Weird problem with session and DDL

Question

Hello all, I'm using Seesion in my project that stores the useTypeID (admin, manager and so on) and for the backoffice only the admin and the manager can enter, so in every page in my backoffice in the first line i check if the seesion is stile alive and only then the user can enter the page:

if (!EmployeeSession.IsAuthenticated || EmployeeSession.GetEmployeeType != 1 && EmployeeSession.GetEmployeeType != 2)
        Response.Redirect("Default.aspx");

The same code for all the pages...and all of them are working perfectly.

I have one one page that is giving me lots of troubles since i added the session. The page still comes up correctly, but when i'm selecting a new area from the DDL i'm loosing my seesion for some reson and the postback goes to the false part of the session check...

I debuged it and as i see it, it is only becouse of the DDL, can that be or do i have some other problem that i can't see?

This is the code in the .aspx file:

<td><asp:DropDownList ID="ddlAreasSearch" runat="server" /></td>

This is the code in the .cs file:

protected void Page_Load(object sender, EventArgs e)
{
    if (!EmployeeSession.IsAuthenticated || EmployeeSession.GetEmployeeType != 1 && EmployeeSession.GetEmployeeType != 2)
        Response.Redirect("Default.aspx");

    if (Page.IsPostBack)
        return;

    DataSet ds = UiHelper.InitDDL(
                        ddlAreasSearch,
                        0,
                        "AreaName",
                        "AreaID",
                        ConfigurationManager.AppSettings["ConnStr"],
                        "spAreas_Select"
                    );

}

The UiHelper is just for filling a DDL with a staic function:

public static DataSet InitDDL(DropDownList ddl, Int16 DataSetTableIndex, string DataTextField, string DataValueField, string ConnectionString, string CommandName, params SqlParameter[] Params)
{
    DataSet ds = DbHelper.ExecuteDataSet(ConnectionString, CommandName, Params);
    ddl.DataSource = ds.Tables[DataSetTableIndex];
    ddl.DataTextField = DataTextField; 
    ddl.DataValueField = DataValueField;
    ddl.DataBind();

    return ds;
}

The line that is calling this page is(just a href...nothing special, and agian, i have about 20 other the same that ar working...and when it is not a postback from the DDL every thing is working great, just after the postback i am looking the session):

<div><a href="SearchAreasWithDDL.aspx">חיפוש אזור</a></div>

I will be happy to give any other code if neccesery but as i see it, this is the code that is creating all the problems...And as i said, all other pages are doing the same thing, the only difference is the DDL....

P.S. I don't even get to the button click that get the data related to the DDL, The session dies before the i enter the pageload of the page on postback....

10x

Answer 1

Hello all,

I have found the solution, the problem wasn't becouse of the DDL, it was becouse of two things...

1. I have a LinkButton the do the redirect on EXIT and i used a URL over there and also some code in the btnClick in the CS file and the URL is stronger then the CS file, when i removed the URL from the aspx it was ok, but still has security problems with the beck button and writing free url path so i used this lines to solve the problem and now every thing is working great...

   Response.Buffer = true; Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d); Response.Expires = -1500; Response.CacheControl = "no-cache"; if (!EmployeeSession.IsAuthenticated || EmployeeSession.GetEmployeeType != 1 && EmployeeSession.GetEmployeeType != 2) Response.Redirect("Default.aspx");

Those lines stop from caching the pages in the browser and in proxy for both http 1.0 and 1.1 so this should work...

10x