/// <inheritdoc cref="Owasp.Esapi.Interfaces.IHttpUtilities.ChangeSessionIdentifier()" /> public void ChangeSessionIdentifier() { SessionIDManager manager = new SessionIDManager(); string newSessionId = manager.CreateSessionID(HttpContext.Current); bool redirected = false; bool IsAdded = false; manager.SaveSessionID(HttpContext.Current, newSessionId, out redirected, out IsAdded); }
protected void Session_Start(Object sender, EventArgs e) { SessionIDManager manager = new SessionIDManager(); string newSessionId = manager.CreateSessionID(HttpContext.Current); var ckSession = new HttpCookie("omg-session"); ckSession.Value = newSessionId; HttpContext.Current.Response.Cookies.Add(ckSession); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); if(filterContext.HttpContext.Session["SessionID"] == null) { SessionIDManager mgr = new SessionIDManager(); string sessionID = mgr.CreateSessionID(HttpContext.Current); filterContext.HttpContext.Session.Timeout = 30; filterContext.HttpContext.Session["SessionID"] = sessionID; } }
protected void Page_Load(object sender, EventArgs e) { IHttpUtilities httpUtilities = Esapi.HttpUtilities; httpUtilities.ChangeSessionIdentifier(); SessionIDManager manager = new SessionIDManager(); String orig = manager.GetSessionID(HttpContext.Current); if (String.IsNullOrEmpty(orig)) { string newSessionId = manager.CreateSessionID(HttpContext.Current); Session["cookie"] = newSessionId; } }
protected string _AbandonSession() { Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); SessionIDManager sessionManager = new SessionIDManager(); string sID = sessionManager.CreateSessionID(System.Web.HttpContext.Current); bool redirected = false; bool cookieAdded = false; sessionManager.SaveSessionID(System.Web.HttpContext.Current, sID, out redirected, out cookieAdded); return sID; }
private void RegenerateSessionId() { var Context = System.Web.HttpContext.Current; System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); string newId = manager.CreateSessionID(Context); bool isAdd = false, isRedir = false; manager.SaveSessionID(Context, newId, out isRedir, out isAdd); HttpApplication ctx = Context.ApplicationInstance; HttpModuleCollection mods = ctx.Modules; System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) { store = (SessionStateStoreProviderBase)field.GetValue(ssm); } if (field.Name.Equals("_rqId")) { rqIdField = field; } if (field.Name.Equals("_rqLockId")) { rqLockIdField = field; } if (field.Name.Equals("_rqSessionStateNotFound")) { rqStateNotFoundField = field; } } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) { store.ReleaseItemExclusive(Context, oldId, lockId); } rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string NewID = Manager.CreateSessionID(Context); bool redirected = false; bool IsAdded = false; Manager.SaveSessionID(Context, NewID, out redirected, out IsAdded); this.UsuarioL.Focus(); Session.Abandon(); UsuarioL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')"); ContrasenaL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')"); } }
private ISessionIDManager InitSessionIDManager(SessionStateSection config) { ISessionIDManager manager; string sessionIDManagerType = config.SessionIDManagerType; if (string.IsNullOrEmpty(sessionIDManagerType)) { manager = new SessionIDManager(); this._usingAspnetSessionIdManager = true; } else { Type type = ConfigUtil.GetType(sessionIDManagerType, "sessionIDManagerType", config); ConfigUtil.CheckAssignableType(typeof(ISessionIDManager), type, config, "sessionIDManagerType"); manager = (ISessionIDManager)HttpRuntime.CreatePublicInstance(type); } manager.Initialize(); return(manager); }
// Remove an item. Note that the item is originally obtained by GetExclusive // Same note as Set on lockId public override void RemoveItem(HttpContext context, String id, object lockId, SessionStateStoreData item) { Debug.Assert(lockId != null, "lockId != null"); string key = CreateSessionStateCacheKey(id); CacheInternal cacheInternal = HttpRuntime.CacheInternal; int lockCookie = (int)lockId; SessionIDManager.CheckIdLength(id, true /* throwOnFail */); InProcSessionState state = (InProcSessionState)cacheInternal.Get(key); /* If the item isn't there, we probably took too long to run. */ if (state == null) { return; } state._spinLock.AcquireWriterLock(); try { /* Only remove the item if we are the owner */ if (!state._locked || state._lockCookie != lockCookie) { return; } /* prevent overwriting when we drop the lock */ state._lockCookie = 0; } finally { state._spinLock.ReleaseWriterLock(); } cacheInternal.Remove(key); TraceSessionStats(); }
public override void CreateUninitializedItem(HttpContext context, String id, int timeout) { string key = CreateSessionStateCacheKey(id); Debug.Assert(timeout <= SessionStateModule.MAX_CACHE_BASED_TIMEOUT_MINUTES, "item.Timeout <= SessionStateModule.MAX_CACHE_BASED_TIMEOUT_MINUTES"); SessionIDManager.CheckIdLength(id, true /* throwOnFail */); Debug.Trace("SessionStateClientSet", "Inserting an uninitialized item into Cache; key = " + key); InProcSessionState state = new InProcSessionState( null, null, timeout, false, DateTime.MinValue, NewLockCookie, (int)SessionStateItemFlags.Uninitialized); // DevDivBugs 146875 // We do not want to overwrite an item with an uninitialized item if it is // already in the cache try { } finally { // protected from ThreadAbortEx object existingEntry = HttpRuntime.Cache.InternalCache.Add(key, state, new CacheInsertOptions() { SlidingExpiration = new TimeSpan(0, timeout, 0), Priority = CacheItemPriority.NotRemovable, OnRemovedCallback = _callback }); if (existingEntry == null) { PerfCounters.IncrementCounter(AppPerfCounter.SESSIONS_TOTAL); PerfCounters.IncrementCounter(AppPerfCounter.SESSIONS_ACTIVE); } } }
public override void ReleaseItemExclusive(HttpContext context, string id, object lockId) { string key = this.CreateSessionStateCacheKey(id); int num = (int)lockId; SessionIDManager.CheckIdLength(id, true); InProcSessionState state = (InProcSessionState)HttpRuntime.CacheInternal.Get(key); if ((state != null) && state._locked) { state._spinLock.AcquireWriterLock(); try { if (state._locked && (num == state._lockCookie)) { state._locked = false; } } finally { state._spinLock.ReleaseWriterLock(); } } }
SessionStateStoreData DoGet(HttpContext context, String id, bool exclusive, out bool locked, out TimeSpan lockAge, out object lockId, out SessionStateActions actionFlags) { string key = CreateSessionStateCacheKey(id); // Set default return values locked = false; lockId = null; lockAge = TimeSpan.Zero; actionFlags = 0; // Not technically necessary for InProc, but we do it to be consistent // with SQL provider SessionIDManager.CheckIdLength(id, true /* throwOnFail */); InProcSessionState state = (InProcSessionState)HttpRuntime.CacheInternal.Get(key); if (state != null) { bool lockedByOther; // True if the state is locked by another session int initialFlags; initialFlags = (int)state._flags; if ((initialFlags & (int)SessionStateItemFlags.Uninitialized) != 0) { // It is an uninitialized item. We have to remove that flag. // We only allow one request to do that. // For details, see inline doc for SessionStateItemFlags.Uninitialized flag. // If initialFlags != return value of CompareExchange, it means another request has // removed the flag. Debug.Trace("SessionStateClientSet", "Removing the Uninit flag for item; key = " + key); if (initialFlags == Interlocked.CompareExchange( ref state._flags, initialFlags & (~((int)SessionStateItemFlags.Uninitialized)), initialFlags)) { actionFlags = SessionStateActions.InitializeItem; } } if (exclusive) { lockedByOther = true; // If unlocked, use a spinlock to test and lock the state. if (!state._locked) { state._spinLock.AcquireWriterLock(); try { if (!state._locked) { lockedByOther = false; state._locked = true; state._utcLockDate = DateTime.UtcNow; state._lockCookie++; } lockId = state._lockCookie; } finally { state._spinLock.ReleaseWriterLock(); } } else { // It's already locked by another request. Return the lockCookie to caller. lockId = state._lockCookie; } } else { state._spinLock.AcquireReaderLock(); try { lockedByOther = state._locked; lockId = state._lockCookie; } finally { state._spinLock.ReleaseReaderLock(); } } if (lockedByOther) { // Item found, but locked locked = true; lockAge = DateTime.UtcNow - state._utcLockDate; return(null); } else { return(SessionStateUtility.CreateLegitStoreData(context, state._sessionItems, state._staticObjects, state._timeout)); } } // Not found return(null); }
public override void SetAndReleaseItemExclusive(HttpContext context, String id, SessionStateStoreData item, object lockId, bool newItem) { string key = CreateSessionStateCacheKey(id); bool doInsert = true; CacheInternal cacheInternal = HttpRuntime.CacheInternal; int lockCookieForInsert = NewLockCookie; ISessionStateItemCollection items = null; HttpStaticObjectsCollection staticObjects = null; Debug.Assert(item.Items != null, "item.Items != null"); Debug.Assert(item.StaticObjects != null, "item.StaticObjects != null"); Debug.Assert(item.Timeout <= SessionStateModule.MAX_CACHE_BASED_TIMEOUT_MINUTES, "item.Timeout <= SessionStateModule.MAX_CACHE_BASED_TIMEOUT_MINUTES"); SessionIDManager.CheckIdLength(id, true /* throwOnFail */); if (item.Items.Count > 0) { items = item.Items; } if (!item.StaticObjects.NeverAccessed) { staticObjects = item.StaticObjects; } if (!newItem) { Debug.Assert(lockId != null, "lockId != null"); InProcSessionState stateCurrent = (InProcSessionState)cacheInternal.Get(key); int lockCookie = (int)lockId; /* If the state isn't there, we probably took too long to run. */ if (stateCurrent == null) { return; } Debug.Trace("SessionStateClientSet", "state is inStorage; key = " + key); Debug.Assert((stateCurrent._flags & (int)SessionStateItemFlags.Uninitialized) == 0, "Should never set an unitialized item; key = " + key); stateCurrent._spinLock.AcquireWriterLock(); try { /* Only set the state if we are the owner */ if (!stateCurrent._locked || stateCurrent._lockCookie != lockCookie) { Debug.Trace("SessionStateClientSet", "Leave because we're not the owner; key = " + key); return; } /* We can change the state in place if the timeout hasn't changed */ if (stateCurrent._timeout == item.Timeout) { stateCurrent.Copy( items, staticObjects, item.Timeout, false, DateTime.MinValue, lockCookie, stateCurrent._flags); // Don't need to insert into the Cache because an in-place copy is good enough. doInsert = false; Debug.Trace("SessionStateClientSet", "Changing state inplace; key = " + key); } else { /* We are going to insert a new item to replace the current one in Cache * because the expiry time has changed. * * Pleas note that an insert will cause the Session_End to be incorrectly raised. * * Please note that the item itself should not expire between now and * where we do UtcInsert below because CacheInternal.Get above have just * updated its expiry time. */ stateCurrent._flags |= (int)SessionStateItemFlags.IgnoreCacheItemRemoved; /* By setting _lockCookie to 0, we prevent an overwriting by ReleaseExclusive * when we drop the lock. * The scenario can happen if another request is polling and trying to prempt * the lock we have on the item. */ lockCookieForInsert = lockCookie; stateCurrent._lockCookie = 0; } } finally { stateCurrent._spinLock.ReleaseWriterLock(); } } if (doInsert) { Debug.Trace("SessionStateClientSet", "Inserting state into Cache; key = " + key); InProcSessionState state = new InProcSessionState( items, staticObjects, item.Timeout, false, DateTime.MinValue, lockCookieForInsert, 0); try { } finally { // protected from ThreadAbortEx cacheInternal.UtcInsert( key, state, null, Cache.NoAbsoluteExpiration, new TimeSpan(0, state._timeout, 0), CacheItemPriority.NotRemovable, _callback); PerfCounters.IncrementCounter(AppPerfCounter.SESSIONS_TOTAL); PerfCounters.IncrementCounter(AppPerfCounter.SESSIONS_ACTIVE); TraceSessionStats(); } } }
public void CreateNewSession() { SessionId = new SessionIDManager().CreateSessionID(null); _httpContext.ResponseCookies[AspNetSessionCookieName] = SessionId; }
private ISessionIDManager InitSessionIDManager(SessionStateSection config) { ISessionIDManager manager; string sessionIDManagerType = config.SessionIDManagerType; if (string.IsNullOrEmpty(sessionIDManagerType)) { manager = new SessionIDManager(); this._usingAspnetSessionIdManager = true; } else { Type type = ConfigUtil.GetType(sessionIDManagerType, "sessionIDManagerType", config); ConfigUtil.CheckAssignableType(typeof(ISessionIDManager), type, config, "sessionIDManagerType"); manager = (ISessionIDManager) HttpRuntime.CreatePublicInstance(type); } manager.Initialize(); return manager; }
ISessionIDManager InitSessionIDManager(SessionStateSection config) { string sessionIDManagerType = config.SessionIDManagerType; ISessionIDManager iManager; if (String.IsNullOrEmpty(sessionIDManagerType)) { iManager = new SessionIDManager(); _usingAspnetSessionIdManager = true; } else { Type managerType; managerType = ConfigUtil.GetType(sessionIDManagerType, "sessionIDManagerType", config); ConfigUtil.CheckAssignableType(typeof(ISessionIDManager), managerType, config, "sessionIDManagerType"); iManager = (ISessionIDManager)HttpRuntime.CreatePublicInstance(managerType); } iManager.Initialize(); return iManager; }
/// <summary> /// Try to retrive the existing session data from Redis /// If the data is not found, it will create a new session with a new sessionId /// </summary> private void InitSession() { // If sessionProvider is not null that means we already initialized the session and got the dataStore if (_sessionProvider == null) { _sessionProvider = new RedisASPSessionStateProvider(); } _storeData = null; // Get write lock and session from cache bool locked; TimeSpan lockAge; object lockId; SessionStateActions actions; if (!string.IsNullOrWhiteSpace(_sessionId)) { // Try Retrieve the existing session _storeData = _sessionProvider.GetItem(null, _sessionId, out locked, out lockAge, out lockId, out actions); } // If we cannot find an existing session we will create a new one if (_storeData == null) { // Generate a new session id SessionIDManager Manager = new SessionIDManager(); _sessionId = Manager.CreateSessionID(_context); // Create a new Session in Redis _sessionTimeout = (int)RedisSessionStateProvider.configuration.SessionTimeout.TotalMinutes; _sessionProvider.CreateUninitializedItem(null, _sessionId, _sessionTimeout); // Get the store Data from the new session created _storeData = _sessionProvider.GetItem(null, _sessionId, out locked, out lockAge, out lockId, out actions); // If for some reason it failed to get the store data we raise an exception if (_storeData == null) { throw new InvalidOperationException("Store Data cannot be created"); } } }
public void LoginUser(string user, string token) { if (!AuthenticateUser(user, token)) { String result = "{result: 'error', errormsg: 'Login Failed!'}"; SendResponse(result); } else { if(user.ToLower().Equals("guest")) { user = "******"; } User session_user = UserBLL.GetUserByEmail(user); SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string session_id = Manager.CreateSessionID(Context); GreyhoundSession session = new GreyhoundSession(session_id, session_user); // TODO: Implement session keys: // 1) generate a session key and ad it to the session keys table with an expiration date and associated to the user id // 2) return the key to the mobile application // 3) in each method call check the session key validity for the user id: // i) if the key is invalid ignore the request // ii) if the key is valid respond to the method call // iii) if the key is valid but has expired generate a new key, return the key to the mobile app and respond to the method call String result = "{result: 'success', " + "sessionid: '" + session.Session_Id + "'," + "user_id: '" + session_user.User_Id + "'," + "role_id: '" + session_user.Role_Id + "'," + "name: '" + session_user.Name + "'," + "address: '" + session_user.Address + "'," + "mobile: '" + session_user.Mobile + "'," + "paypal_id: '" + session_user.Paypal_Id + "'," + "betfair_id: '" + session_user.Betfair_Id + "'," + "expire: '" + session.Validity + "'}"; SendResponse(result); } }
public override void SetAndReleaseItemExclusive(HttpContext context, string id, SessionStateStoreData item, object lockId, bool newItem) { string key = this.CreateSessionStateCacheKey(id); bool flag = true; CacheInternal cacheInternal = HttpRuntime.CacheInternal; int newLockCookie = NewLockCookie; ISessionStateItemCollection sessionItems = null; HttpStaticObjectsCollection staticObjects = null; SessionIDManager.CheckIdLength(id, true); if (item.Items.Count > 0) { sessionItems = item.Items; } if (!item.StaticObjects.NeverAccessed) { staticObjects = item.StaticObjects; } if (!newItem) { InProcSessionState state = (InProcSessionState)cacheInternal.Get(key); int lockCookie = (int)lockId; if (state == null) { return; } state._spinLock.AcquireWriterLock(); try { if (!state._locked || (state._lockCookie != lockCookie)) { return; } if (state._timeout == item.Timeout) { state.Copy(sessionItems, staticObjects, item.Timeout, false, DateTime.MinValue, lockCookie, state._flags); flag = false; } else { state._flags |= 2; newLockCookie = lockCookie; state._lockCookie = 0; } } finally { state._spinLock.ReleaseWriterLock(); } } if (flag) { InProcSessionState state2 = new InProcSessionState(sessionItems, staticObjects, item.Timeout, false, DateTime.MinValue, newLockCookie, 0); try { } finally { cacheInternal.UtcInsert(key, state2, null, Cache.NoAbsoluteExpiration, new TimeSpan(0, state2._timeout, 0), CacheItemPriority.NotRemovable, this._callback); PerfCounters.IncrementCounter(AppPerfCounter.SESSIONS_TOTAL); PerfCounters.IncrementCounter(AppPerfCounter.SESSIONS_ACTIVE); } } }
/// <summary> /// 保存当前请求的会话状态 /// </summary> protected void SaveSessionState() { if (Context.Session != null && Context.Session.IsNewSession && !Context.Session.IsCookieless) { Context.Response.Cookies.Remove("ASP.NET_SessionId"); bool redirected, cookieAdded; SessionIDManager sidMgr = new SessionIDManager(); sidMgr.SaveSessionID(HttpContext.Current, Context.Session.SessionID, out redirected, out cookieAdded); } }
protected void Page_Load(object sender, EventArgs e) { System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); string name = (string)Session["staffname"]; //TO GET THE WELCOME MESSAGE if (Session["id"] == null) { Response.Redirect("Login.aspx"); } String logintime = (string)Session["lasttime"]; current_test_status = "Archived"; current_test_status2 = "Completed"; st_role = (string)Session["staffrole"]; string login_staff_id = (string)Session["staffid"]; // Code disables caching by browser. Response.Cache.SetCacheability(HttpCacheability.NoCache);// this tells the client not to cache responses in the History folder, so that when you use the back/forward buttons the client requests a new version of the response each time. Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1)); Response.Cache.SetNoStore(); login_staff_ID = (string)Session["staffname"]; if (st_role == "Instructor" || st_role == "Chief Instructor" || st_role == "Guest") { SqlConnection con9 = obj.getcon(); con9.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = con9; cmd.CommandText = "select a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,UPPER(a.chiefinstructor_name) as chiefinstructor_name ,count(b.student_id) as student_id from testsession_details a ,student_vs_testsession_details b where a.testsession_status not in(@status1, @status2) and a.testsession_id=b.testsession_id group by a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,a.chiefinstructor_name ORDER BY a.testsession_id DESC "; SqlParameter param1 = new SqlParameter("@status1", current_test_status); SqlParameter param2 = new SqlParameter("@status2", current_test_status2); cmd.Parameters.Add(param1); cmd.Parameters.Add(param2); SqlDataAdapter adapter = new SqlDataAdapter(cmd); DataSet ds = new DataSet(); adapter.Fill(ds); GridView1.DataSource = ds; GridView1.DataBind(); con9.Close(); } else if (st_role == "Director/Asst Director")//if role=Admin { SqlConnection con8 = obj.getcon(); con8.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = con8; cmd.CommandText = "select a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,UPPER(a.chiefinstructor_name) as chiefinstructor_name,count(b.student_id) as student_id from testsession_details a ,student_vs_testsession_details b where a.testsession_status<>@status1 and a.testsession_id=b.testsession_id group by a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,a.chiefinstructor_name ORDER BY a.testsession_id DESC "; SqlParameter param1 = new SqlParameter("@status1", current_test_status); cmd.Parameters.Add(param1); SqlDataAdapter adapter = new SqlDataAdapter(cmd); DataSet ds = new DataSet(); adapter.Fill(ds); GridView1.DataSource = ds; GridView1.DataBind(); con8.Close(); } }
private void ValidateUser(string userName, string password) { SqlConnection con = obj1.getcon(); con.Open(); SqlCommand cmd = new SqlCommand("select staff_id,staff_name,staff_role,NPstaff from staff_details where staff_id = @STAFF_id ", con); cmd.Parameters.Add(new SqlParameter("STAFF_id", userName)); SqlDataReader dr = cmd.ExecuteReader(); // bool password_valid = NPpasswordCheck_BCLS(userName,password);//NP SERVER bool password_valid = ZTpasswordCheck_BCLS(userName, password); //LOCAL SERVER if (dr.HasRows && password_valid) //if username and password is correct { // Session.Abandon(); regenerateId(); Guid guid_string_Id = System.Guid.NewGuid(); string newID = guid_string_Id.ToString(); Session["CPRactSessionCheck"] = newID; HttpCookie cookie = new HttpCookie("CPRactCookieCheck", newID); cookie.Values.Add("TRXID", (string)Session["CPRactSessionCheck"]); cookie.Values.Add("EVSS_ID", Session.SessionID); Response.Cookies.Add(cookie); // Response.Cookies["CPRactCookieCheck"].Secure = true;//We can enable secure cookie to set true(HTTPs). dr.Read(); s_id = dr[0].ToString(); s_name = dr[1].ToString(); s_role = dr[2].ToString(); if (s_role == "Guest") { Session["id"] = 01; } else if (s_role == "Instructor") { Session["id"] = 11; } else if (s_role == "Chief Instructor") { Session["id"] = 21; } else if (s_role == "Director/Asst Director")//Director/Asst Director { Session["id"] = 31; } else//there is a chnace for enter the role through sql query and misspelled { Page.ClientScript.RegisterStartupScript(this.GetType(), Guid.NewGuid().ToString(), "alert('Role assignment unsuccessful, please contact techincal support');window.location='Login.aspx';", true); return; } System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); // regenerateId(); Session["staffname"] = s_name; Session["staffid"] = s_id; Session["staffrole"] = s_role; Session["staff_password"] = password; String last_interaction_time = DateTime.Now.ToString("dd/MM/yyyy HH:mm");//TO GET THE CURRENT LOGIN TIME Session["lasttime"] = last_interaction_time; if (s_role == "Chief Instructor") { Response.Redirect("follow_up.aspx"); } else { Response.Redirect("Active_testsessiondetails.aspx"); } } else { lb_invalid.Visible = true; tb_password.Text = ""; hdnfldpassword.Value = ""; // lb_invalid.Text =" Invalid userID or Password ! "+ " HasRows in DB: "+ dr.HasRows.ToString()+" Valid LDAP: " + password_valid.ToString() ; lb_invalid.Text = " Invalid userID or Password ! "; } con.Close(); }
private void MakeRequest(System.Web.UnsafeNativeMethods.StateProtocolVerb verb, string id, System.Web.UnsafeNativeMethods.StateProtocolExclusive exclusiveAccess, int extraFlags, int timeout, int lockCookie, byte[] buf, int cb, int networkTimeout, out System.Web.UnsafeNativeMethods.SessionNDMakeRequestResults results) { int num; OutOfProcConnection o = null; bool checkVersion = false; SessionIDManager.CheckIdLength(id, true); if (this._partitionInfo == null) { this._partitionInfo = (StateServerPartitionInfo)s_partitionManager.GetPartition(this._partitionResolver, id); if (this._partitionInfo == null) { throw new HttpException(System.Web.SR.GetString("Bad_partition_resolver_connection_string", new object[] { "PartitionManager" })); } } try { HandleRef ref2; o = (OutOfProcConnection)this._partitionInfo.RetrieveResource(); if (o != null) { ref2 = new HandleRef(this, o._socketHandle.Handle); } else { ref2 = new HandleRef(this, INVALID_SOCKET); } if (this._partitionInfo.StateServerVersion == -1) { checkVersion = true; } string uri = HttpUtility.UrlEncode(s_uribase + id); num = System.Web.UnsafeNativeMethods.SessionNDMakeRequest(ref2, this._partitionInfo.Server, this._partitionInfo.Port, networkTimeout, verb, uri, exclusiveAccess, extraFlags, timeout, lockCookie, buf, cb, checkVersion, out results); if (o != null) { if (results.socket == INVALID_SOCKET) { o.Detach(); o = null; } else if (results.socket != ref2.Handle) { o._socketHandle = new HandleRef(this, results.socket); } } else if (results.socket != INVALID_SOCKET) { o = new OutOfProcConnection(results.socket); } if (o != null) { this._partitionInfo.StoreResource(o); } } catch { if (o != null) { o.Dispose(); } throw; } if (num == 0) { if (results.httpStatus == 400) { if (s_usePartition) { throw new HttpException(System.Web.SR.GetString("Bad_state_server_request_partition_resolver", new object[] { s_configPartitionResolverType, this._partitionInfo.Server, this._partitionInfo.Port.ToString(CultureInfo.InvariantCulture) })); } throw new HttpException(System.Web.SR.GetString("Bad_state_server_request")); } if (checkVersion) { this._partitionInfo.StateServerVersion = results.stateServerMajVer; if (this._partitionInfo.StateServerVersion < WHIDBEY_MAJOR_VERSION) { if (s_usePartition) { throw new HttpException(System.Web.SR.GetString("Need_v2_State_Server_partition_resolver", new object[] { s_configPartitionResolverType, this._partitionInfo.Server, this._partitionInfo.Port.ToString(CultureInfo.InvariantCulture) })); } throw new HttpException(System.Web.SR.GetString("Need_v2_State_Server")); } } } else { HttpException exception = CreateConnectionException(this._partitionInfo.Server, this._partitionInfo.Port, num); string str2 = null; switch (results.lastPhase) { case 0: str2 = System.Web.SR.GetString("State_Server_detailed_error_phase0"); break; case 1: str2 = System.Web.SR.GetString("State_Server_detailed_error_phase1"); break; case 2: str2 = System.Web.SR.GetString("State_Server_detailed_error_phase2"); break; case 3: str2 = System.Web.SR.GetString("State_Server_detailed_error_phase3"); break; } WebBaseEvent.RaiseSystemEvent(System.Web.SR.GetString("State_Server_detailed_error", new object[] { str2, "0x" + num.ToString("X08", CultureInfo.InvariantCulture), cb.ToString(CultureInfo.InvariantCulture) }), this, 0xbc1, 0xc360, exception); throw exception; } }
/// <summary> /// sigh - this fixes a f****d up issue, where previewing pages containing code writing to Session, /// will breake all subsequent page previews regardless of content. Should you obtain the wisdom as /// to what exactly is the trick here, I'd love to now. I will leave it as "well, this fix the issue /// and pass testing. Hurray for Harry Potter and magic!". Oh how I loathe doing that :( /// </summary> /// <param name="ctx">the Http context that will be shared between master and child process</param> private static void AllowChildRequestSessionAccess(HttpContext ctx) { SessionIDManager manager = new SessionIDManager(); string oldId = manager.GetSessionID(ctx); string newId = manager.CreateSessionID(ctx); bool isAdd = false, isRedir = false; manager.SaveSessionID(ctx, newId, out isRedir, out isAdd); HttpApplication ctx2 = (HttpApplication)HttpContext.Current.ApplicationInstance; HttpModuleCollection mods = ctx2.Modules; SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm); if (field.Name.Equals("_rqId")) rqIdField = field; if (field.Name.Equals("_rqLockId")) rqLockIdField = field; if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field; } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) store.ReleaseItemExclusive(ctx, oldId, lockId); rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
void MakeRequest( UnsafeNativeMethods.StateProtocolVerb verb, String id, UnsafeNativeMethods.StateProtocolExclusive exclusiveAccess, int extraFlags, int timeout, int lockCookie, byte[] buf, int cb, int networkTimeout, out UnsafeNativeMethods.SessionNDMakeRequestResults results) { int hr; string uri; OutOfProcConnection conn = null; HandleRef socketHandle; bool checkVersion = false; Debug.Assert(timeout <= SessionStateModule.MAX_CACHE_BASED_TIMEOUT_MINUTES, "item.Timeout <= SessionStateModule.MAX_CACHE_BASED_TIMEOUT_MINUTES"); SessionIDManager.CheckIdLength(id, true /* throwOnFail */); if (_partitionInfo == null) { Debug.Assert(s_partitionManager != null); Debug.Assert(_partitionResolver != null); _partitionInfo = (StateServerPartitionInfo)s_partitionManager.GetPartition(_partitionResolver, id); // If its still null, we give up if (_partitionInfo == null) { throw new HttpException(SR.GetString(SR.Bad_partition_resolver_connection_string, "PartitionManager")); } } // Need to make sure we dispose the connection if anything goes wrong try { conn = (OutOfProcConnection)_partitionInfo.RetrieveResource(); if (conn != null) { socketHandle = new HandleRef(this, conn._socketHandle.Handle); } else { socketHandle = new HandleRef(this, INVALID_SOCKET); } if (_partitionInfo.StateServerVersion == -1) { // We don't need locking here because it's okay to have two // requests initializing s_stateServerVersion. checkVersion = true; } Debug.Trace("OutOfProcSessionStateStoreMakeRequest", "Calling MakeRequest, " + "socket=" + (IntPtr)socketHandle.Handle + "verb=" + verb + " id=" + id + " exclusiveAccess=" + exclusiveAccess + " timeout=" + timeout + " buf=" + ((buf != null) ? "non-null" : "null") + " cb=" + cb + " checkVersion=" + checkVersion + " extraFlags=" + extraFlags); // Have to UrlEncode id because it may contain non-URL-safe characters uri = HttpUtility.UrlEncode(s_uribase + id); hr = UnsafeNativeMethods.SessionNDMakeRequest( socketHandle, _partitionInfo.Server, _partitionInfo.Port, _partitionInfo.ServerIsIPv6NumericAddress /* forceIPv6 */, networkTimeout, verb, uri, exclusiveAccess, extraFlags, timeout, lockCookie, buf, cb, checkVersion, out results); Debug.Trace("OutOfProcSessionStateStoreMakeRequest", "MakeRequest returned: " + "hr=" + hr + " socket=" + (IntPtr)results.socket + " httpstatus=" + results.httpStatus + " timeout=" + results.timeout + " contentlength=" + results.contentLength + " uri=" + (IntPtr)results.content + " lockCookie=" + results.lockCookie + " lockDate=" + string.Format("{0:x}", results.lockDate) + " lockAge=" + results.lockAge + " stateServerMajVer=" + results.stateServerMajVer + " actionFlags=" + results.actionFlags); if (conn != null) { if (results.socket == INVALID_SOCKET) { conn.Detach(); conn = null; } else if (results.socket != socketHandle.Handle) { // The original socket is no good. We've got a new one. // Pleae note that EnsureConnected has closed the bad // one already. conn._socketHandle = new HandleRef(this, results.socket); } } else if (results.socket != INVALID_SOCKET) { conn = new OutOfProcConnection(results.socket); } if (conn != null) { _partitionInfo.StoreResource(conn); } } catch { // We just need to dispose the connection if anything bad happened if (conn != null) { conn.Dispose(); } throw; } if (hr != 0) { HttpException e = CreateConnectionException(_partitionInfo.Server, _partitionInfo.Port, hr); string phase = null; switch (results.lastPhase) { case (int)UnsafeNativeMethods.SessionNDMakeRequestPhase.Initialization: phase = SR.GetString(SR.State_Server_detailed_error_phase0); break; case (int)UnsafeNativeMethods.SessionNDMakeRequestPhase.Connecting: phase = SR.GetString(SR.State_Server_detailed_error_phase1); break; case (int)UnsafeNativeMethods.SessionNDMakeRequestPhase.SendingRequest: phase = SR.GetString(SR.State_Server_detailed_error_phase2); break; case (int)UnsafeNativeMethods.SessionNDMakeRequestPhase.ReadingResponse: phase = SR.GetString(SR.State_Server_detailed_error_phase3); break; default: Debug.Assert(false, "Unknown results.lastPhase: " + results.lastPhase); break; } WebBaseEvent.RaiseSystemEvent(SR.GetString(SR.State_Server_detailed_error, phase, "0x" + hr.ToString("X08", CultureInfo.InvariantCulture), cb.ToString(CultureInfo.InvariantCulture)), this, WebEventCodes.WebErrorOtherError, WebEventCodes.StateServerConnectionError, e); throw e; } if (results.httpStatus == 400) { if (s_usePartition) { throw new HttpException( SR.GetString(SR.Bad_state_server_request_partition_resolver, s_configPartitionResolverType, _partitionInfo.Server, _partitionInfo.Port.ToString(CultureInfo.InvariantCulture))); } else { throw new HttpException( SR.GetString(SR.Bad_state_server_request)); } } if (checkVersion) { _partitionInfo.StateServerVersion = results.stateServerMajVer; if (_partitionInfo.StateServerVersion < WHIDBEY_MAJOR_VERSION) { // We won't work with versions lower than Whidbey if (s_usePartition) { throw new HttpException( SR.GetString(SR.Need_v2_State_Server_partition_resolver, s_configPartitionResolverType, _partitionInfo.Server, _partitionInfo.Port.ToString(CultureInfo.InvariantCulture))); } else { throw new HttpException( SR.GetString(SR.Need_v2_State_Server)); } } } }
//tymczasowo nieużywana private string NewSessionId() { SessionIDManager manager = new SessionIDManager(); string newID = manager.CreateSessionID(HttpContext.Current); bool redirected = false; bool isAdded = false; manager.SaveSessionID(HttpContext.Current, newID, out redirected, out isAdded); return newID; }
protected void Page_Load(object sender, EventArgs e) { try { if (Session["Username"] == null && Session.IsNewSession == false) { Response.Redirect("Logout.aspx", false); return; } if (globle.UserValue != null && Session.IsNewSession == true) { Session["Username"] = globle.UserValue; Session["Role"] = globle.Role; Session["Location"] = ""; Session["PF_Index"] = globle.PF_Index; Session["LoggedIn"] = "Yes"; } else if (globle.UserValue == null) { Response.Redirect("Logout.aspx", false); return; } else { HttpContext.Current.Session.Abandon(); HttpContext.Current.Session.Clear(); Session["Username"] = null; Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); Response.Cookies.Add(new HttpCookie("__AntiXsrfToken", "")); Request.Cookies.Clear(); HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate"); HttpContext.Current.Response.AddHeader("Pragma", "no-cache"); HttpContext.Current.Response.AddHeader("Expires", "0"); Session.Abandon(); // Session Expire but cookie do exist // Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-30); //Delete the cookie Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-1); HttpContext.Current.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); Request.Cookies["Asp.net_sessionId"].Expires = DateTime.UtcNow.AddDays(-1d); Response.Cookies["Asp.net_sessionId"].Value = ""; Response.Cookies["Username"].Value = ""; Response.Cookies.Add(Request.Cookies["Username"]); Session.RemoveAll(); Session.Abandon(); Session["Username"] = null; Session.Clear(); ClearCache(); string USER = globle.UserValue; FormsAuthentication.SignOut(); Context.ApplicationInstance.CompleteRequest(); bool redirected = false; bool isAdded = false; System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string NewID = Manager.CreateSessionID(Context); string OldID = Context.Session.SessionID; Manager.SaveSessionID(Context, NewID, out redirected, out isAdded); } } catch (Exception) { // string USER = globle.UserValue; // Dictionary<string, string> dic = ((Dictionary<string, string>)Application["Sessions"]); // ((Dictionary<string, string>)Application["Sessions"]).Remove(USER); } }
private SessionStateStoreData DoGet(HttpContext context, string id, bool exclusive, out bool locked, out TimeSpan lockAge, out object lockId, out SessionStateActions actionFlags) { bool flag; string key = this.CreateSessionStateCacheKey(id); locked = false; lockId = null; lockAge = TimeSpan.Zero; actionFlags = SessionStateActions.None; SessionIDManager.CheckIdLength(id, true); InProcSessionState state = (InProcSessionState)HttpRuntime.CacheInternal.Get(key); if (state == null) { return(null); } int comparand = state._flags; if (((comparand & 1) != 0) && (comparand == Interlocked.CompareExchange(ref state._flags, comparand & -2, comparand))) { actionFlags = SessionStateActions.InitializeItem; } if (exclusive) { flag = true; if (!state._locked) { state._spinLock.AcquireWriterLock(); try { if (!state._locked) { flag = false; state._locked = true; state._utcLockDate = DateTime.UtcNow; state._lockCookie++; } lockId = state._lockCookie; goto Label_00FE; } finally { state._spinLock.ReleaseWriterLock(); } } lockId = state._lockCookie; } else { state._spinLock.AcquireReaderLock(); try { flag = state._locked; lockId = state._lockCookie; } finally { state._spinLock.ReleaseReaderLock(); } } Label_00FE: if (flag) { locked = true; lockAge = (TimeSpan)(DateTime.UtcNow - state._utcLockDate); return(null); } return(SessionStateUtility.CreateLegitStoreData(context, state._sessionItems, state._staticObjects, state._timeout)); }