如何在.Net C＃中处理并发会话

Question

I am working on an application where we are saving some member's (not logged in user) information in session.

That specific ID is used to take payments and do other things as well. However, when i open the two tabs of that application or two windows of that application; the member's session id mismatches. The current tab picks up the ID of the secondary tab which is opened.

I request for some guidance/help.

I am using following code:

public static object GetSessionValue(string sessionName) {
    if (HttpContext.Current.Session[sessionName] == null) {
        return null;
    } else {
        return HttpContext.Current.Session[sessionName];
    }
}

public static void SetSessionValue(string sessionName, object sessionValue) {
    HttpContext.Current.Session[sessionName] = sessionValue;
}

Answer 1

However, when i open the two tabs of that application or two windows of that application; the member's session id mismatches. The current tab picks up the ID of the secondary tab which is opened.

If you open the same website in two different tab of a browser, they share the session. It is by design.

You can replicate it. Login to bankofamerican.com, and open a new tab and paste https://secure.bankofamerica.com/transfers/funds-transfer.go Notice that you do not need to login.

However, If you paste the url in new browser window (while logging in one browser window - Must be same type of browser ), they something share the session.

Answer 2

The Session object is used to share state for a series of page loads on a given browser. This is great for storing information like what user is logged in, and what permissions the user has because it is the same human (AKA user) behind the browser for each page load.

The problem you describe is that you want two tabs of the same browser to show different states, aka if tab 1 is on the homepage, and tab2 is on the account page, you do not want tab 2 refresh to load homepage, you want it to stay on the account page. This is a page-level state, not a user-level state, and so you should not be storing your information in the Session.

If you are using WebForms (.aspx pages) to run your site, you should take a look at ViewState on MSDN . If you are using MVC, you should consider using javascript and AJAX to update the page and store the state of the pages in js variables client-side.

Answer 3

All of the tabs opened in the same browser share the same ASP session on the server side. So the general solution is to embed enough information in the web page (browser tab) itself so that a postback from it can be used to retrieve the appropriate conversation from within the shared session.

In other words, write some key value in hidden fields(s) within the page, which will be sent back as part of the postback request, to distinguish each browser tab from the others. A lot of this can be handled with judicious use of the ASP viewstate of the page. I believe you can also force the viewstate values to be be encrypted.

Alternatively, you can encode a hidden field yourself with with a random key that can be used to retrieve data you've saved in the session cache. This approach is harder to do right, though, since you have do deal with removing old (expired) keys from the session if the user closes his tabs or browser.

For example, I have a web application that shows data lists in fixed-length pages. Since I want the user to be able to open multiple lists simultaneously, each list in a separate browser tab, I embed the current paging info (page number, list number, etc.) in hidden fields in the HTML page. I then read these hidden field values on postback to resume the proper paging context for that particular browser tab that performed the postback.