Re: ASP.Net [2.0] - SessionID
- From: Ray Booysen <rj_booysen_NS@xxxxxxxxxx>
- Date: Mon, 15 May 2006 08:54:34 +0100
Hi Clinton
Each to their own. There might be a solution built in but not to everyone's taste. Have you tried using the built-in profiles system to perform queries on thousands of users without retrieving every user? Its not fun. ;)
clintonG wrote:
What a waste of time. ASP.NET 2.0 manages logins using Membership, Roles, and Profiles. Spend more time with the documentation Rob..
<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/
"Rob Meade" <ten.bewdoowsgnikNO-SPAM@xxxxxxxxxx> wrote in message news:dPn9g.68619$wl.30982@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxHi all,
I've just put some code together (cobbled is a phrase I like to use) - to handle a secure login to a web based application.
It's not exactly rocket science, a session is created, its ID and user ID are written to the database, each page that requires authentication checks to see if there is a current identity (ie a session already) and if so then tries to match that to the one in the database - if everythings ok - great - more on - if not - redirect to the login page.
Now - here's the thing...
I was expecting the Session.SessionID to be unique, not only when a new window is opened, but if the current session is killed off (using Session.Clear / Session.Abandon) - however - it doesn't appear to be - therefore its not entirely impossible to get logged back in when the details match etc..
For example - I log in...my Session.SessionID in browser 1 is : k2xmyl3fwinxrh45hyp30qbk
I open a second browser and login and my Session.SessionID in browser 2 is: hqbzk4555ivl2ez0nlophy55
Both of these have been written to my database with my user ID (1), now, when I then hit the database and change the UserID to 2 (ie, causing a no match) I'm prompt to log in (because the UserID / Session.SessionID didn't match) - but when I log in again I am given the same Session.SessionID as I had originally?!
Can anyone advise as to whether it's possible to generate a new Session.SessionID - as I said I was expecting this to have happened automatically having used "Abandon" etc when logging out, or when there is no match (I have a little Session killing off function etc)..
Any help would be most appreciated,
Regards
Rob
- Follow-Ups:
- Re: ASP.Net [2.0] - SessionID
- From: Brock Allen
- Re: ASP.Net [2.0] - SessionID
- References:
- ASP.Net [2.0] - SessionID
- From: Rob Meade
- Re: ASP.Net [2.0] - SessionID
- From: clintonG
- ASP.Net [2.0] - SessionID
- Prev by Date: Re: picture from db to file
- Next by Date: Re: Disappearing Sessions
- Previous by thread: Re: ASP.Net [2.0] - SessionID
- Next by thread: Re: ASP.Net [2.0] - SessionID
- Index(es):
Relevant Pages
|
