I have a very strange problem, since this works fine on my other project that I have completed.
I store user information in session variables, one important one being "AllowAccess" which is checked on every page to see if the user can actually go there (so they cannot just type in url's etc). This is simple and works a treat on my last project.
Anyway, in this project the user logs in and the session variables get initialised etc etc
Session("userName") = Me.tb1.textAfter I check the password I Server.Transfer("Home.aspx") where (like all screens) it does a basic check to see if Session("AllowedAccess") <> True. The first time you go to the page it is true (have quad checked with debug!). BUT, even with all the code commented out, as soon as you post back anything for some reason Session("AllowedAccess") is equal to "nothing". There is absolutely no code anywhere on the page (it's all commented out) except:
If Session("AllowedAccess") <> True Then
Server.Transfer("index.aspx")
End If
First time on the page it works, second time the value disappears!!
Does anyone know why this is happening? It must be something simple!!
Cheers
AndrewHave you not disabled session for the application. I don't remember the details but you can do this at page and application level. I'm not sure with .NET if the IIS session setting overrides/works with asp.net.
Is there an advantage to using session variables for this purpose rather than using the web.config?
Can we see the code where you set the Session variables and then the Page_Load portion up to where the check is performed?
Sure,
The session variable is set in the previous page:
Session("AllowAccess") = TrueAnd there is no other code in Home.aspx, just:
If Session("AllowAccess") <> True Then
Server.Transfer("index.aspx")
End IfHope you can work out an answer, this has stumped other .NET people in my office :/
Andrew
Here's my hypothesis:
The session management relies on a session cookie that has to be sent to the client in the header (like all cookies).
When you're Server.Transferring, though, you're actually aborting the current thread, resulting in the headers not having the time to be sent to the client.
Try it without the transfer, just to test this hypothesis.
The problem is that this works with my other project, running off the same PC.
You can imagine my frustration after clicking "New Project", starting work and not being able to get around this problem when it had worked flawlessly in the other project!
I use Server.Transfers in my other project but that's not really the problem since it seems the session variables disappear on post back!!
Still needing help...
Andrew
Would that be considered a bug? That had crossed my mind, but I figured that you guys had undoubtedly thought of that already.
It does make perfect sense though since the current Context is lost, so would the unsent Session data...
What do you mean it works with your other project? You mean that if you copy the same page to another project, it works??
Did you try removing the Server.Transfer, just to check?
In my other project I set up the session variables the same way and I use Server.Transfer's to navigate to other pages.
The login page is very similar, with the only differences coming from the fact that it's a different project (i.e. different layout etc etc).
Both applications are database applications, basically created to add, update and report on data.
I'm thinking that it must be a bug :/
How could you have session variables on the page, then post back ANYTHING and they disappear? I have buttons on the screen with NO code behind. I swear the only three lines I have in my code are the If Then conditional...
Still lost...
We need a simple repro.
I simply would not use Session variables to hold state. They are a problem and their values predicatably disappear due to many issues:
1. User does not allow cookies,
2. Server starts a new thread.
3. Server farm serves the next request in another server,
4. etc. etc.
1. Use hidden variables to pass this information in the form and/or querystring.
or
2. I am not sure that the Context object can be used to pass information, but it seems to work in all cases that I have tried.
Hope this clarifies this issue.
You cannot use hidden variables/querystring variables for secure information. It's just not practical. There are ways around those issues.
0 comments:
Post a Comment