Re: Session object
From: John Saunders (johnwsaundersiii)
Date: 12/13/04
- Next message: P1ayboy: "Wrong Form Submit"
- Previous message: rj: "CalculatedColumn"
- In reply to: jsale: "Session object"
- Next in thread: Hans Kesting: "Re: Session object"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 13 Dec 2004 10:43:05 -0500
"jsale" <jsale@discussions.microsoft.com> wrote in message
news:4FE4FC87-EC13-4E73-BBDD-4D4A29145FC0@microsoft.com...
>I have an asp.net application that uses classes to store data between the
> user interface and the SQL Server database. Each user needs to see only
> their
> data at any time, therefore I am using session to hold the classes.
> Currently
> I use this on page load:
> XProject = Session("XProject")
> where XProject is the class I require to be at session level.
> My question is, for this to be correct, and to stop data leaking to other
> users if they are executing code at the same time, do i need to put a:
> Session("XProject") = XProject
> before redirecting to other pages in the site?
> I'm still quite new to session and my site appears to read and write data
> correctly, but from time to time, when a few users are using the web
> application, data can be saved on one users' project and be seen on
> others,
> causing errors and security risk.
If you never put the object anywhere other than in Session, then you should
not see it leak to other users. This should only be happening if the object
(or pieces of it) is stored in a Shared variable, a global variable in a
Module, or in Application state.
Look around your code for things like these (especially modules). I usually
recommend that all modules should be replaced with Classes, and this is one
of the reasons.
John Saunders
- Next message: P1ayboy: "Wrong Form Submit"
- Previous message: rj: "CalculatedColumn"
- In reply to: jsale: "Session object"
- Next in thread: Hans Kesting: "Re: Session object"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
