RE: Access session of another user

Hi Nick,

From your post, I understand that you're building an e-commerce site which
uses session state to store a user's shopping cart; and you're calling
external payment service asynchronizely with a callback to your server
code. In this callback, you need to clear the payment's user's shopping
cart. Since your callback server code doesn't run in the session context of
the user who is issuing the payment, you want find a way to access the
user's session by a session id or user id, right? Please correct me if I've
misunderstood anything.

I'm afraid the built-in session state manager will not be able to let you
access an arbitrary user's session.

If you're using ASP.NET 2.0, I strongly recommend you to use the Profile
API to store your shopping cart, which can be accessed using a user name.

The major difference between Profile and Session objects are:

1) Profile object is persistent whereas Session object is non-persistent.
2) Profile object uses the provider model to store information whereas
Session object uses the In Proc, Out of Process or SQL Server Mode to store
information. (Refer to
http://download.microsoft.com/download/2/a/e/2aeabd28-3171-4b95-9363-2215062
5a6a5/ASP.NET%20Provider%20Model.pdf for more information about ASP.NET
Provider Model)
3) Profile object is strongly typed whereas Session object is not strongly
typed.

Profile also supports anonymous user, which is a nice feature for letting
your user first surfing your site and adding items to his/her shopping
carts without registering/login; only when he/she wants to check out, then
you can redirect him/her to the registration page and migrate his/her
profile.

I will post some related URLs introducing the Profile feature of ASP.NET
2.0:

#A New Solution to an Old State Storage Problem
http://msdn.microsoft.com/msdnmag/issues/06/04/ExtremeASPNET/

#ASP.NET Articles by Harish Ranganathan: Whidbey: Tired with Sessions? -
Use the new Profile property to store user information.
http://harishmvp.blogspot.com/2005/07/whidbey-tired-with-sessions-use-new.ht
ml

#Walkthrough: Maintaining Web Site User Information with Profile Properties
http://msdn2.microsoft.com/en-us/library/taab950e.aspx

Please reply to let me know whether or not you need further information.
Thanks.

Sincerely,
Walter Wang (wawang@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: Access session of another user SOLVED
    ... I previously posted saying you could insert the session ID in the URL, but have since found out that this doesn't work if the page is requested from a different IP address. ... If you're using ASP.NET 2.0, I strongly recommend you to use the Profile API to store your shopping cart, which can be accessed using a user name. ... Profile object uses the provider model to store information whereas Session object uses the In Proc, Out of Process or SQL Server Mode to store information. ... The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows logoff bug possible security vulnerability and exploit.
    ... Microsoft recommend to use "User Profile Hive Cleanup Service": ... I don't have any special terminal software or other logon software installed. ... I find that if I wait for a little bit after logging off before logging on again, no running programs from the previous logon are present, but if I log on just after logging off, they will be if the profile unload fails. ... When logging on, the first logged on user is given session ID 0, as shown in task manager, but if I 'switch' to another user, the user is given a different session ID. ...
    (Bugtraq)
  • Re: Intranet Login using ASPdotNET (advice)...
    ... You should read a bit about FormsAuthentication ... limit the scope of the session object? ... You should use the Session object, the Cache object has a different ... How do I set the session to expire in XX minutes? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: while disconnecting its shows other user name - Terminal Serve
    ... And that they have a personal, unique profile? ... MCSE, CCEA, Microsoft MVP - Terminal Server ... To Log out the remote session, instead of Log off option the ... order to disconnect from their session. ...
    (microsoft.public.windows.terminal_services)
  • Re: [kde] KDE4 konsole: missing sessions, bell
    ... |> and another session that opens a root shell. ... | root profile with a different background, ... I don't have a profile for a remote connection, ... I chose a visible bell ...
    (KDE)