user has logged in or not.
If the user close the browser the session is lost, and he must login again, but he can login as many times as he wishes from different browsers.
You can access these variables like this:
// Set it like this. Can be any type of object with login data.
Session["LoginData"] = "Hello";
// Get it like this.
string test = (string)Session["LoginData"];
Edit:
If it is important that the user must nog login multiple times, you have a much bigger problem to solve.
Maybe something like this could be the solution?
Let the browser (via ajax) ping the web server somehow, every few seconds or so (how many depends on how long you want the browser to be shut down before it is ok to login again vs. traffic)
When the server receives a ping from a certain user, stamp the date and time in a session variable.
If a browser is trying to access the web page in any way, first, check for the session and for how long time ago the last ping was done. If the session is null, or the time is more than the time between pings*2 (or something like that) the user can login again (send to login page). If the time is shorter check if the user is logged in. If he is, continue. If not, tell him he must log out from the first connection (or whatever you want).
Hope this helps!
I wrote a C# application that has a log in menu and when the user types his information the program needs to send and log in with that info.After that show the logged in page with the WebBrowser class.For some reason it doesn't want to log in ,it directs to the website log in menu.I want the user to be able to log in from my c# application menu and don't have to see the Website Log in menu at all.
As far as I can see the above code:
Formats the request with the user credentials
Gets the response
Attempts to put the returned cookie into a string
Nowhere do I see that same cookie being returned to the browser on subequent requests made by the webBrowser1:
webBrowser1.Navigate("the website + the current session (cookieURL));
doesn't compile.
It appears this question may lead you to the correct solution.
I am creating a cookie with a value(like an Id) and adding it to the browser's response context.
So when the www.abc.com is called from my applciation through click, it auto logs into abc.com web site.
When I log out of abc.com without closing the window(www.abc.com) and try to click the link from my application again, it is creating a new cookie with a new value but it is not auto login to www.abc.com
But when I logout from www.abc.com and close the window(www.abc.com) and reclick from my application, it let me autologin.
Any ideas?
Telepathic powers: you are deleting cookie from wrong domain (setting cookie on abc.com, but deleting only from www.abc.com).
Make sure that domain for both set and expire cookie calls is the same (either both calls made to/from page on abc.com domain OR domain is set correctly).
#Alexis: Thanks for pointing it out. But I did find the answer. The session was already open from the previous web site. As that wasn't closed, the new web site which got open when I clicked the link again couldn't establish a brand new session. SO the browser couldn't read the session cookie.That is why you always has to close the first one.
But thanks for helping me alexis. But I will remember to add more data in my question from next time onwards.
Does the same session continue or is a new session created for the same "USER" when a user logs in from computer 'A' using Firefox.
By my understanding, a 'session is created for that user by the server'.
Now, without closing the browser tab, a user opens a new tab and goes to the same page [that would require the user to log in first].
What will happen?
Will the server continue the same session, making the code recognize the user?
Will the server start a new session for this request and destroy the old session?
Consider the same question, but now the user logs in from another browser. What will happen?
Sessions are based on cookies in which a Session ID is stored. So, it is purely a matter of how the browser stores it's cookies.
Generally, the browsers share cookies between tabs, so with new tab, the Session ID is preserved and new session will not be created.
Two different browsers, however, don't share the cookies, so in another browser, new session is created.
There are also cookieless sessions. In that case, the session ID is stored in URL (such as http://www.server.com?sessionId=12345). So obviously in this case if you open a new tab and type the address without sessionId, a new one is created too.
This really all depend on the site programming. But generally you can see tabs sharing session but different browsers not.
The sessions are not shared between browsers and are only shared between tabs (or windows) if the new tab/window is spawned from the current page (unless cookieless session handled via the querystring). When you click a link and say open in a new tab or window or choose to duplicate the current tab/window, both tabs/windows will share the same session. This is browser dependant though and each brower could implement it differently.
It's very easy to test. Create a simple aspx page with a Label and a link back to the current page. In the PageLoad do the following:
if (Session["Test"] != null)
{
Session["Test"] = (int)(Session["Test"]) + 1;
}
else
{
Session["Test"] = 1;
}
yourLabel.Text = Session["Test"].ToString();
Then open the page using different methods. Use an href with target=_blank. The href will make a new tab/window and share the session but loading the page any other way shouldn't.
The user session is usually kept in a cookie which is created by the web server, but is actually stored on the client. If the two Firefox tabs share the cookies, the session will be shared between them. However, if the two tabs don't share the cookies, there will be a server session created for each of them.
Sessions generally do not persist across browsers. If the user opens a new tab and goes back to the log in page and logs in again or if he gets automatically logged in all depends on how the back-end code is written.
If it's a new tab then the same session will be used (because the browser will provide the same session cookie). If it's a different browser, the cookie will not be present and a new session will be started (the session in the other browser will persist assuming your using a standard session mechanism).