Problem with unique session variables

Newton · Jul 22, 2003

Hi,

I got here the following problem. I am programming
web application for examing students.
After student will log on I need to keep his ID,
Privileges, Login, Password for manipulating with other
functions. All these information I will keep by

Session["ID"] = "2"
Session["Privileges"] = "Student"

and so on...
But my problem is, when later will log on teacher in
Session["Privileges"] will be "Teacher". It will be
replaced, so student will receive privileges of teacher.
And that is my problem. I heard that it is neccessary to
create unique ID for session.
I am working in ASP.NET with C# and there is
possibility to create this ID with method
Session.SessionID() but I dont know how to use it, how
those session variables can be different...

Is anybody here, who can show me some easy example how
to solve my problem?
Please. Thank you very much...

Newton

S. Justin Gengo · Jul 22, 2003

Newton,

Session variables are unique by nature.

Unless the teacher and the student log on to the exact same machine (and for
that matter without closing the browser windows) the Session["Privileges"]
variables will be tracked seperately for each user.

You shouldn't have a problem using the Session variable as is.

I hope this is good news!

--
S. Justin Gengo, MCP
Web Developer

Free code library at:
www.aboutfortunate.com

"Out of chaos comes order."
Nietzche

Bill Richardson · Jul 22, 2003

-----Original Message-----
Hi,

I got here the following problem. I am programming
web application for examing students.
After student will log on I need to keep his ID,
Privileges, Login, Password for manipulating with other
functions. All these information I will keep by

Session["ID"] = "2"
Session["Privileges"] = "Student"

and so on...
But my problem is, when later will log on teacher in
Session["Privileges"] will be "Teacher". It will be
replaced, so student will receive privileges of teacher.
And that is my problem. I heard that it is neccessary to
create unique ID for session.
I am working in ASP.NET with C# and there is
possibility to create this ID with method
Session.SessionID() but I dont know how to use it, how
those session variables can be different...

Is anybody here, who can show me some easy example how
to solve my problem?
Please. Thank you very much...

Newton

.

..Net will create the unique ID automatically.

In machine.config, set the

<sessionState mode=

setting to "InProc" (unless you have a web farm, then
you'll need to use a StateServer or SQLServer to maintain
session state). Also set the appropriate session timeout
(in minutes) in the same line. This will timeout the
session within the set number of minutes of INACTIVITY.

Then provide the user with a way to logout, which should
call Session.Abandon to log out of the current session.

Finally, at the top of each page, check Session
["Privileges"], and if not set, redirect to the login page.

That should allow you timeout users, and allow them to log
themselves out.

Bill Richardson
Proflowers.com

Newton · Jul 23, 2003

Hi,
believe me... they are not unique by nature... I started
internet explorer with my application and logged on as a
student, clicked the button and this application shown me
that student has logged on. Then i opened another
explorer and logged on as a teacher, clicked the button
and application shown me that teacher has logged on. Then
I returned to that explorer where student has logged on,
clicked the button and it shown me, that teacher has
logged on, so the session variable was overwritten.

Believe me... theyu are not unique by nature...

S. Justin Gengo · Jul 23, 2003

Newton,

Was this on the same machine? Sessions are unique to the machine not to each
browser window...

If this was on the same machine then you are getting the behaviour this was
designed to produce.

--
S. Justin Gengo, MCP
Web Developer

Free code library at:
www.aboutfortunate.com

"Out of chaos comes order."
Nietzche

Newton said:
Hi,
believe me... they are not unique by nature... I started
internet explorer with my application and logged on as a
student, clicked the button and this application shown me
that student has logged on. Then i opened another
explorer and logged on as a teacher, clicked the button
and application shown me that teacher has logged on. Then
I returned to that explorer where student has logged on,
clicked the button and it shown me, that teacher has
logged on, so the session variable was overwritten.

Believe me... theyu are not unique by nature...

-----Original Message-----
Newton,

Session variables are unique by nature.

Unless the teacher and the student log on to the exact same machine (and for
that matter without closing the browser windows) the Session["Privileges"]
variables will be tracked seperately for each user.

You shouldn't have a problem using the Session variable as is.

I hope this is good news!

--
S. Justin Gengo, MCP
Web Developer

Free code library at:
www.aboutfortunate.com

"Out of chaos comes order."
Nietzche

Click to expand...