protected void Page_Load(object sender, EventArgs e) { IHttpUtilities httpUtilities = Esapi.HttpUtilities; httpUtilities.ChangeSessionIdentifier(); SessionIDManager manager = new SessionIDManager(); String orig = manager.GetSessionID(HttpContext.Current); if (String.IsNullOrEmpty(orig)) { string newSessionId = manager.CreateSessionID(HttpContext.Current); Session["cookie"] = newSessionId; } }
private void RegenerateSessionId() { var Context = System.Web.HttpContext.Current; System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); string newId = manager.CreateSessionID(Context); bool isAdd = false, isRedir = false; manager.SaveSessionID(Context, newId, out isRedir, out isAdd); HttpApplication ctx = Context.ApplicationInstance; HttpModuleCollection mods = ctx.Modules; System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) { store = (SessionStateStoreProviderBase)field.GetValue(ssm); } if (field.Name.Equals("_rqId")) { rqIdField = field; } if (field.Name.Equals("_rqLockId")) { rqLockIdField = field; } if (field.Name.Equals("_rqSessionStateNotFound")) { rqStateNotFoundField = field; } } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) { store.ReleaseItemExclusive(Context, oldId, lockId); } rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
private void ValidateUser(string userName, string password) { SqlConnection con = obj1.getcon(); con.Open(); SqlCommand cmd = new SqlCommand("select staff_id,staff_name,staff_role,NPstaff from staff_details where staff_id = @STAFF_id ", con); cmd.Parameters.Add(new SqlParameter("STAFF_id", userName)); SqlDataReader dr = cmd.ExecuteReader(); // bool password_valid = NPpasswordCheck_BCLS(userName,password);//NP SERVER bool password_valid = ZTpasswordCheck_BCLS(userName, password); //LOCAL SERVER if (dr.HasRows && password_valid) //if username and password is correct { // Session.Abandon(); regenerateId(); Guid guid_string_Id = System.Guid.NewGuid(); string newID = guid_string_Id.ToString(); Session["CPRactSessionCheck"] = newID; HttpCookie cookie = new HttpCookie("CPRactCookieCheck", newID); cookie.Values.Add("TRXID", (string)Session["CPRactSessionCheck"]); cookie.Values.Add("EVSS_ID", Session.SessionID); Response.Cookies.Add(cookie); // Response.Cookies["CPRactCookieCheck"].Secure = true;//We can enable secure cookie to set true(HTTPs). dr.Read(); s_id = dr[0].ToString(); s_name = dr[1].ToString(); s_role = dr[2].ToString(); if (s_role == "Guest") { Session["id"] = 01; } else if (s_role == "Instructor") { Session["id"] = 11; } else if (s_role == "Chief Instructor") { Session["id"] = 21; } else if (s_role == "Director/Asst Director")//Director/Asst Director { Session["id"] = 31; } else//there is a chnace for enter the role through sql query and misspelled { Page.ClientScript.RegisterStartupScript(this.GetType(), Guid.NewGuid().ToString(), "alert('Role assignment unsuccessful, please contact techincal support');window.location='Login.aspx';", true); return; } System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); // regenerateId(); Session["staffname"] = s_name; Session["staffid"] = s_id; Session["staffrole"] = s_role; Session["staff_password"] = password; String last_interaction_time = DateTime.Now.ToString("dd/MM/yyyy HH:mm");//TO GET THE CURRENT LOGIN TIME Session["lasttime"] = last_interaction_time; if (s_role == "Chief Instructor") { Response.Redirect("follow_up.aspx"); } else { Response.Redirect("Active_testsessiondetails.aspx"); } } else { lb_invalid.Visible = true; tb_password.Text = ""; hdnfldpassword.Value = ""; // lb_invalid.Text =" Invalid userID or Password ! "+ " HasRows in DB: "+ dr.HasRows.ToString()+" Valid LDAP: " + password_valid.ToString() ; lb_invalid.Text = " Invalid userID or Password ! "; } con.Close(); }
/// <summary> /// sigh - this fixes a f****d up issue, where previewing pages containing code writing to Session, /// will breake all subsequent page previews regardless of content. Should you obtain the wisdom as /// to what exactly is the trick here, I'd love to now. I will leave it as "well, this fix the issue /// and pass testing. Hurray for Harry Potter and magic!". Oh how I loathe doing that :( /// </summary> /// <param name="ctx">the Http context that will be shared between master and child process</param> private static void AllowChildRequestSessionAccess(HttpContext ctx) { SessionIDManager manager = new SessionIDManager(); string oldId = manager.GetSessionID(ctx); string newId = manager.CreateSessionID(ctx); bool isAdd = false, isRedir = false; manager.SaveSessionID(ctx, newId, out isRedir, out isAdd); HttpApplication ctx2 = (HttpApplication)HttpContext.Current.ApplicationInstance; HttpModuleCollection mods = ctx2.Modules; SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm); if (field.Name.Equals("_rqId")) rqIdField = field; if (field.Name.Equals("_rqLockId")) rqLockIdField = field; if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field; } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) store.ReleaseItemExclusive(ctx, oldId, lockId); rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
protected void Page_Load(object sender, EventArgs e) { System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); string name = (string)Session["staffname"]; //TO GET THE WELCOME MESSAGE if (Session["id"] == null) { Response.Redirect("Login.aspx"); } String logintime = (string)Session["lasttime"]; current_test_status = "Archived"; current_test_status2 = "Completed"; st_role = (string)Session["staffrole"]; string login_staff_id = (string)Session["staffid"]; // Code disables caching by browser. Response.Cache.SetCacheability(HttpCacheability.NoCache);// this tells the client not to cache responses in the History folder, so that when you use the back/forward buttons the client requests a new version of the response each time. Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1)); Response.Cache.SetNoStore(); login_staff_ID = (string)Session["staffname"]; if (st_role == "Instructor" || st_role == "Chief Instructor" || st_role == "Guest") { SqlConnection con9 = obj.getcon(); con9.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = con9; cmd.CommandText = "select a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,UPPER(a.chiefinstructor_name) as chiefinstructor_name ,count(b.student_id) as student_id from testsession_details a ,student_vs_testsession_details b where a.testsession_status not in(@status1, @status2) and a.testsession_id=b.testsession_id group by a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,a.chiefinstructor_name ORDER BY a.testsession_id DESC "; SqlParameter param1 = new SqlParameter("@status1", current_test_status); SqlParameter param2 = new SqlParameter("@status2", current_test_status2); cmd.Parameters.Add(param1); cmd.Parameters.Add(param2); SqlDataAdapter adapter = new SqlDataAdapter(cmd); DataSet ds = new DataSet(); adapter.Fill(ds); GridView1.DataSource = ds; GridView1.DataBind(); con9.Close(); } else if (st_role == "Director/Asst Director")//if role=Admin { SqlConnection con8 = obj.getcon(); con8.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = con8; cmd.CommandText = "select a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,UPPER(a.chiefinstructor_name) as chiefinstructor_name,count(b.student_id) as student_id from testsession_details a ,student_vs_testsession_details b where a.testsession_status<>@status1 and a.testsession_id=b.testsession_id group by a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,a.chiefinstructor_name ORDER BY a.testsession_id DESC "; SqlParameter param1 = new SqlParameter("@status1", current_test_status); cmd.Parameters.Add(param1); SqlDataAdapter adapter = new SqlDataAdapter(cmd); DataSet ds = new DataSet(); adapter.Fill(ds); GridView1.DataSource = ds; GridView1.DataBind(); con8.Close(); } }