I'd like to maintain a session state per browser tab.
Is this easy (or even possible) to do in ASP.NET?
Example: A user hits Ctrl-T in firefox 5 times and visits the site in each tab. I'd like each tab to have its own session state on the server
Add a comment
|
3 Answers
To facilitate multi-tab session states for one user without cluttering up the URL, do the following.
In your form load function, include:
If Not IsPostback Then
'Generate a new PageiD'
ViewState("_PageID") = (New Random()).Next().ToString()
End If
When you save something to your Session State, include the PageID:
Session(ViewState("_PageID").ToString() & "CheckBoxes") = D
Notes:
- As with session ID's in general, you cannot trust that malicious viewers will not change the SessionID / PageID. This is only a valid solution for an environment where all users can be trusted. Fortunately, ViewState does offer more protection than using a hidden input field.
- You will not have access to the PageID until the ViewState is restored upon PostBack. Therefore, you will not have access to the PageID in the page_init() handler.
7 Comments
pwdst
For devs using ASP.NET web forms, you can get a degree of protection from malicious users tampering with the PageID by using ViewState rather than a native HTML hidden field. By default ViewState is hashed with the server machine key and ASP.NET throws an exception if the posted data is not a valid hash. If the Session ID is tampered with this would typically cause a new session to be created when the next data is written to it as the existing session would be invalid - attempts to recall existing data would result in null reference exceptions. Could check for these or IsNewSession property.
Brian Webster
@pwdst Excellent point, I will adjust the solution to match! Thank you
pwdst
This is an excellent solution to a question that I had to deal with this week for data integrity at work. Users were opening second tabs and then returning to update the record held in the first tab, with of course session data associated with the second record. I used a variant of this solution to prevent incorrect updates on the wrong record.
Morcilla de Arroz
Maybe could be better (or additionally) using hiddenfields, in order to make javascript access simplier (for example if you have to send values to a WebMethod, and so on), isn't it?
Dinav Ahire
the name 'ViewState' does not exists in current context. is the error showing @GeorgeWBush
|
<configuration>
<system.web>
<sessionState cookieless="true"
regenerateExpiredSessionId="true" />
</system.web>
</configuration>
http://msdn.microsoft.com/en-us/library/ms178581.aspx
in this case each tab will get unique ID and it will looks like it is another visitor.
7 Comments
ErTR
cookieless="true" is really needed?
zerkms
@Ertürk Öztürk: the question sounds "I'd like to maintain a session state per browser tab.". All browser instances share the same cookies.
ErTR
@zerkms I'm okay with cookieless but I need to set it dynamically on page load. Unfortunately it's read-only.
zerkms
@ErtürkÖztürk my advice would be to ask a separate question if you have one.
MyNameIsKo
Note: This will not work if a user copies the URL from one tab and pastes it into another. Since the session is based on a key within the URL, both tabs will now be using the same session.
|
Using Brian Webster's answer I found a problem with XMLHttpRequests. It turned out, XMLHttpRequests did not set the IsPostback flag to true and therefore the request looked like a new request and one would end up having a new session state for that request. To solve that problem I also checked the value of the ViewState("_PageID")
so that my code looks like this in C#:
protected dynamic sessionVar; //a copy of the session variable
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack && ViewState["_PageID"] == null)
{
ViewState["_PageID"] = (new Random()).Next().ToString();
Session[ViewState["_PageID"] + "sessionVar"] = initSessionVar(); //this function should initialize the session variable
}
sessionVar = Session[ViewState["_PageID"] + "sessionVar"];
//...
}
