1

Regarding a clock in/out site. When user A logs in it shows his check in/outs. then user B logs in. When A refreshes the page, he gets B's Check in/outs.
I am probably doing this wrong because iam storing the username in a public variable when ever the user logs in server side, c#, too check for a lot of other permissions on the site, through different pages. 

   if (publiclasses.isValid == true)
     {
        publiclasses.unilogin = UserNametextbox.Text.ToString();
        publiclasses.Checkifmissinglogout();
        Response.Redirect("checkin.aspx");
     }

How do i save the user in a different way that always keeps it "unique" and not just overrides the old one stored?

Improve this question
2
  • Could you show more code, of your login and of your data retrieving. this is not enough code to see what goes wrong. Where do you store your data? (In session, localstorage in database?) Commented Dec 21, 2016 at 7:46
  • Try using cookie or session for multiple users. Better use session that will handle users easily. I can't see anything like that in your code. Commented Dec 21, 2016 at 7:54

2 Answers 2

Reset to default
2

Using a public variable will be shared across all user sessions and it introduces concurrency issues, all of this assuming it is static.

To separate it, you have to use sessions.

ex:

    Session["unilogin"] = UserNametextbox.Text.ToString();

You have to make sure you use the session variable in any piece of code you reference the current public variable

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You need to implement some kind if identity for your users. There are loads of ways to do this, but it depends on the exact ASP.NET variant which will be best for you. Most web applications use cookies for this.

Basically when user A signs in they get a cookie that says they are A. Every subsequent request they make will have that cookie attached and you can get which user they are from it.

At its very simplest this is very easy:

// In sign in POST back
Response.Cookies.Append("user", username);

// In further pages:
string username = Request.Cookies["user"];

However, this will make it very easy for B to pretend to be A - it isn't secure. The built in .NET methods will create an encrypted cookie that's much more secure.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.