Session Question

TheMSsForum.com: The Microsoft Software Forum

Here is the process on the site before I ask the question:

User logs in
session is created based on username and userid
user edits a record in the db
a hidden field with the userid session is inserted in the db to show
who edited the record



I had a user ( mike, id -1 ) edit a record today but the userid that
got inserted was 2 ( scott ). mike doenst know scotts credentials and
scott has never used the PC that mike is using, matter of fact scott
hasnt even logged into the site today.

can someone help me figure out what might have happened so i can
correct it?
Top

Re: Session Question by Mangler

Mangler
Thu May 29 15:34:06 CDT 2008

On May 29, 4:31=A0pm, Mangler <webmas...@repairresource.com> wrote:
> Here is the process on the site before I ask the question:
>
> User logs in
> session is created based on username and userid
> user edits a record in the db
> a hidden field with the userid session is inserted in the db to show
> who edited the record
>
> I had a user ( mike, id -1 ) edit a record today but the userid that
> got inserted was 2 ( scott ). =A0mike doenst know scotts credentials and
> scott has never used the PC that mike is using, matter of fact scott
> hasnt even logged into the site today.
>
> can someone help me figure out what might have happened so i can
> correct it?

i apologize in advance, not sure why it got posted so many freaking
times.
Top

Re: Session Question by Evertjan

Evertjan
Thu May 29 16:18:18 CDT 2008

Mangler wrote on 29 mei 2008 in microsoft.public.inetserver.asp.general:

> Here is the process on the site before I ask the question:
>
> User logs in
> session is created based on username and userid
> user edits a record in the db
> a hidden field with the userid session is inserted in the db to show
> who edited the record

A session is not something that can be inserted, it is not a value.

a session variable value could be put in the database, but why put that in
a [clientside] hidden formfield? [these fields are not exactly hidden to
the user if he wants to see or manpulate it.]

If a user logs in succesfully, you can set a session variable to his
usernumber, and use that to put into the database. The user does not have
to know that number, and the number does not have to be outside the server
anyway, as the user is identified by the asp session.id.

[unless the user has even ram cookies switched off,
but then there is no session in the ASP sense.]

> I had a user ( mike, id -1 ) edit a record today but the userid that
> got inserted was 2 ( scott ). mike doenst know scotts credentials and
> scott has never used the PC that mike is using, matter of fact scott
> hasnt even logged into the site today.
>
> can someone help me figure out what might have happened so i can
> correct it?

Either you made a programming error,
[like counting from zero, and later from one],
or someone is making use of your unsafe programming.


--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Top

Re: Session Question by Anthony

Anthony
Thu May 29 16:54:50 CDT 2008

"Mangler" <webmaster@repairresource.com> wrote in message
news:1b5c61c5-327a-4ea0-9218-08459c879484@34g2000hsf.googlegroups.com...
> Here is the process on the site before I ask the question:
>
> User logs in
> session is created based on username and userid
> user edits a record in the db
> a hidden field with the userid session is inserted in the db to show
> who edited the record
>
>
>
> I had a user ( mike, id -1 ) edit a record today but the userid that
> got inserted was 2 ( scott ). mike doenst know scotts credentials and
> scott has never used the PC that mike is using, matter of fact scott
> hasnt even logged into the site today.
>
> can someone help me figure out what might have happened so i can
> correct it?

If you are using hidden fields and it sounds like you are, could it be that
one user is receiving a cached version of another users form? IOW is there
a proxy server that is common to both users?


Top

Re: Session Question by Mangler

Mangler
Fri May 30 07:16:41 CDT 2008

On May 29, 5:54=A0pm, "Anthony Jones" <A...@yadayadayada.com> wrote:
> "Mangler" <webmas...@repairresource.com> wrote in message
>
> news:1b5c61c5-327a-4ea0-9218-08459c879484@34g2000hsf.googlegroups.com...
>
>
>
>
>
> > Here is the process on the site before I ask the question:
>
> > User logs in
> > session is created based on username and userid
> > user edits a record in the db
> > a hidden field with the userid session is inserted in the db to show
> > who edited the record
>
> > I had a user ( mike, id -1 ) edit a record today but the userid that
> > got inserted was 2 ( scott ). =A0mike doenst know scotts credentials and=

> > scott has never used the PC that mike is using, matter of fact scott
> > hasnt even logged into the site today.
>
> > can someone help me figure out what might have happened so i can
> > correct it?
>
> If you are using hidden fields and it sounds like you are, could it be tha=
t
> one user is receiving a cached version of another users form? =A0IOW is th=
ere
> a proxy server that is common to both users?- Hide quoted text -
>
> - Show quoted text -

i am using a hidden field and am not sure if there is a cached version
of another users form. i tested it myself on my PC which no one else
uses and here is what happend. Mike edited something and it recorded
Scots userid, then i edited something and it recorded mikes userid.
is that the cached form your talking about? If so, how can i prevent
this?
Top

Re: Session Question by Mangler

Mangler
Fri May 30 08:21:43 CDT 2008

On May 30, 8:16=A0am, Mangler <webmas...@repairresource.com> wrote:
> On May 29, 5:54=A0pm, "Anthony Jones" <A...@yadayadayada.com> wrote:
>
>
>
>
>
> > "Mangler" <webmas...@repairresource.com> wrote in message
>
> >news:1b5c61c5-327a-4ea0-9218-08459c879484@34g2000hsf.googlegroups.com...
>
> > > Here is the process on the site before I ask the question:
>
> > > User logs in
> > > session is created based on username and userid
> > > user edits a record in the db
> > > a hidden field with the userid session is inserted in the db to show
> > > who edited the record
>
> > > I had a user ( mike, id -1 ) edit a record today but the userid that
> > > got inserted was 2 ( scott ). =A0mike doenst know scotts credentials a=
nd
> > > scott has never used the PC that mike is using, matter of fact scott
> > > hasnt even logged into the site today.
>
> > > can someone help me figure out what might have happened so i can
> > > correct it?
>
> > If you are using hidden fields and it sounds like you are, could it be t=
hat
> > one user is receiving a cached version of another users form? =A0IOW is =
there
> > a proxy server that is common to both users?- Hide quoted text -
>
> > - Show quoted text -
>
> i am using a hidden field and am not sure if there is a cached version
> of another users form. =A0i tested it myself on my PC which no one else
> uses and here is what happend. =A0Mike edited something and it recorded
> Scots userid, then i edited something and it recorded mikes userid.
> is that the cached form your talking about? =A0If so, how can i prevent
> this?- Hide quoted text -
>
> - Show quoted text -

Ok i figured out what is going on but am not sure how to correct it.
I logged in several different times under different people and went to
the page to do an edit. the hidden field is always holding the userid
of the last person that went there. Any suggestions on how to prevent
this?
Top

Re: Session Question by Mangler

Mangler
Fri May 30 08:44:13 CDT 2008

On May 29, 5:54=A0pm, "Anthony Jones" <A...@yadayadayada.com> wrote:
> "Mangler" <webmas...@repairresource.com> wrote in message
>
> news:1b5c61c5-327a-4ea0-9218-08459c879484@34g2000hsf.googlegroups.com...
>
>
>
>
>
> > Here is the process on the site before I ask the question:
>
> > User logs in
> > session is created based on username and userid
> > user edits a record in the db
> > a hidden field with the userid session is inserted in the db to show
> > who edited the record
>
> > I had a user ( mike, id -1 ) edit a record today but the userid that
> > got inserted was 2 ( scott ). =A0mike doenst know scotts credentials and=

> > scott has never used the PC that mike is using, matter of fact scott
> > hasnt even logged into the site today.
>
> > can someone help me figure out what might have happened so i can
> > correct it?
>
> If you are using hidden fields and it sounds like you are, could it be tha=
t
> one user is receiving a cached version of another users form? =A0IOW is th=
ere
> a proxy server that is common to both users?- Hide quoted text -
>
> - Show quoted text -

This is weird, it only happens on this one page. I have several other
pages that edit other parts of the DB and it has the same tracking
feature, identical the only difference being that the other pages work
fine. It even does it locally on my machine.
Top

Re: Session Question by Anthony

Anthony
Sat May 31 08:36:40 CDT 2008


"Mangler" <webmaster@repairresource.com> wrote in message
news:8dcd11a1-8eea-447d-8c4f-75b8b3cf4ae5@a1g2000hsb.googlegroups.com...
On May 30, 8:16 am, Mangler <webmas...@repairresource.com> wrote:
> On May 29, 5:54 pm, "Anthony Jones" <A...@yadayadayada.com> wrote:
>
>
>Ok i figured out what is going on but am not sure how to correct it.
>I logged in several different times under different people and went to
>the page to do an edit. the hidden field is always holding the userid
>of the last person that went there. Any suggestions on how to prevent
>this?
>

Tweak you program logic so that it doesn't send th last userID in the hidden
field?

--
Anthony Jones - MVP ASP/ASP.NET


Top