开发者

Sessionstate not being saved between pages

开发者 https://www.devze.com 2022-12-28 18:59 出处:网络
i am having problems with an asp.net c# site whereby i am setting a session state object to true and then redirecting to another page that needs to check the value of the session state object and it i

i am having problems with an asp.net c# site whereby i am setting a session state object to true and then redirecting to another page that needs to check the value of the session state object and it is null.

Sometimes it is set correctly and other times is is simply null.

When i debug on my local machine it works perfectly every time开发者_JS百科. Only when i upload to my web server does this temperamental behaviour happen.

As it is based around the security of the site it is obviously important that the session data be valid and accurate every time.

Is session state data unreliable?

AFAIK its set to inproc, cookieless, 30 min timeout, vanilla installation of IIS.

Does anyone have any suggestions? Perhaps i need to thread.sleep inbetween the storing of the session data and the reading?

NB: the time between the write and the read is about 70ms.. ample time for the data to be written to RAM.....


No. It sounds like you are misusing session state. You can not rely on the user's session to be there. Your ASP.NET worker process could recycle, restarting the application and killing all sessions, or a file could change in your website, causing your application to restart and flushing all sessions, cookies could get flushed on the client, timeouts could happen, etc.

So you have to provide for all of these scenarios with Session State. Try to avoid using session state for things like this. If you're setting access inside your session state and you don't know exactly how it works, you could be opening your site up for a lot of security risks.


Everything point to a web farm. If you have different web servers on the production environment serving your application you would experiment this behavior.

I don't find any other explanation for this "WORKS ON MY MACHINE!"


I don't have an answer for your particular problem, but Claudio my be on to something.

What I have to say is that using session for security is so 90's. Literally.

FormsAuthentication was developed to replace that technique and does quite a fine job.

You should only rely upon session for trivial concerns that are easily recoverable.

Security is not one of those.


If the session state is lost, typically that's because your process either recycles or fails. I would never "rely" on the session state between pages. Instead you might want to try to persist data between pages some other way. Perhaps passing the information via form variables or saving the data in the database.

ASP.NET Profiles are a preferred way to save this sort of information. You might want to read ASP.NET State Management Recommendations.

0

精彩评论

暂无评论...
验证码 换一张
取 消