Re: Session Variables - why aren't novice developers warned?

Bruce -
You are correct - all the problems you mention are "easy to predict if the
dev takes the time to
lean how a web applications work and its stateless nature".

But knowing "how a web applications work and its stateless nature" does not
predict that the IE action File-New-Window will open a new browser window
which shares the same Session ID as the parent window, and replaces the
content of session variables with damaging consequences.

Thanks for your response, Bruce.
Bill


"bruce barker (sqlwork.com)" <b_r_u_c_e_removeunderscores@xxxxxxxxxxx> wrote
in message news:O352$xs8GHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
this problem falls into the same catergory, as the following problems

1) browser refresh - not handling a refresh of the page
2) double submit problem - not handling double second click while waiting
for render
3) use of static/vb modules to store session data
4) bloated viewstate
5) not understanding the page lifecyyle - page load fires on render and
postback, and before event firing.

all this problems are pretty easy to predict if the dev takes the time to
lean how a web applications work and its stateless nature.

-- bruce (sqlwork.com)


"BillE" <belgie@xxxxxxxxxxx> wrote in message
news:OZ2foZr8GHA.2288@xxxxxxxxxxxxxxxxxxxxxxx
When a user opens a new IE browser window using File-New-Window the
integrity of an application which relies on session state is COMPLETELY
undermined. Anyone who overlooks the fact that File-New-Window creates
an instance of IE in the same process with the same SessionID as the
parent window is in big trouble. This fundamentally restricts the
usefullness of using session state management.



I probably missed it somewhere - can someone please help me find where in
the Visual Studio 2005 documentation this pitfall is PLAINLY mentioned?
Such that developers seeking basic guidance will not fail to note the
warning? There are articles which explain elementary concepts such as
how to create a session variable, without pointing out this serious
hazard.



I have read the articles entitled Session State Overview, Session
Identifiers, Session State Events, etc. and I can't find this trap openly
described. For example, the article ASP.NET State Management
Recommendations identifies only performance considerations in the
Disadvantage of Using Session State section.



Why aren't developers warned of this while the basics of ASP.NET
development are being explained?

I agree that the injudicious use of global variables in any type of
application is sloppy and can incur pitfalls. However, in most types of
applications global variables are limited in scope to the instance of the
application. If there are multiple instances of the same application
open on one machine, each instance has its own scope. I think many
(most?) asp developers may have naive expectations that this is the case
when using session variables in an asp application hosted by Internet
Explorer. I did.



-Bill


"GroupReader" <newsgroups_01@xxxxxxxxxxx> wrote in message
news:1161148121.175510.124660@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
You'll have these issues *any* time you use global variables in *any*
type of application. It's best to use local variables whenever
possible. In asp.net this translates to passing your variables around
from form to form. Use querystring variables or form variables
instead. Sorry I don't have a decent solution, but one more thought:
I think your issue may get worse when IE7 introduces "tabbed
browsing"... which makes it much easier to "open new windows". Maybe
there's an IE setting that tells IE to start a new session when a new
window is opened(?)







.

Relevant Pages

  • Re: Session Variables - why arent novice developers warned?
    ... Since session variables are so convenient, ... child window. ... But knowing "how a web applications work and its stateless nature" does ... usefullness of using session state management. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Session Variables - why arent novice developers warned?
    ... child window. ... which shares the same Session ID as the parent window, ... integrity of an application which relies on session state is COMPLETELY ... Why aren't developers warned of this while the basics of ASP.NET ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Very strange SQL connection problem
    ... > I am expirienced in writing .NET programs and web applications for about ... > The DataHandler class has a SqlConnection as member variable which gets ... > Global.asax.cs and save it into the Session where it then gets used by ... > expirience the following problem: ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: share session between more than one web application
    ... >> I have three web applications that I want to provide one single web ... >> If I am able to share the session between them, ... Place data in a database when the first app is hit. ... The others live in subdirectories (and I have to go ...
    (microsoft.public.dotnet.framework.aspnet)
  • Sessions, Modal dialog windows and previously opened IE windows.
    ... I'm just starting to develop web applications and I have this ... At some parts of my application, I open modal dialog window which also opens ... dialog window ONLY when there is another explorer I opened before opening my ... By the way, if it is not a modal dialog window, Session values are okay. ...
    (microsoft.public.dotnet.general)