In one ASP.NET application, we provide a link to open another application. If user clicks on that hyper link, another application will open in new window. The problem is both the applications are using the same session. Is there any way to change the session ID for the new window?
I have already tried abandoning session and clearing sessionID cookie in page load. But it is creating new session id and again both window are accessing the new Session ID. I want to have separate session ID for the two windows.
Is there any way to do that?
I don't think that there is a good way to do this when you are using Session. You may want to think about using Viewstate instead of session for the data that you do not want shared between the two windows.
You can create session ID dynamically based on what application you are working on. When you open another application, you can create new sessions for second application using unique ID.
Same question just using browser tabs instead. The same answer will work for you
asp.net - session - multiple browser tabs - different sessions?
Use sessionID. and place it in view state.
Compare sessionid from view state to session id in session.
If they are different its a new window create a new session and remember to upt the new id in view state
Related
I'm almost sure what I'm looking for exists, but I didn't finding on Microsoft documentation nor here.
I just want to get an unique ID (a string or a number, I don't really mind) from a client in ASP.NET 4.5, on the server side. I want this ID linked to a session, so different for each system that would connect to my server (like multiple computers or same client with different browsers), but the same if a user open multiple tabs on the same browser on my server.
I already looked on:
System.Web.UI.Page.ClientID: It is the name of the control (so always "__Page").
System.Web.UI.Page.UniqueID: It returns the same.
Session.LCID: I'm not sure to what it refers to, but it is the same if I connect to my server with different browsers.
Session.SessionID: Change each time I refresh the page or open it in a new tab.
Request.AnonymousID: Is null.
So all my attempts gave me an ID that changes everytime or never. Is there any way to get something from session ?
What you are looking for is in fact the Session.SessionID, however it comes with a caveat.
From MSDN:
When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed. If your application requires a static session ID for the entire session, you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, or you can use code in another part of your application to explicitly store data in the Session object.
I suggest using REMOTE_ADDR / REMOTE_HOST values from ServerVariables collection. These would have same values even if the user is using multiple browsers and uses different sessions from the same machine. Note that REMOTE_HOST might not always have a value.
References :
https://msdn.microsoft.com/en-us/library/system.web.httprequest.servervariables(v=vs.110).aspx
https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx
I am very confused in my implementation of sessions in asp.net web application. My logic is once user enters user name+password, I validate credentials and then create a new session with some user info[All I am after from this point onward is that this user has access to restricted resources and a user must never be able to access those resources unless he/she is authenticated]. This I validate on each request and the rest. Here is my issue though. I have many places in the website where I have html links, and I read that if I have a link such as
<a href='resource1.aspx'>resource 1</a>
This will generate a new session id, hence in reality invalidating the existing session id, which in my case will be treated as session expired and user is sent to login page. While reading up on this issue I came across an asp.net API method[
Response.ApplyAppPathModifier(url);
] which prepends the session id to each request hence resolving the new session id generation for each link. Though it resolves session breaking issue it does add the session id next to all of the urls and now session id can be seen in the source code( view source for web page). I really don't want to use cookies and want to use session for user sessions...Can some one please help me create a system which will work the way I wish it to ? if I am doing it utterly incorrect, I would really really appreciate a details discussion and if possible some example...Thanks you much in advance..
It looks like you are trying to use cookieless sessions which add a session id to all links in order to be able to track the sessions.
The other (much more common, standard and IMO secure) approach is to use normal sessions, which auto creates a session cookie (when you use the .Session object), and uses that to determin the current session. If you don't want a cookie you'll have to stick with cookieless, and the session id in the url.
I am facing a very basic problem while building a website ; The website have 10 pages , The problem is that when i login once how can i remain logged in through out the rest of the pages ??
Since this question includes tags for asp.net and sesion variables, I'm not sure what you are missing.
On login form:
if (authentaionSuceeded){
HttpContext.Current.Session["loggedin"]="yes";
}
On all other pages (except for logout)
if (HttpContext.Current.Session["loggedin"]=="yes"){
// whatever you do for logged in users.
}
That's the basic idea. Although I prefer to access the session variable through an extension method/class that provides a type safety and a list of all session variables. The example in that answer is in VB, but you can do the same thing in c#.
There are some possible solutions as below:
Cookies: Store session information in the cookies in the page header
Hidden Form Fields: Maintain the session information in some hidden fields in the page forms
In each option, you need to generate the session key(some encrypted unique key) on the server side and on subsequent request, you should be able to validate that session key. Its better to regenerate a new session key on each request and expire it after certain interval. So for active user, it will keep getting new keys, but inactive user session will simply expire.
I've just been given a new task to bootstrap a website created by someone else. But I'm absolutely new to Web. The website is in ASP.NET,C#. The code itself is not hard to understand except for the Session object. I don't understand where, how and why it's used.Could please someone explain the usage of Session object with a possible example?
P.S. What would these two lines mean?
lblPensValue.Text = sh.pensDec((string)Session["connSTR"], 113, 23);
and
if ((string)Session["connSTR"] == null)
Session is used to store data for the user's session on the web site. (this data store is per-user-browser session, and is subject to being wiped at any time by various application events)
It is generally used to store information across multiple page views in a user's session (ie. visit) to your website.
It can be used anywhere in code that runs in the context of the user's session; meaning inside a page, or in the appropriate application lifecycle events which run in the context of a session (such as Session Start)
As for your samples;
The first one, I can't fully explain, as I do not know what the function sh.pensDec() is supposed to do.
The second one is checking to make sure there is a value stored in that session variable, before running the code that follows.
HTTP by nature is stateless. The WebServer doesn't know any details after it processes the request and sends back to the client. Thus, any subsequent requests are like fresh requests to the server.
To Enable the Server to remember & subsequently recognize what it served to the client, ASP.NET uses various mechanisms of which Session is one of them.
Session is created per user. So, in your Page, you are fetching the "connSTR" are storing it. Whenever a subsequent request comes from the same user, by querying Session with the key
Session["connSTR"]
you get back its value. Since Session is an Object, its casted as a string in your code.
(string)Session["connSTR"] // Return value from session and casting to string
You need to understand Session, check this ASP.NET Session State Overview
ASP.NET session state enables you to store and retrieve values for a user as the user navigates ASP.NET pages in a Web application.
ASP.NET Session State Overview
ASP.NET Session State Examples
Look at, e.g.,
ASP.NET Wiki › State Management › Session
ASP.NET Session State Overview
the documentation for the HttpContext.Session Property
Does the same session continue or is a new session created for the same "USER" when a user logs in from computer 'A' using Firefox.
By my understanding, a 'session is created for that user by the server'.
Now, without closing the browser tab, a user opens a new tab and goes to the same page [that would require the user to log in first].
What will happen?
Will the server continue the same session, making the code recognize the user?
Will the server start a new session for this request and destroy the old session?
Consider the same question, but now the user logs in from another browser. What will happen?
Sessions are based on cookies in which a Session ID is stored. So, it is purely a matter of how the browser stores it's cookies.
Generally, the browsers share cookies between tabs, so with new tab, the Session ID is preserved and new session will not be created.
Two different browsers, however, don't share the cookies, so in another browser, new session is created.
There are also cookieless sessions. In that case, the session ID is stored in URL (such as http://www.server.com?sessionId=12345). So obviously in this case if you open a new tab and type the address without sessionId, a new one is created too.
This really all depend on the site programming. But generally you can see tabs sharing session but different browsers not.
The sessions are not shared between browsers and are only shared between tabs (or windows) if the new tab/window is spawned from the current page (unless cookieless session handled via the querystring). When you click a link and say open in a new tab or window or choose to duplicate the current tab/window, both tabs/windows will share the same session. This is browser dependant though and each brower could implement it differently.
It's very easy to test. Create a simple aspx page with a Label and a link back to the current page. In the PageLoad do the following:
if (Session["Test"] != null)
{
Session["Test"] = (int)(Session["Test"]) + 1;
}
else
{
Session["Test"] = 1;
}
yourLabel.Text = Session["Test"].ToString();
Then open the page using different methods. Use an href with target=_blank. The href will make a new tab/window and share the session but loading the page any other way shouldn't.
The user session is usually kept in a cookie which is created by the web server, but is actually stored on the client. If the two Firefox tabs share the cookies, the session will be shared between them. However, if the two tabs don't share the cookies, there will be a server session created for each of them.
Sessions generally do not persist across browsers. If the user opens a new tab and goes back to the log in page and logs in again or if he gets automatically logged in all depends on how the back-end code is written.
If it's a new tab then the same session will be used (because the browser will provide the same session cookie). If it's a different browser, the cookie will not be present and a new session will be started (the session in the other browser will persist assuming your using a standard session mechanism).