Managing the user state

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

5/3/2011 9:52:16 AM

Magnetic_dud

Total Posts 251

View Posts

Managing the user state

I am coding a language learning module for my mojoportal-based iphone-optimized website (work in progress, english resources are not fully translated: http://ilearn.dandandin.it/kanatrainer.aspx)

It's a simple "guess how to read this" game, with the right answer stored in a Session object.

I don't understand why, but, expecially using Safari, users will get someone else's Session value

I tried to debug it, but this never happens to me, so I think that the Session object it's not the right approach. What do you suggest me to pass the variables between the postbacks?

An hidden field? A ViewState?

Otherwise I am thinking about storing that temporary data in the database, using the user guid as index. Is this a better approach? But, what about guests? Maybe I could restrict that module only to registered users.

5/3/2011 11:14:35 AM

Joe Audette

Total Posts 18439

View Posts

Re: Managing the user state

I don't really see how it is possible for a browser to have any way to get a different user's session variables. Session variables are server side objects linked by a session cookie and each user will have a different session cookie and therefore different session. The session variables for different users could have the same value, but unless it is somehow stealing another user's session cookie I don't see how it could be a correct diagnosis to conclude that session state is shared across users and I don't see how the web browser would be able to do that accidentally nor intentionally. Maybe using something like Firesheep on an unsecured network request it might be possible to steal a session cookie from another user, but I don't see how it can happen naturally.

Hope that helps,

Joe

5/5/2011 5:42:59 PM

Magnetic_dud

Total Posts 251

View Posts

Re: Managing the user state

I am puzzled, because when i debug in visual studio (also when debugging with iis), i try with multiple contemporaneous requests from different browsers, and this does not happen. I go live with IIS, and i get the exchange between the values.

I'll link the value to the userguid

5/5/2011 5:55:54 PM

Joe Audette

Total Posts 18439

View Posts

Re: Managing the user state

You should probably post some relevant snippets of your code, especially how (and where ie in what event, in the page lifecycle) you are getting and setting the object/variable from session state. Without seeing your code it is not easy to help.

Remember that for unauthenticated users the user guid probably would always be an empty guid so it would be the same for all unauthenticated sessions. You don't really need to "link" it to anything session is already unique per user/browser/machine in ASP.NET, or more correctly it is unique to a session id associated with a unique per session session cookie as I said before.

Best,

Joe

5/6/2011 1:51:25 AM

Magnetic_dud

Total Posts 251

View Posts

Re: Managing the user state

This is an excerpt from the code (i removed some stuff, translated the variables)

protected void Page_Load(object sender, EventArgs e)

{
if (!Page.IsPostBack)
            {
...
            generateRandom();
}
        }

        protected void generateRandom()
        {
            int i, j = 0, livello = 5, chance = 0;
            System.Random acaso = new Random();
...
            while (j <= 0)
            {
                j = acaso.Next((Convert.ToInt32(TextBoxlunghezza.Text) + 1));
            }
...
            for (int k = 0; k < j; k++)
            {
                i = acaso.Next(livello);
                Session["randomLetters"] += (globals.asianCharacters[i]);
                ...
            }
...
        }

        protected void AnswerButton_Click(object sender, EventArgs e)
        {
            string compare = Server.HtmlEncode(InputTextBox.Text.ToLower());
            if (compare == "")
            {
                Label1.Text = ("You did not write anything");
                return;
            }
            if (Session["randomLetters"].ToString() != compare)
            {
                Label1.Text = ("Wrong!" + Session["randomLetters"]);
            }
            else
            {
                Label1.Text = ("Right!" + Session["randomLetters"]);
            }
...
        }

What happens in visual studio, with every browser:

randomLetters is "hello". User writes "hello" in the textbox, and "hello" is compared to "hello". Label says "Right! hello".

What happens in iis, only in webkit-based browsers:

randomLetters is "hello". User writes "hello" in the textbox, but "hello" is compared to "goodbye". Label says "Wrong! goodbye".

I don't understand how Session["randomLetters"] has changed

You must sign in to post in the forums. This thread is closed to new posts.