-1

On our ASP.NET project, we have the code

<sessionState mode="SQLServer" sqlConnectionString="data source=xxx;user id=xxx;password=xxx" cookieless="UseCookies" timeout="180" regenerateExpiredSessionId="false" />

This code must remain unchanged, we need to be using cookies. However, we want to have a different session every time they login. To do this, we are thinking of generating a new GUID every time they log in and use that as part of the session. So, instead of Session["User"], it'll be something like Session["User"+GUID]. That user is only going to have one session, but if we use different GUID for each login, then we should be able to have differentiate the session. The problem we are running into where do we store that GUID? I've tried HTTP Headers, ViewState, however, if we do a full refresh, those are wiped out. Does anyone know where we can store the unique GUID we generate when the user logs in?

Please look at the comment if you want to know what we are actually trying to do. I know this is a horrible way of doing it, but the app is really old and this may be the only way without doing a big re-write.

Dijkgraaf
  • 11,049
  • 17
  • 42
  • 54
JohnC1
  • 841
  • 1
  • 12
  • 27
  • What we're trying to do: In order to login, the user need UserID, PW, and LocationCode. When a user logs in, a session is created for them. Let's say they logged in to Location 10000 using browser Firefox. Now if they open up Chrome and log in to Location 20000, it takes them to Location 10000. Because it sees the user already logged in, so instead of re-doing the login process, it grabs the user and sends them to the location they first logged in as. Basically, it should generate a unique session cookie every time the browser is changed or the app is opened in a new window. – JohnC1 Apr 01 '16 at 23:09

2 Answers2

0

I have implemented something like that in an ASP.NET WebForms application. It creates different sessions for a given user when he runs the application in multiple tabs of a browser. The method I use: I create a SessionID in the login validation function, then it is transfered in a QueryString parameter from one page to the other, and stored in the ViewState of the current form.

ConnorsFan
  • 70,558
  • 13
  • 122
  • 146
  • If they do a full refresh, won't the queryString be lost? – JohnC1 Apr 03 '16 at 20:08
  • What do you mean by a "full refresh"? – ConnorsFan Apr 03 '16 at 20:09
  • For example, if they hit "Ctrl + F5", it will refresh the website and the Query String/View State will be lost, correct? – JohnC1 Apr 03 '16 at 20:10
  • I can not test it with my application (it has several iframes and pressing F5 has always caused trouble, even without that SessionID stuff). However, if I open a Web site and add a dummy QueryString to the URL, the browser still shows the QueryString after Ctrl+F5. As for the ViewState, it is certainly lost but I save the SessionID obtained from the QueryString on the first load, so losing it on Ctrl+F5 is not a problem. – ConnorsFan Apr 03 '16 at 20:15
  • Gotcha. I understand now. I think we may take this approach then. Thanks a lot! I have accepted this as the answer. – JohnC1 Apr 03 '16 at 20:19
0

Store the locationcode in Application["locationcode"] variable.

Abhinandan Kumar
  • 51
  • 5