Session not set.

[ywz]

Hi All,


I built a web application using cookieless session. It merely checks
for the session variable value upon login. This method works fine on
the host pc.
However, when i try to access the application via another pc in the
network, the login page redirects to itself even though the correct
passwd and usename is entered. I did a response.write and realise that
the value of the session variable is not set. How can i solve this
prob?


Any Help is greatly appreciated.
Tks...ywz

 

[Guest]

On the other thread, you have an answer about this problem:

Session["loggedIn"] = true;
Response.Redirect("redirectedPage.aspx");

If so, it will never work properly, as the session cookie is never set. In
order to set, you have to send info to the client. The redirect bombs that.

I do not, however, think that this is your problem, as you state the app
works on one box. This means there is something different in configuration
between the servers. You can search high and low, but your architecture is
also a problem.

Checking Session("var") for login is an ASP model, not ASPX. It is not wise
to keep this sort of architecture in ASP.NET. The proper model is to set up a
Principle object and use it for Identity. If the current ASP.NET mechanism
does not work for you, you will have to set up a custom provider.

In ASP.NET, the correct model is to set up a form and use Forms
authentication. If you TRULY want cookieless (setting session vars is not
cookieless, BTW), you set a value in the config file and allow it to add
session ID to the URL. In most cases, turning off cookies does not turn off
session cookies (difference between user and server cookies), so there is
little danger, but you can allow the munging.

The benefit of this system is you can follow the .NET model 100% and allow
the Framework to handle your authentication needs, rather than rewrite
ASP.NET to look like ASP.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[Wessel Troost]

Session["loggedIn"] = true;

Response.Redirect("redirectedPage.aspx");

If so, it will never work properly, as the session cookie is never set.
In order to set, you have to send info to the client. The redirect bombs
that.

The redirect doesn't seem to bomb the session at all. The redirect is
actually an answer to the client, and the redirect can contain a session
cookie. The above code worked fine in a test.

It even works when you use Server.Transfer. The Session object is
filled on the server, and the page you are transferring to will set the
cookie.

Greetings,
Wessel

 

[wz y]

Hi,
tks for ur replies. So i presume wat i did was totally wrong by merely
testing the session variable :

'login.aspx
Sub LoginBtn_Click(Sender As Object, E As EventArgs)
Session("login_status") = 0
If Page.IsValid Then
If (UserName.Text = "userid") And (UserPass.Text = "password") Then
FormsAuthentication.RedirectFromLoginPage(UserName.Text, true)
Session("login_status") = 1
Response.redirect("main.aspx")
Else
Msg.Text = "Invalid Credentials: Please try again"
End If
End If
End Sub

'main.aspx
Sub Page_Load
If Session("login_status") = 1 then
'apparently this condition is not met when running app on other pc in
the network; hence kept redirecting to rest of code for page login.aspx

If not page.IsPostBack
End If
Else
Response.redirect("Login.aspx")
End If
End Sub

Can someone point out where there error lies and how come it works on
the host pc but doesn't work on others? Tks again

ywz