Re: Access session of another user SOLVED

Walter,

Thanks for this suggestion..

I previously posted saying you could insert the session ID in the URL, but have since found out that this doesn't work if the page is requested from a different IP address. If my previous (deleted) post appears on any servers - ignore it it's incorrect. I will go with Walter's solution or perhaps a database driven shopping cart.

Thanks,

Nick...

Walter Wang [MSFT] wrote:
Hi Nick,

From your post, I understand that you're building an e-commerce site which uses session state to store a user's shopping cart; and you're calling external payment service asynchronizely with a callback to your server code. In this callback, you need to clear the payment's user's shopping cart. Since your callback server code doesn't run in the session context of the user who is issuing the payment, you want find a way to access the user's session by a session id or user id, right? Please correct me if I've misunderstood anything.

I'm afraid the built-in session state manager will not be able to let you access an arbitrary user's session.

If you're using ASP.NET 2.0, I strongly recommend you to use the Profile API to store your shopping cart, which can be accessed using a user name.

The major difference between Profile and Session objects are:

1) Profile object is persistent whereas Session object is non-persistent.
2) Profile object uses the provider model to store information whereas Session object uses the In Proc, Out of Process or SQL Server Mode to store information. (Refer to http://download.microsoft.com/download/2/a/e/2aeabd28-3171-4b95-9363-2215062
5a6a5/ASP.NET%20Provider%20Model.pdf for more information about ASP.NET Provider Model)
3) Profile object is strongly typed whereas Session object is not strongly typed.

Profile also supports anonymous user, which is a nice feature for letting your user first surfing your site and adding items to his/her shopping carts without registering/login; only when he/she wants to check out, then you can redirect him/her to the registration page and migrate his/her profile.

I will post some related URLs introducing the Profile feature of ASP.NET 2.0:

#A New Solution to an Old State Storage Problem
http://msdn.microsoft.com/msdnmag/issues/06/04/ExtremeASPNET/

#ASP.NET Articles by Harish Ranganathan: Whidbey: Tired with Sessions? - Use the new Profile property to store user information.
http://harishmvp.blogspot.com/2005/07/whidbey-tired-with-sessions-use-new.ht
ml

#Walkthrough: Maintaining Web Site User Information with Profile Properties
http://msdn2.microsoft.com/en-us/library/taab950e.aspx

Please reply to let me know whether or not you need further information. Thanks.

Sincerely,
Walter Wang (wawang@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the check box "Tools/Options/Read: Get 300 headers at a time" to see your reply promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • RE: Access session of another user
    ... user's session by a session id or user id, ... I strongly recommend you to use the Profile ... Profile object is persistent whereas Session object is non-persistent. ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows logoff bug possible security vulnerability and exploit.
    ... Microsoft recommend to use "User Profile Hive Cleanup Service": ... I don't have any special terminal software or other logon software installed. ... I find that if I wait for a little bit after logging off before logging on again, no running programs from the previous logon are present, but if I log on just after logging off, they will be if the profile unload fails. ... When logging on, the first logged on user is given session ID 0, as shown in task manager, but if I 'switch' to another user, the user is given a different session ID. ...
    (Bugtraq)
  • Re: while disconnecting its shows other user name - Terminal Serve
    ... And that they have a personal, unique profile? ... MCSE, CCEA, Microsoft MVP - Terminal Server ... To Log out the remote session, instead of Log off option the ... order to disconnect from their session. ...
    (microsoft.public.windows.terminal_services)
  • Re: [kde] KDE4 konsole: missing sessions, bell
    ... |> and another session that opens a root shell. ... | root profile with a different background, ... I don't have a profile for a remote connection, ... I chose a visible bell ...
    (KDE)
  • Re: [kde] KDE4 konsole: missing sessions, bell
    ... |> and another session that opens a root shell. ... | root profile with a different background, ... I don't have a profile for a remote connection, ... I chose a visible bell ...
    (KDE)