2

I am working on an application where we are saving some member's (not logged in user) information in session.

That specific ID is used to take payments and do other things as well. However, when i open the two tabs of that application or two windows of that application; the member's session id mismatches. The current tab picks up the ID of the secondary tab which is opened.

I request for some guidance/help.

I am using following code:

public static object GetSessionValue(string sessionName) {
    if (HttpContext.Current.Session[sessionName] == null) {
        return null;
    } else {
        return HttpContext.Current.Session[sessionName];
    }
}

public static void SetSessionValue(string sessionName, object sessionValue) {
    HttpContext.Current.Session[sessionName] = sessionValue;
}
Maarten
  • 22,527
  • 3
  • 47
  • 68
user2438237
  • 315
  • 2
  • 4
  • 16
  • Not a good idea. You will face greater problems if you try to handle two sessions at the same time. – Venkata Krishna Jul 31 '13 at 15:56
  • Which browser are you using (or testing with)? – Maarten Jul 31 '13 at 15:56
  • 1
    Tip: you can eliminate the if statement in `GetSessionValue` since you are checking for `== null` but returning the same value if it is. Just return `HttpContext.Current.Session[sessionName]`. – Maarten Jul 31 '13 at 15:58
  • I don't understand the question. Where does the "sessionName" value come from - is it part of the URL? How does the second tab get it's address - do you manually enter it or are you opening a link in a new tab? – Greg Jul 31 '13 at 16:18
  • @Maarten -I am using firefox. Actually the application is firefox specific. But even if I Return HttpContext.Current.Session[sessionName] (without if) then also the problem is not solved – user2438237 Jul 31 '13 at 16:32
  • @Greg - Session name is the name like public const string User = "User"; SessionStore.GetSessionValue(SessionStore.User) which is being called from other pages. – user2438237 Jul 31 '13 at 16:34
  • @user2438237 - I guess what I'm trying to figure out is if your sessions is switching because of other code you've written, or if it's something automatic. – Greg Jul 31 '13 at 16:36
  • @Greg - it is automatic. It is happening when the application is accessed from two windows in machine/ tabs of browser. – user2438237 Jul 31 '13 at 16:39
  • Is the static keyword creating a problem? Should session variables be stored without static? – user2438237 Jul 31 '13 at 16:40
  • @user2438237 - A static methods shouldn't be a problem, but (pardon my ignorance) what is `SessionStore.User`? Is that a static variable? – Greg Jul 31 '13 at 16:41
  • @Greg : It is public const string User = "User"; not a static variable. – user2438237 Jul 31 '13 at 16:45
  • @Greg : I think the problem here is with the const only. these fields should not be constant. let me just check it. Thanks!! – user2438237 Jul 31 '13 at 16:55
  • @user2438237 Session state is not shared between different type of browsers (not to mention different computer). In other words, it is only shared between same type of browser in current user's computer. If you close all same type of browsers, the session state is gone. – Win Jul 31 '13 at 17:04
  • @Win - You're right, I read the code wrong (I thought it was looking up a session rather than looking up a value within a session), thanks for correcting me. – Greg Jul 31 '13 at 18:11
  • Thanks @Greg. I dont think that my problem has a solution to it. – user2438237 Jul 31 '13 at 19:10

3 Answers3

0

However, when i open the two tabs of that application or two windows of that application; the member's session id mismatches. The current tab picks up the ID of the secondary tab which is opened.

If you open the same website in two different tab of a browser, they share the session. It is by design.

You can replicate it. Login to bankofamerican.com, and open a new tab and paste https://secure.bankofamerica.com/transfers/funds-transfer.go Notice that you do not need to login.

However, If you paste the url in new browser window (while logging in one browser window - Must be same type of browser), they something share the session.

Win
  • 61,100
  • 13
  • 102
  • 181
  • :As you told, since session state is shared between same browsers, i don't think that my problem even has a solution. Thanks anyways for all the guidance. appreciate that! – user2438237 Jul 31 '13 at 19:10
  • If I understand your question, why section id is different for anonymous user? [This question might answer your question](http://stackoverflow.com/questions/2874078/asp-net-session-sessionid-changes-between-requests) ***a new session ID is generated for each page request until the session object is accessed.*** – Win Jul 31 '13 at 19:14
0

The Session object is used to share state for a series of page loads on a given browser. This is great for storing information like what user is logged in, and what permissions the user has because it is the same human (AKA user) behind the browser for each page load.

The problem you describe is that you want two tabs of the same browser to show different states, aka if tab 1 is on the homepage, and tab2 is on the account page, you do not want tab 2 refresh to load homepage, you want it to stay on the account page. This is a page-level state, not a user-level state, and so you should not be storing your information in the Session.

If you are using WebForms (.aspx pages) to run your site, you should take a look at ViewState on MSDN. If you are using MVC, you should consider using javascript and AJAX to update the page and store the state of the pages in js variables client-side.

welegan
  • 3,013
  • 3
  • 15
  • 20
0

All of the tabs opened in the same browser share the same ASP session on the server side. So the general solution is to embed enough information in the web page (browser tab) itself so that a postback from it can be used to retrieve the appropriate conversation from within the shared session.

In other words, write some key value in hidden fields(s) within the page, which will be sent back as part of the postback request, to distinguish each browser tab from the others. A lot of this can be handled with judicious use of the ASP viewstate of the page. I believe you can also force the viewstate values to be be encrypted.

Alternatively, you can encode a hidden field yourself with with a random key that can be used to retrieve data you've saved in the session cache. This approach is harder to do right, though, since you have do deal with removing old (expired) keys from the session if the user closes his tabs or browser.

For example, I have a web application that shows data lists in fixed-length pages. Since I want the user to be able to open multiple lists simultaneously, each list in a separate browser tab, I embed the current paging info (page number, list number, etc.) in hidden fields in the HTML page. I then read these hidden field values on postback to resume the proper paging context for that particular browser tab that performed the postback.

David R Tribble
  • 11,918
  • 5
  • 42
  • 52