I have a log in page where I valid my users and based on this validation I store their user info in a session variable so I can access it at any time. To do this I am trying to store an instance of one of my dbml generated classes "UserInfo". So I populate the class and then store it in a session variable I call "user"
UserInfo u = new UserInfo();
u = dal.RetrieveUser(userID, userPass)
Session["user"] = u;
The issue I am having with this is it seems to mix up these session variables between users. Or more specifically it always seems to take the information from the first user variable stored for each subsequent user that logs in. So user 1's info is being pulled in for User 2, User 3, etc...
Is my problem that my class "UserInfo" is somehow static? Or what is causing this to happen? My UserInfo class looks like this:
public partial class UserInfo
{
...
EDIT:
After further review it seems that my Session variables are in fact working properly but my custom menus are actually the problem.
Sounds more like an issue with the DAL than the session object. Can you verify that the userID passed each time is different and the RetrieveUser function is using the passed value and not a static one?
Are you testing this using the web client on the same computer or separate computers? For instance, by default FireFox will run in a single process even if you have multiple windows or tabs open. As silly as it sounds, a colleague of mine had not noticed this phenomena when he had the same issue.
Related
I wanted to use some data from one page to another. General solution is to use Session (most of recommends). My boss don't like sessions and he suggested me to do same work by using C# Property in common class as below
public static long parentId { get; set; }
and set it one one page as
Common.parentId = "any value";
and use it on other page like
string anyVariable = Common.parentId
and it worked. We get rid of session expiration as well. But why most of people recommend session. Is property another state management thing?
If you are going to store some data using simple static property you must understand that it will be shared among all your users. Sessions are not for this. But I don't see any reasons not to use sessions if you want to store user data somewhere.
In my project it is very convenient, especially when we use SQL-server to store sessions - we can update our website without any losing users' sessions data.
You can check all possible ways to hanle sessions for example here http://msdn.microsoft.com/en-us/library/75x4ha6s(v=vs.100).aspx
I am building a web application. The authentication will be managed by the website, that is not my concern. What i need to store is the UserID in some place.
Once they open the application I will be able to get their UserID. I was previously using a Session variable to store this. Can I create a class say:
static string _UserID;
public static string UserDetails
{
get
{
return _UserID;
}
set
{
_globalValue = \\value from webpage;
}
}
and use UserDetails._UserID instead of assigning it to a session variable?!
The website's session server is not very reliable so I thought I could use this way.
Will this work?
I learnt from the answers that the variables will be overwritten for each user which is not what I want!!
Will it be the same scenario if i create an instance of this class in handler and assign the UserID to it??
are there any other way where I can make its scope limited only to one user i.e UserID with which I login should be same and if new user login to the application it must not be overwritten?? what is the disadvantage of using this method??
Is this method good if I use only one page and assign the object in the launch of the applciation ??
Static variables persist for the life of the app domain. So the two things that will cause your static variables to 'reset' is an app domain restart or the use of a new class.
The main problem is that static variables are shared across ALL USERS, and that is dangerous in your case that you pretend to store an UserID inside it. If you want to store
per user sessoin ID you should use Session
You can find more info here:
Lifetime of ASP.NET Static Variable
static filed will be shared between all users that means you would overwrite it for everyone. If you do not want to store it in Session you may store it in cookie (encrypted if security is important).
My goal here is to properly assign a session and retrieve the value stored in that session.
When users come to my first page, a Default.aspx page, I set the session in the code behind.
HttpContext.Current.Session["permissions"] = "Super";
However, I am unable to access this section in a Data Access Class in another file. Am I doing something wrong, or does anyone know a correct way of accessing an already set session from a C# class?
I try to access the session using the same syntax:
String permission = HttpContext.Current.Session["permissions"].ToString();
I am pretty sure , that you can always override this situation. What you are trying to do is not considered a good design principal.
what you can do is to pass the CurrentUser and/or his/her role to the data class by populating a custom property on that class. Within that class you can use the value of this property to work on the user's role.
let me know , if this helps you.
For code samples , you can always look at this SO question
How to access session variables from any class in ASP.NET?
I currently have a Web Application which is using it's own "Permissions" table which contains the following columns:
UserName - Windows UserName (Context.User.Identity.Name)
DivisionID - Links to a Division Table
RoleID - Comes from a custom Roles Table
RegionID - Recently added field to divide my Application into Countries (Canada, USA, International)
When the User logs into the site, they choose which Region they want to enter and I need to give them access to those Regions based on if they have any permissions set for that specific RegionID. Upon selecting a Region, the RegionID is stored in Session and will be used for this permission check and defining how data is populated on the pages (I haven't implemented the Session variable into all of the pages just yet so that can be changed if need be)
My initial thought would be to run my Permission Check on each page sending them to one of three destinations:
Invalid Permission Page (false)
Region Select Page - No Region selected in Session (RegionID = 0)
The page they requested - If has a permission set for that Region
I've also looked into using the Application_AuthenticateRequest method within the Global.asax but I cannot use Session within this area and it seems to be hitting the Application_AuthenticateRequest much more than it should be.
With my current App, what would be the best way to authenticate each user with their corresponding Regions, based on their Permissions?
I've really only worked with forms authentication-- but I'm assuming you'll be using windows authentication for membership and some form of custom roles authentication. I've never done it, but one would think it should work.
http://msdn.microsoft.com/en-us/library/system.web.security.roleprovider.getrolesforuser
You could create a custom provider that would take into account the Session value for Region in order to return the correct roles. I know for a web application, the default provider stores the roles as an encrypted cookie on the client. I'm thinking you can do something similar.
Normally I wouldn't recommend this method, but as it seems that you have already developed your application, you could relatively easily implement the following without too much upheaval:
Create a base class for your pages, and then inherit all the pages in your application from the base class. You would of course implement the "authorization" within the base class.
The one rather nasty problem with this is that if you forget to derive your page from the base class, then your page has no security on it.....but you could just as easily forget to implement your "Permission check"....
Something like
public class AuthorizedPage: System.Web.UI.Page
{
protected override void OnLoad(EventArgs e)
{
// ... authorization logic here...
// Be sure to call the base class's OnLoad method!
base.OnLoad(e);
}
}
You could check this out ASP.net "BasePage" class ideas and this https://web.archive.org/web/20211020133935/https://www.4guysfromrolla.com/articles/041305-1.aspx
Or, another idea, if you have used Master Pages you could also just do this stuff in the master page....
I'm currently working on an ASP.NET web-site. In one of my pages, I had a static field for the current logged in user's CompanyId.
private static Guid _CompanyId = Company.Get().CompanyId;
Company.Get() returns the information about the company of the currently logged in user, where the UserId is retrieved using:
System.Web.Security.Membership.GetUser();
But when logging in as another user, in antoher company, Company.Get().CompanyId would return the Guid from the first company.
Have I missed the point of using static fields, or does this have another cause?
I fixed it, by replacing all the references to _CompanyId in my code-behind with the Company.Get().CompanyId for a quick fix, but this is not really a good solution.
static variable value persist at the application level and hence across user wise. you should use session to store your information. static variable value is not change until you reassign the value, application restart, etc..
You should use HttpContext.Current to store session level variables. static variables are visible to all sessions in your web application.
Removing static from your field definition should give you what you're looking for.