Problem with Session Variable

Hello:

This was posted in a wrong forum; that's why I am posting here again. Sorry.

I just wrote my first ASP.Net application, tested it on my development
environment and deployed it on a production server. That's when I encountered
a problem. The anonymous access is turned of and Integrated Windows
Authentication is turned on.

In my Global.ASCX, I have coded the Session_Start event
1. I read Request.ServerVariables("Auth_User")
2. Save it as a variable, userid, in the session variable.

Here is the problem:

1. User A signs in and the screen shows that the userid is "User A".
2. User B signs in through another workstation and his user ID shows "User
A" when in fact it should show "User B".

I thought the session is private to the user?

I got feedback that I should not do anything in Global. Also, setting
session variables in the Session_start event is loopy!

Can somebody tell me what I am doing wrong?

Venki

RE: Problem with Session Variable

strage... not sure if this will be of any help.. you may want to check if
you are using any static variables to assign this value later in some
pages/assembly.. I have seen similar issue with session values getting mixed,
when using a STATIC variable ..

"vvenk" wrote:

> Hello:
>
> This was posted in a wrong forum; that's why I am posting here again. Sorry.
>
> I just wrote my first ASP.Net application, tested it on my development
> environment and deployed it on a production server. That's when I encountered
> a problem. The anonymous access is turned of and Integrated Windows
> Authentication is turned on.
>
> In my Global.ASCX, I have coded the Session_Start event
> 1. I read Request.ServerVariables("Auth_User")
> 2. Save it as a variable, userid, in the session variable.
>
> Here is the problem:
>
> 1. User A signs in and the screen shows that the userid is "User A".
> 2. User B signs in through another workstation and his user ID shows "User
> A" when in fact it should show "User B".
>
> I thought the session is private to the user?
>
> I got feedback that I should not do anything in Global. Also, setting
> session variables in the Session_start event is loopy!
>
> Can somebody tell me what I am doing wrong?
>
> Venki
>

Re: Problem with Session Variable

Venki,

could you post your code. This would make it much easier to help you!
Nevertheless from what you write it seems to me that you want to write your
onw authentication code. Check out the authentication part of your web
config. You can get a first impression by reading
http://www.15seconds.com/issue/020220.htm

Does this help?

Best regards

Daniel Walzenbach


"vvenk" schrieb im Newsbeitrag
news:42BD89AE-70B0-408C-A3F2-AE6875A4D8E5@microsoft.com...
> Hello:
>
> This was posted in a wrong forum; that's why I am posting here again.
> Sorry.
>
> I just wrote my first ASP.Net application, tested it on my development
> environment and deployed it on a production server. That's when I
> encountered
> a problem. The anonymous access is turned of and Integrated Windows
> Authentication is turned on.
>
> In my Global.ASCX, I have coded the Session_Start event
> 1. I read Request.ServerVariables("Auth_User")
> 2. Save it as a variable, userid, in the session variable.
>
> Here is the problem:
>
> 1. User A signs in and the screen shows that the userid is "User A".
> 2. User B signs in through another workstation and his user ID shows
> "User
> A" when in fact it should show "User B".
>
> I thought the session is private to the user?
>
> I got feedback that I should not do anything in Global. Also, setting
> session variables in the Session_start event is loopy!
>
> Can somebody tell me what I am doing wrong?
>
> Venki
>

Re: Problem with Session Variable

Daniel:

Here is the code from Global.ASPX:

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the application is started
End Sub

Sub Session_Start(ByVal Sender As Object, ByVal E As EventArgs)

Dim lbOutcome As InnoBox_BO.User._Outcome

loUser = InnoBox_BO.User.GetInstance
loUser.DBConnString = ConfigurationSettings.AppSettings("DSN1")
Try
lbOutcome =
loUser.CreateByUserID(Request.ServerVariables("Auth_User").T oUpper)
Catch ex As Exception
Server.Transfer("Errors.aspx")
End Try
Session("User") = loUser
Session("DSN1") = ConfigurationSettings.AppSettings("DSN1")
Session("DSN2") = ConfigurationSettings.AppSettings("DSN2")

End Sub

In addition, each form has a Init event coded to make sure that the object,
UserID is available (I am giving an example of one such form):

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()

Dim lbOutcome As InnoBox_BO.User._Outcome
Dim loUser As InnoBox_BO.User

If Session("User") Is Nothing Then
loUser = InnoBox_BO.User.GetInstance
Try
lbOutcome =
loUser.CreateByUserID(Request.ServerVariables("Auth_User").T oUpper)
Catch ex As Exception
Server.Transfer("Errors.aspx")
End Try
loUser = Session("User")
End If
If Session("User").FirstName = Nothing Or Session("User").LastName =
Nothing Then
Server.Transfer("MyProfile.aspx")
End If
End Sub

Thanks for our help
Venki

"Daniel Walzenbach" wrote:

> Venki,
>
> could you post your code. This would make it much easier to help you!
> Nevertheless from what you write it seems to me that you want to write your
> onw authentication code. Check out the authentication part of your web
> config. You can get a first impression by reading
> http://www.15seconds.com/issue/020220.htm
>
> Does this help?
>
> Best regards
>
> Daniel Walzenbach
>
>
> "vvenk" schrieb im Newsbeitrag
> news:42BD89AE-70B0-408C-A3F2-AE6875A4D8E5@microsoft.com...
> > Hello:
> >
> > This was posted in a wrong forum; that's why I am posting here again.
> > Sorry.
> >
> > I just wrote my first ASP.Net application, tested it on my development
> > environment and deployed it on a production server. That's when I
> > encountered
> > a problem. The anonymous access is turned of and Integrated Windows
> > Authentication is turned on.
> >
> > In my Global.ASCX, I have coded the Session_Start event
> > 1. I read Request.ServerVariables("Auth_User")
> > 2. Save it as a variable, userid, in the session variable.
> >
> > Here is the problem:
> >
> > 1. User A signs in and the screen shows that the userid is "User A".
> > 2. User B signs in through another workstation and his user ID shows
> > "User
> > A" when in fact it should show "User B".
> >
> > I thought the session is private to the user?
> >
> > I got feedback that I should not do anything in Global. Also, setting
> > session variables in the Session_start event is loopy!
> >
> > Can somebody tell me what I am doing wrong?
> >
> > Venki
> >
>
>
>