Avoiding crossing sessions?

[brettr]

When a user logs into my asp.net 2.0 webapp (user1), I set productID in a session variable:
Session["ProductName"] = value from database

That value gets passed into stored procedures to match with the correct user/product. Anonymous web users can surf over to the webapp like this:

http://www.abc.com/user1

I grab user1 from the URL, look that up in the database and assign Session["ProductName"]. It works the same as above except the anonymous user has only read access. Since Session["ProductName"] already has a value for this anon user, what happens when the user does this in the same browser session but a new window/tab:

http://www.abc.com/user2

Their Session["ProductName"] is ovewritten with user2's info. I want to allow the anon user to view different URLs this way in the same browser without crossing/overwriting sessions. How can I accomodate this for the authenticated logged in user and the anon user?

Thanks.

 

[TipGiver]

A session is created (for a specified time period that the web.config says) for each of your above requests. It has to do with the browser call. Each session has its variables, so Session["ProductName"] of user1 is different from the user2. Sessions have different IDs.

Example:

>> Code in page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Response.Write("Sessions: " & Global.ASP.global_asax.ses.ToString)

    End Sub

>> Code in Global.asax

<script runat="server">
    
    Private Shared _ses As Integer = 0
    
    
    Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
        _ses += 1

    End Sub

    Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
        _ses -= 1
        
    End Sub
       
    Public Shared ReadOnly Property ses() As Integer
        Get
            Return _ses
        End Get
    End Property
    
</script>

Try running the site, close it, run it again, close it again and/or load a new page in new tab. You will see that the session numbers are increased (for the defaul 30 mins; after that sessions will begin to die).

 

[TipGiver]

Also, as you are using the 2.0, check into the Membership class (build-in) and the new Login controls.
You can although override some methods and create you custom membership, use other provider, etc.
You can also write from scratch your own Membership class.

Hope this and the previous help !

 

[brettr]

Hi TipGiver. Thanks for replying but your comments aren't really related. I know what a session is but the problem is what happens when the user opens the above two URLs in the same browser session. Then what happens if they click between the two open tabs.

I basically need to keep users in one session. If they have a tab open with the user1 URL, they are in that session. If they then open another tab and type in the user2 URL, the session reinitializes and they are in user2 session/context. That is also fine. The question mark is what happens (or how do I handle) when they go back to user1 tab and click a link. This should be rare but needs to be handled.

Keep in mind this is for anon users.

Thanks.

 

[jbenson001]

Each tab is going to have it's own session related to it. Just as if you open a new browser window. I don't believe there is anyway around this.