how to avoid session value interchange when login with different users

Question

0.00/5 (No votes)

See more:

Dear Friends,

I am using VS 2008,C#,asp.net,dev express 11
I have a web application.which has a session which contain the logined user's name.
Which is stored when login to the application in login page.

When users are logined concurrently, the label ( shows the username) is getting swapped.
The label is assigned the session value of logined user name.

How to avoid session overlap?
That means The label should show the name of the logined user when logined with different user names concurrently

Thanks in advance
george

Posted 24-Jun-14 1:54am

george@84

Updated 24-Jun-14 1:58am

v3

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Nathan Minier · Answer 1 · 2014-06-24T02:24:00

Solution 1

Sessions shouldn't overlap as long as they are being tracked appropriately. If this is occurring, there is one of 2 likelihoods:
1. The name is not being stored to the session, but is being stored as a static variable (or in the application state, or cached etc). Moving the name to the HttpContext.Current.Session["userName"] variable should resolve the issue.

2. It's possible that session handling has been modified in the application to a system that is collision-prone. Check the global.asax and make sure that session logic hasn't been modified.

Posted 24-Jun-14 2:24am

Nathan Minier

Comments

george@84 26-Jun-14 8:32am

Dear Friends,

I assigned values to session when login to a page like the following.

Session["PSFusrCode"] = DSUSERLEVEl.Tables[0].Rows[0]["usrCode"].ToString();

Session.Add("Module", Convert.ToString(Session["Module"]));

Session["PSFUserType"] = DSUSERLEVEl.Tables[0].Rows[0]["ulName"].ToString();
Session["PSFUName"] = DSUSERLEVEl.Tables[0].Rows[0]["usrName"].ToString();

Session["PSFOutlet"] = DSUSERLEVEl.Tables[0].Rows[0]["usrOutlet"].ToString();

Nathan Minier 26-Jun-14 8:53am

You data access schema is a bit odd. Can you show your data source code without the connection string?

Also:
Session.Add("Module", Convert.ToString(Session["Module"]));
Why?

george@84 1-Jul-14 7:22am

DataSet DS = new DataSet();

DataSet DSUSERLEVEl = new DataSet();
DataSet DSUSERLEVElOUTLET = new DataSet();

DSUSERLEVEl = objLogin.getPSFLogin(txtUserName.Text.Trim(), txtPassword.Text.Trim());

if (DSUSERLEVEl.Tables.Count > 0)
{

Session["PSFusrCode"] = DSUSERLEVEl.Tables[0].Rows[0]["usrCode"].ToString();

Session.Add("Module", Convert.ToString(Session["Module"]));

Session["PSFUserType"] = DSUSERLEVEl.Tables[0].Rows[0]["ulName"].ToString();
Session["PSFUName"] = DSUSERLEVEl.Tables[0].Rows[0]["usrName"].ToString();

Session["PSFOutlet"] = DSUSERLEVEl.Tables[0].Rows[0]["usrOutlet"].ToString();

Response.Redirect("PSFDashBoard.aspx");
}
public DataSet getPSFLogin(string username, string password)
{
return objUserlevel.getPSFLogin(username, password);
}
public DataSet getPSFLogin(string usr, string pwd)
{
List<sqlparameter> param = new List<sqlparameter>();

param.Add(new SqlParameter("@USERNAME", usr));
param.Add(new SqlParameter("@PASSWORD", pwd));
return DBFUNCTIONS.FILL_DATASET_FROM_SP("USP_INS_GET_PSF_LOGIN", param);
}

Awadhendra Tripathi · Answer 2 · 2014-06-24T02:31:00

Solution 2

First check your code in your system bcose of alyas session are unique in every login so there is not any case to swap the values,
The Rule for session is:

Session is conman for hole application but different for every users.

Posted 24-Jun-14 2:31am

Awadhendra Tripathi

Comments

george@84 1-Jul-14 7:25am

the following is the code
DataSet DS = new DataSet();

DataSet DSUSERLEVEl = new DataSet();
DataSet DSUSERLEVElOUTLET = new DataSet();

DSUSERLEVEl = objLogin.getPSFLogin(txtUserName.Text.Trim(), txtPassword.Text.Trim());

if (DSUSERLEVEl.Tables.Count > 0)
{

Session["PSFusrCode"] = DSUSERLEVEl.Tables[0].Rows[0]["usrCode"].ToString();

Session.Add("Module", Convert.ToString(Session["Module"]));

Session["PSFUserType"] = DSUSERLEVEl.Tables[0].Rows[0]["ulName"].ToString();
Session["PSFUName"] = DSUSERLEVEl.Tables[0].Rows[0]["usrName"].ToString();

Session["PSFOutlet"] = DSUSERLEVEl.Tables[0].Rows[0]["usrOutlet"].ToString();

Response.Redirect("PSFDashBoard.aspx");
}
public DataSet getPSFLogin(string username, string password)
{
return objUserlevel.getPSFLogin(username, password);
}
public DataSet getPSFLogin(string usr, string pwd)
{
List param = new List();

param.Add(new SqlParameter("@USERNAME", usr));
param.Add(new SqlParameter("@PASSWORD", pwd));
return DBFUNCTIONS.FILL_DATASET_FROM_SP("USP_INS_GET_PSF_LOGIN", param);
}