Session ID is in Use?

[xenophon]

I am using cookieless Sessions. Sometimes an IE user will bookmark my
page, so they will have for example
"http://mysite.com/(aaaaaaaa)/page.aspx" in their bookmarks.

When they return to that bookmark, I want to detect if the Session ID
"aaaaaaaa" is already in use, and if it is then take some action.

Do I need an HTTP Module for this, or can I trap in a Global.Asax
event?

Thanks.

 

[Brock Allen]

You can handle the Session_Start event in global.asax to get notified when
a session is new.

-Brock
DevelopMentor
http://staff.develop.com/ballen

 

[Steven Cheng[MSFT]]

Thanks for Brock's suggestion.

Hi Xenophon,

As for cookieless session. If your page's url is bookmarked at clientside.
When the user revisit that page through the bookmark, the following things
may happen:'
1. If the sessionID id not exists, Session_Start will fire and the client
will occupy this sessionid.

2. If the sessionID already exists, no event will fire, the asp.net runtime
just display the page according to the session of that ID. ASP.NET has no
idea of whether the ID is from the actual user or a former user with the
same sessionID (stored in browser's favorate foler).

So it is possbile that cookieless session may cause one user's Session be
shared by another one. Though we can get SessionId value from url string in
httpmodule or global event, however, we can't determine whether the
sessionid is from the correct client or not. That's one of the existing
limit of cookieless session.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)