RE: asmx httphandler not properly protecting sessions?

Tech-Archive recommends: Fix windows errors by optimizing your registry

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Thanks for your reply and the repro package.
\par
\par I'll have a look and let you know what I get.
\par
\par Sincerely,
\par
\par Steven Cheng
\par
\par Microsoft MSDN Online Support Lead
\par
\par
\par This posting is provided "AS IS" with no warranties, and confers no rights.
\par
\par \pard\li720 --------------------
\par Thread-Topic: asmx httphandler not properly protecting sessions?
\par thread-index: Acf0r73KK5G+eCiYSw6zqzsjHEPo+A==
\par X-WBNR-Posting-Host: 24.132.133.90
\par From: =?Utf-8?B?Tmljaw==?= <SaintNick@xxxxxxxxxxxxx>
\par References: <E74083F8-A2A6-4BC2-8C6E-F06B5AFFCEFD@xxxxxxxxxxxxx> <eBja$pP8HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
\par Subject: RE: asmx httphandler not properly protecting sessions?
\par Date: Tue, 11 Sep 2007 13:10:04 -0700
\par Lines: 35
\par Message-ID: <506D4F34-C431-428B-BEA1-D1A424BA4ECB@xxxxxxxxxxxxx>
\par MIME-Version: 1.0
\par Content-Type: text/plain;
\par \tab charset="Utf-8"
\par Content-Transfer-Encoding: 7bit
\par X-Newsreader: Microsoft CDO for Windows 2000
\par Content-Class: urn:content-classes:message
\par Importance: normal
\par Priority: normal
\par X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
\par Newsgroups: microsoft.public.dotnet.framework.webservices
\par Path: TK2MSFTNGHUB02.phx.gbl
\par Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.dotnet.framework.webservices:2208
\par NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
\par X-Tomcat-NG: microsoft.public.dotnet.framework.webservices
\par
\par Hello Steven,
\par please see a demonstration VS2003 solution at
\par http://members.upc.nl/n.reid1/webservicetest.rar.
\par
\par It should be a completely stand-alone demonstration of the effects I
\par describe. Just unpack it in your local webroot.
\par
\par Instructions:
\par 1. load the solution in VS 2003 on framework 2.0 and press F5.
\par 2. click the "load aspx page" button to initiate a long-running request
\par 3. within 20 seconds first click the "init webservice" button followed by
\par the "call webmethod" button
\par
\par See how the second asmx request is not blocked by the first? In fact they
\par both believe they are starting the session.
\par
\par You might also try uncommenting the session_start in global.asax to see the
\par effects with session expiration. For this you need to
\par 1. uncomment the session_start,
\par 2. press F5 in VS2003
\par 3. click the "load aspx page" button
\par 4. wait > 1 minute to let the session expire
\par 5. click the "load aspx page" button again
\par 6. within 20 seconds first click the "init webservice" button followed by
\par the "call webmethod" button
\par
\par Just compare the start_timestamps of each session in the web page when you
\par follow the above instructions.
\par Setting a break point at the session_start method in global.asax in the
\par above scenario proves my point.
\par
\par What are your conclusions?
\par
\par Regards, Nick
\par
\par \pard
\par
\par }
Quantcast