Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I put an ASP.Net session ID in a hidden form field?

Tags:

People also ask

Where are sessions stored C#?

StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.

How can use session state in ASP.NET c# with example?

Login. Design login page as show below screen and write below c# code on login button click events. First check username and password values, if it is right then assign username value to session[“uname”] and send user to Main. aspx page using response. redirect.

Where is session stored in ASP NET MVC?

Whether you store some data values with in the session or not Asp.Net MVC must manage the session state for all the controllers in your application that is time consuming. Since, session is stored on server side and consumes server memory, hence it also affect your application performance.


I'm using the Yahoo Uploader, part of the Yahoo UI Library, on my ASP.Net website to allow users to upload files. For those unfamiliar, the uploader works by using a Flash applet to give me more control over the FileOpen dialog. I can specify a filter for file types, allow multiple files to be selected, etc. It's great, but it has the following documented limitation:

Because of a known Flash bug, the Uploader running in Firefox in Windows does not send the correct cookies with the upload; instead of sending Firefox cookies, it sends Internet Explorer’s cookies for the respective domain. As a workaround, we suggest either using a cookieless upload method or appending document.cookie to the upload request.

So, if a user is using Firefox, I can't rely on cookies to persist their session when they upload a file. I need their session because I need to know who they are! As a workaround, I'm using the Application object thusly:

Guid UploadID = Guid.NewGuid();
Application.Add(Guid.ToString(), User);

So, I'm creating a unique ID and using it as a key to store the Page.User object in the Application scope. I include that ID as a variable in the POST when the file is uploaded. Then, in the handler that accepts the file upload, I grab the User object thusly:

IPrincipal User = (IPrincipal)Application[Request.Form["uploadid"]];

This actually works, but it has two glaring drawbacks:

  • If IIS, the app pool, or even just the application is restarted between the time the user visits the upload page, and actually uploads a file, their "uploadid" is deleted from application scope and the upload fails because I can't authenticate them.

  • If I ever scale to a web farm (possibly even a web garden) scenario, this will completely break. I might not be worried, except I do plan on scaling this app in the future.

Does anyone have a better way? Is there a way for me to pass the actual ASP.Net session ID in a POST variable, then use that ID at the other end to retrieve the session?

I know I can get the session ID through Session.SessionID, and I know how to use YUI to post it to the next page. What I don't know is how to use that SessionID to grab the session from the state server.

Yes, I'm using a state server to store the sessions, so they persist application/IIS restarts, and will work in a web farm scenario.