Session auto-exchange between many users [ASP.NET]_问答_开发者

Session auto-exchange between many users [ASP.NET]

开发者 https://www.devze.com 2023-03-13 14:19 出处：网络

I used a custom SessionWrapper class for handling Session in my ASP.NET project. It seems ok but I have recently found that it has hilarious error. If many user login to my website, their session will be exchanged or mixed. User A will has session of User B and maybe User C has Session of Us开发者_如何学Pythoner A. It may change after User refresh the page.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Collections;

namespace MyNamespace
{
    public class SessionWrapper
    {
        public static string USER_SESSION = "userSession";

       public static void SetUserSession(string email, Dictionary<int, DateTime> products)
        {
            UserSession userSession = new UserSession() { Email = email, Products = products };
            System.Web.HttpContext.Current.Session.Add(USER_SESSION, userSession);
        }

        public static UserSession GetUserSession()
        {
            if (System.Web.HttpContext.Current.Session[USER_SESSION] != null)
            {
                return System.Web.HttpContext.Current.Session[USER_SESSION] as UserSession;
            }
            return null;
        }

        public static void RemoveUserSession()
        {
            if (System.Web.HttpContext.Current.Session[USER_SESSION] != null)
            {
                System.Web.HttpContext.Current.Session.Remove(USER_SESSION);
            }
        }
    }

    public class UserSession
    {
        private string email;
        private Dictionary<int, DateTime> products = new Dictionary<int, DateTime>();

        public string Email
        {
            get;
            set;
        }

        public Dictionary<int, DateTime> Products
        {
            get;
            set;
        }
    }
}

The only reason apart from some strange code in application like Jonas H noticed is that you are testing it in either one browser instance in separate tabs or two instances of the same browser.

Try display the HttpContext.Current.Session.SessionID to determine whether you are in the same session in all cases.

It's the "static" modifier. Static variables exist for the lifetime of the AppDomain they were created in.

i.e. the w3wp.exe app process that spawns the app domain that the process itself runs in. No matter which request it is answering to at the time.

Therefore your static variables can be set by one user, and the read into another users session with how you have this setup.

You are adding all sessions with the same key: USER_SESSION. You need to provide a unique key for each user (perhaps the email address).

The provided code should behave as desired. If the problem indeed exists as described, it must be caused by code elsewhere in the application.

Try adding locking semantics:

private static Object locker = new Object();

public static UserSession GetUserSession()
{
  lock( locker)
  {
    if (System.Web.HttpContext.Current.Session[USER_SESSION] != null)
    {
      return System.Web.HttpContext.Current.Session[USER_SESSION] as UserSession;
    }
    return null;
  }
}