Session object

[Guest]

I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only their
data at any time, therefore I am using session to hold the classes. Currently
I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on others,
causing errors and security risk.
Any help would be great, thanks in advance
jsale

 

[Karl Seguin]

JSale,
With the little bit you've given us, I'd have to assume something might be
wrong with your XProject. Sessions are per-user...nothing special needs
to happen for this to be true. Therefore, I'd say the problem is that *you*
are putting other people's data into other people's session - maybe via some
complex referencing.

Not too sure what you are getting with Session("XProject") = XProject...at
some point you obviously have ot create the session object. But when you
subsequently get the object, it's a reference and you therefore don't need
to keep updating Session.

Karl

 

[John Saunders]

I have an asp.net application that uses classes to store data between the
user interface and the SQL Server database. Each user needs to see only
their
data at any time, therefore I am using session to hold the classes.
Currently
I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to other
users if they are executing code at the same time, do i need to put a:
Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write data
correctly, but from time to time, when a few users are using the web
application, data can be saved on one users' project and be seen on
others,
causing errors and security risk.

If you never put the object anywhere other than in Session, then you should
not see it leak to other users. This should only be happening if the object
(or pieces of it) is stored in a Shared variable, a global variable in a
Module, or in Application state.

Look around your code for things like these (especially modules). I usually
recommend that all modules should be replaced with Classes, and this is one
of the reasons.

John Saunders

 

[Hans Kesting]

I have an asp.net application that uses classes to store data between
the user interface and the SQL Server database. Each user needs to
see only their data at any time, therefore I am using session to hold
the classes. Currently I use this on page load:
XProject = Session("XProject")
where XProject is the class I require to be at session level.
My question is, for this to be correct, and to stop data leaking to
other users if they are executing code at the same time, do i need to
put a: Session("XProject") = XProject
before redirecting to other pages in the site?
I'm still quite new to session and my site appears to read and write
data correctly, but from time to time, when a few users are using the
web application, data can be saved on one users' project and be seen
on others, causing errors and security risk.
Any help would be great, thanks in advance
jsale

What is stored in the Session is just a *reference* to your instanced class.
After you have updated the values in the referenced instance you don't
need to "put it back" in the session. That stored reference is still valid,
it now points to data that has been modified.

If data is "leaking" to other users, the problem should be somewhere else
(Application object? Cache? Database?)

Hans Kesting

 

[Kevin Spencer]

Session is a memory space that is global to all pages of a given client
(user), but only to that client machine. As a memory space, it is only
necessary to put data into Session one time, unless the Session times out
(Sessions time out after 20 min. of inactivity).

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Neither a follower
nor a lender be.