tags:

views:

98

answers:

2
Q: 

ASP.net Associate session with client/request based on ip

In one web page we use a flash upload control but becouse a flash bug in the upload event the session is lost as its posted back with a new session.

We have tought of using a table with ip and old session id or a query string with the old session id in order to reassing it in the uploaded event...

Knowing the old session id how can i reassign it to the client? (In C#)

A: 

Does not work. The IP may hide many users - remember some people go throuh NAT devices sometimes involuntarily (their ISP enforces it, for example satellite providers), so you may have X users using the same IP.

TomTom  2010-03-18 08:40:27
And passing the session id in the query string before the upload?
ase69s  2010-03-18 09:01:18
That would work.
TomTom  2010-03-18 09:05:58
Ok and the code to reassigning it would be??? :)
ase69s  2010-03-18 09:49:35
see my update - it looks like it's something like HttpContext.Current.Request.Cookies.Add() or Cookies.Set() with the data you pull out of Request...
rohancragg  2010-03-18 10:01:29
+1  A: 

For tracking the user identity:

URL (a unique token in the query string)? i.e. redirect each visitor to same page with their own token in the URL.

Cookies?

For tracking the associated data:

Perhaps then store this user-specific data in an application-level store (keyed on the user token as above) such as Application object. Of course you should be concerned about the lifetime of this data and should consider persisting it to disk or to a database instead.

UPDATE

This (from the swfupload project) looks suspiciously like a work-around for the issue described here...

Or you could just use that tool instead of your current upload control?...

rohancragg  2010-03-18 08:48:55
The only problem i have is losing the relation between the user and its session becouse the flash bug. I have all the data i need using the asp.net session variables.
ase69s  2010-03-18 09:41:37
it sounds like the control is making it's own request and has not been built to pass back the authentication cookie. I would look at catching the HTTP request early in the pipeline (an HTTPModule or some handling in Global.asax) and using some data in the query string to manually authenticate the request once you know what user it is.
rohancragg  2010-03-18 09:52:10
Seems like you hit the point...gona test it, if works the check its yours... :)
ase69s  2010-03-18 10:12:59
There is a problem...the request posted by the flash control omits the query string too... :S We are thinking about using Request.ServerVariables["REMOTE_HOST"] + Request.ServerVariables["LOGON_USER"] in a hashtable to recover its session id...But if someone knows a better aproach it would be preferred...
ase69s  2010-03-18 11:13:55

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps