Home Library Learn Samples Downloads Support Community Forums
Microsoft Developer Network >
Cached session state values remain when using different login?

已答复 Cached session state values remain when using different login?

  • 7 aprilie 2012 01:12
     
     
    Sign in pentru a vota
    0

    Hi I am having an issue with Cached session state. I have an mvc3 app with standard asp.net forms authentication hosted in a webrole (2 instances) which uses app fabric caching to store session values.  Everything is fine from a single users standpoint; however, if I log out of UserA and log in with UserB the values for specific Session variables is the same.

    Example:

    1. I log in as UserA and set Session["SomeValue"] = "Hello There".

    2. I Log out of UserA and close the browser. I open a new browser and log in as UserB. I then read Session["SomeValue"] and it reads "Hello There".

    Is this the expected behavior? I assumed a new user would have his/her own session. I thought session caching was more for a single user vs many roles rather than many users across many roles.

     

Toate mesajele

  • 8 aprilie 2012 16:02
    Moderator
     
     
    Sign in pentru a vota
    0

    Hi,

    I would like to know whether you have stored a user related value in a Session variable, for example, if you store a value like this:

    string username = this.txbUserName.Text;

    Session["UserName"] = username;

    Then, you will see different values when you use different users' accounts to login your web application.

    However, if you only store a same value as you mentioned:

    Session["SomeValue"] = "Hello There";

    Then, you'll see the same session value whether you login your web application using whatever user's account.

      >> I Log out of UserA and close the browser. I open a new browser and log in as UserB. I then read Session["SomeValue"] and it reads "Hello There".

    As a matter of fatct that a new browser will open a new session, I would like to suggest you to check http://msdn.microsoft.com/en-us/library/ms178582(v=vs.85).aspx for more information about Session Identifiers.

    Best Regards,

    Ming Xu.

    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework

     
  • 8 aprilie 2012 18:07
     
      Are cod
    Sign in pentru a vota
    0

    Hi I want to make sure I am clear about how this session value is set and how this session value is read.

    Its a very simple webpage which just contains a button and a text box.  When first navigating to this page a get request is made which checks if Session["SomeValue"] exists. If it exists then i set the textbox with this value. Otherwise, it gets a default value of "random default value".

    public ActionResult Index()
{
if(Session["SomeValue"]==null)
	Session["SomeValue"]="random default value";
ViewBag.Message=Session["SomeValue"];

return view();
}

    Once the page loads a user has the option of changing the value in the textbox. If a user changes the value in the textbox to say "Hello There" and submits the form a put is called which sets the Session["Somevalue"] to this new value. Ie. Session["Somevalue"]="Hello There".

    My "Problem" is that UserA has submitted "Hello There" then closes the browser.  When UserB logs in and this same page loads they are getting "Hello There" and not "random default value".  The only place "Hello There" could have come from is the Session["SomeValue"], which means they have shared the same session. I guess I am wondering if this is the expected behavior.

    Note: if i open a different type of browser (Ie. firefox) for UserB this behavior isn't seen.

    Thanks for your response.

     
  • 10 aprilie 2012 01:26
    Moderator
     
     
    Sign in pentru a vota
    0

    Hi,

    Are the UserA/UserB Windows User or the users of the MVC3 application? The behavior seems normal to me as ASP.NET session has no relationship with the login user, which is Forms Authentication specific. The session value is related with session id, which is sent by browser either via URL or via browser cookie. You can learn more from:

    http://msdn.microsoft.com/en-us/library/ms178582.aspx

    To store different value for different ASP.NET users you may need user profile:

    http://msdn.microsoft.com/en-us/magazine/cc163724.aspx

    Allen Chen [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.





     
  • 10 aprilie 2012 13:17
     
     Răspuns
    Sign in pentru a vota
    0

    UserA and UserB are both the same windows user. They are only different login users.  It looks like i can "Abandon" a session, which might solve my problem.

     
© 2013 Microsoft. All rights reserved.