Ciritcal Bug In ASP.NET

[Tarun Mangla]

Hi

I've created two pages. One is login.aspx and another is main.aspx. In
login.aspx there are two fields one for username and another for password.
Whenever a user enter username and password, after validations the username
is stored in the session variable and the control is redirected to the
main.aspx. In the main.aspx, just session variable value is displayed. It is
working fine.

Let us suppose, after validation the main.aspx page is displayed in one
instance of the browser. Don't close this instance. Now we just try to
access the main.aspx directly in another instance of the browser then the
session variable value is displayed blank. Thats right. Now again goto the
previous instance and place the cursor in the url and press enter. The
session variable here is also displayed blank. But if we press the refresh
button, then it displayed the user name.

I shall be very thankful if anybody helps.

Regards

Tarun Mangla

 

[Mark Fitzpatrick]

Instead of using the session variables, which can be unreliable and a bit of
work, ASP.Net has a built-in authentication system called Forms
Authentication. Instead of using Session Variables it uses cookies and
requires a lot less work then login schemes used in the original ASP.

Because this behavior is browser side, there probably won't be much you
can do to fix it. In all likelyhood, what is happening is when you go to the
page through the second browser instance it isn't picking up any session
because it is seeing it as new. When you hit refresh the browser gets the
cookies used by the original instance that contain the session id and the
web server is able to then see it as the same browser. There isn't anything
you can do to alter this, and there is nothing server-side you can do either
as you can't tell two instances apart.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Frontpage

 

[Karl]

Because something isn't understood, doesn't mean it's a critical bug, or
even just a plain'ol bug.

You might want to read:
http://blogs.msdn.com/bleroy/archive/2004/08/03/207486.aspx

You mention that you are setting a session and redirecting. If you are
aborting the thread while redirecting, the behaviour you are seeing is
normal. The workaround is fairly straightfoward:
Response.Redirect("main.aspx", FALSE)

Karl

 

[Kevin Spencer]

Bugs are often caused by programmers that make assumptions. Stating that a
problem you are having is due to a bug in Microsoft's code, rather than your
own, without knowing what caused the problem, is an assumption. It is not
based on fact, but on a guess. The fact is, you don't know why your program
isn't working as expected, as evidenced by your question posted here.

Browser instances don't share Sessions.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Greg Burns]

Browser instances don't share Sessions.

Very true, but a web browser opened via a shortcut (or Ctrl-N) does share
any pre-existing browser's instance and hence it's session.

Just thought I would throw that out there, cause it caused me lots of grief.

:^)

Greg

 

[Kevin Spencer]

Very true, but a web browser opened via a shortcut (or Ctrl-N) does share

any pre-existing browser's instance and hence it's session.

Good info, as far as I'm concerned, Gregg!

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
I get paid good money to
solve puzzles for a living