Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Dropped Sessions?

14 views
Skip to first unread message

Davej

unread,
May 5, 2012, 11:34:11 AM5/5/12
to
I thought I had WebClient working, but it isn't working right. I
establish a session with Session["sessname"] = myid and use
Response.Redirect("newpage") and I keep returning the hidden
"__VIEWSTATE" and "__EVENTVALIDATION" fields, but my session dies
immediately.

WebClient keeps returning the VS and EV but they aren't changing.

In Java you have response objects and session objects but I'm getting
confused about what VS and EV are representing and how ASP.NET may
differ. I don't need to keep setting session objects in ASP do I?

Thanks

Arne Vajhøj

unread,
May 5, 2012, 11:53:32 AM5/5/12
to
On 5/5/2012 11:34 AM, Davej wrote:
> I thought I had WebClient working, but it isn't working right. I
> establish a session with Session["sessname"] = myid and use
> Response.Redirect("newpage") and I keep returning the hidden
> "__VIEWSTATE" and "__EVENTVALIDATION" fields, but my session dies
> immediately.
>
> WebClient keeps returning the VS and EV but they aren't changing.

And you are also returning the right session cookie?

> In Java you have response objects and session objects but I'm getting
> confused about what VS and EV are representing and how ASP.NET may
> differ. I don't need to keep setting session objects in ASP do I?

ViewState is page scope and is stored client side.

You can do something similar in JSF.

If you control the ASP.NET side, then you could disable
view state.

Arne


Davej

unread,
May 5, 2012, 11:57:18 AM5/5/12
to
Cookies? Does Session[] create a cookie? I am just extracting and
returning the VS and EV strings. Thanks.

Arne Vajhøj

unread,
May 5, 2012, 12:08:32 PM5/5/12
to
On 5/5/2012 11:57 AM, Davej wrote:
> On May 5, 10:53 am, Arne Vajhøj<a...@vajhoej.dk> wrote:
>> On 5/5/2012 11:34 AM, Davej wrote:
>>
>>> I thought I had WebClient working, but it isn't working right. I
>>> establish a session with Session["sessname"] = myid and use
>>> Response.Redirect("newpage") and I keep returning the hidden
>>> "__VIEWSTATE" and "__EVENTVALIDATION" fields, but my session dies
>>> immediately.
>>
>>> WebClient keeps returning the VS and EV but they aren't changing.
>>
>> And you are also returning the right session cookie?
>>
>>> In Java you have response objects and session objects but I'm getting
>>> confused about what VS and EV are representing and how ASP.NET may
>>> differ. I don't need to keep setting session objects in ASP do I?
>>
>> ViewState is page scope and is stored client side.
>>
>> You can do something similar in JSF.
>>
>> If you control the ASP.NET side, then you could disable
>> view state.
>
> Cookies? Does Session[] create a cookie? I am just extracting and
> returning the VS and EV strings. Thanks.

ASP.NET gives you a cookie that identifies the session.

When you send that with the following requests, then you
get the correct Session object associated with the request.

ViewState stores the page context which is different.

Arne

Davej

unread,
May 5, 2012, 12:33:09 PM5/5/12
to
Oh heck, Session is a cookie. I thought it was part of the VS or EV.

http://msdn.microsoft.com/en-us/library/ms178582.aspx

Arne Vajhøj

unread,
May 5, 2012, 1:05:08 PM5/5/12
to
> Oh heck, Session is a cookie. I thought it was part of the VS or EV.

It is not.

You need a CookieContainer.

That is easy in HttpWebRequest, but seems to require
a hack in WebClient.

http://stackoverflow.com/questions/1777221/using-cookiecontainer-with-webclient-class

Arne


Davej

unread,
May 5, 2012, 12:59:15 PM5/5/12
to
NameValueCollection NameValPairs = new NameValueCollection();

NameValPairs.Add("form2", "");
NameValPairs.Add("__VIEWSTATE", m_strVS);
NameValPairs.Add("__EVENTVALIDATION", m_strEV);
NameValPairs.Add("Input", update);

m_pageBuffer = m_client.UploadValues(uriString, "POST", NameValPairs);

So is there (hopefully) something simple like
AddCookie("SessionState")

???
I don't see it.

Arne Vajhøj

unread,
May 5, 2012, 2:32:51 PM5/5/12
to
See SO link in my previous post on how to work around it.

Arne

Davej

unread,
May 5, 2012, 2:50:29 PM5/5/12
to
On May 5, 11:59 am, Davej <galt...@hotmail.com> wrote:
> On May 5, 11:08 am, Arne Vajhøj <a...@vajhoej.dk> wrote:
> > On 5/5/2012 11:57 AM, Davej wrote:
> > > On May 5, 10:53 am, Arne Vajhøj<a...@vajhoej.dk>  wrote:
> > >> On 5/5/2012 11:34 AM, Davej wrote:
>
> > >>> I thought I had WebClient working, but it isn't working right. I
> > >>> establish a session with Session["sessname"] = myid and use
> > >>> Response.Redirect("newpage") and I keep returning the hidden
> > >>> "__VIEWSTATE" and "__EVENTVALIDATION" fields, but my session dies
> > >>> immediately.
>
> > >>> WebClient keeps returning the VS and EV but they aren't changing.
>
> > >> And you are also returning the right session cookie?
> [....]
> > >> If you control the ASP.NET side, then you could disable
> > >> view state.
>
> > > Cookies? Does Session[] create a cookie? I am just extracting and
> > > returning the VS and EV strings. Thanks.
>
> > ASP.NET gives you a cookie that identifies the session.
>
> > When you send that with the following requests, then you
> > get the correct Session object associated with the request.
>
> > ViewState stores the page context which is different.
>
> > Arne
>
> NameValueCollection NameValPairs = new NameValueCollection();
>
> NameValPairs.Add("form2", "");
> NameValPairs.Add("__VIEWSTATE", m_strVS);
> NameValPairs.Add("__EVENTVALIDATION", m_strEV);
> NameValPairs.Add("Input", update);
>
> m_pageBuffer = m_client.UploadValues(uriString, "POST", NameValPairs);
>
> So is there (hopefully) something simple like
> AddCookie("SessionState")
>
> ???
> I don't see it.

Oh, so if I use an instance of a CookieAwareWebClient what do I
actually have to do to make it work? Declare the address of the page
as a Uri and then call GetWebRequest before using the WebClient? This
stuff is over my head. Thanks.



public class CookieAwareWebClient : WebClient
{
private readonly CookieContainer m_container = new
CookieContainer();

protected override WebRequest GetWebRequest(Uri address)
{
WebRequest request = base.GetWebRequest(address);
HttpWebRequest webRequest = request as HttpWebRequest;
if (webRequest != null)
{
webRequest.CookieContainer = m_container;
}
return request;
}
}

Davej

unread,
May 5, 2012, 3:05:13 PM5/5/12
to
> http://stackoverflow.com/questions/1777221/using-cookiecontainer-with...
>
> Arne

CookieAwareWebClient m_client = new CookieAwareWebClient();

Uri serviceUri = new Uri("http://www.myspot.com/service.aspx");
WebRequest wr = WebRequest.Create(serviceUri);

NameValueCollection NameValPairs = new NameValueCollection();

NameValPairs.Add("form1", "");
NameValPairs.Add("__VIEWSTATE", m_strVS);
NameValPairs.Add("__EVENTVALIDATION", m_strEV);
NameValPairs.Add("Input", update);

// m_client.Headers.Add("???", HttpContext.Current.Session.SessionID);
// m_client.Headers.Add(HttpRequestHeader.Cookie,
m_client.Headers.???);

m_pageBuffer = m_client.UploadValues(serviceUri, "POST",
NameValPairs);

???????

Arne Vajhøj

unread,
May 5, 2012, 3:09:42 PM5/5/12
to
Nothing. Just use the same instance for all requests.

Arne


Davej

unread,
May 5, 2012, 3:31:29 PM5/5/12
to
Just use it? No add-cookie-to-the-header-collection first? No
WebRequest object?

Arne Vajhøj

unread,
May 5, 2012, 4:01:15 PM5/5/12
to
On 5/5/2012 3:31 PM, Davej wrote:
> On May 5, 2:09 pm, Arne Vajhøj<a...@vajhoej.dk> wrote:
>> On 5/5/2012 2:50 PM, Davej wrote:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> On May 5, 11:59 am, Davej<galt...@hotmail.com> wrote:
>>>> On May 5, 11:08 am, Arne Vajhøj<a...@vajhoej.dk> wrote:
>>>>> On 5/5/2012 11:57 AM, Davej wrote:
>>>>>> On May 5, 10:53 am, Arne Vajhøj<a...@vajhoej.dk> wrote:
>>>>>>> On 5/5/2012 11:34 AM, Davej wrote:
>>
>>>>>>>> I thought I had WebClient working, but it isn't working right. I
>>>>>>>> establish a session with Session["sessname"] = myid and use
>>>>>>>> Response.Redirect("newpage") and I keep returning the hidden
>>>>>>>> "__VIEWSTATE" and "__EVENTVALIDATION" fields, but my session dies
>>>>>>>> immediately.
>>
>>>>>>>> WebClient keeps returning the VS and EV but they aren't changing.
>>
>>>>>>> And you are also returning the right session cookie?
>>>> [....]
>>>>>>> If you control the ASP.NET side, then you could disable
>>>>>>> view state.
>>
>>>>>> Cookies? Does Session[] create a cookie? I am just extracting and
>>>>>> returning the VS and EV strings. Thanks.
>>
>>>>> ASP.NET gives you a cookie that identifies the session.
>>
>>>>> When you send that with the following requests, then you
>>>>> get the correct Session object associated with the request.
>>
>>>>> ViewState stores the page context which is different.
>>
>>>> NameValueCollection NameValPairs = new NameValueCollection();
>>
>>>> NameValPairs.Add("form2", "");
>>>> NameValPairs.Add("__VIEWSTATE", m_strVS);
>>>> NameValPairs.Add("__EVENTVALIDATION", m_strEV);
>>>> NameValPairs.Add("Input", update);
>>
>>>> m_pageBuffer = m_client.UploadValues(uriString, "POST", NameValPairs);
>>
>>>> So is there (hopefully) something simple like
>>>> AddCookie("SessionState")
>>
>>>> ???
>>>> I don't see it.
>>
>>> Oh, so if I use an instance of a CookieAwareWebClient what do I
>>> actually have to do to make it work? Declare the address of the page
>>> as a Uri and then call GetWebRequest before using the WebClient? This
>>> stuff is over my head.
>>
>> Nothing. Just use the same instance for all requests.
>
> Just use it? No add-cookie-to-the-header-collection first? No
> WebRequest object?

Yes. No. No.

When you use that CookieAwareWebClient then its HttpWebRequest
get associated a CookieContainer and then sessions should
work.

Arne


Davej

unread,
May 5, 2012, 4:01:21 PM5/5/12
to
Hmmm... just substituting CookieAwareWebClient does not seem to
produce different results. It supports cookies, but will it both
receive and send them without help?

I download the login page.
submit name & pwd.
I see that I have been redirected to the logged-in page.
I post to the logged-in page and get what looks like a legitimate
result.
I post to the logged-in page a second time and EV and VS do not
change. I think that means my session variable has not been found.

Arne Vajhøj

unread,
May 5, 2012, 4:08:53 PM5/5/12
to
On 5/5/2012 4:01 PM, Davej wrote:
> On May 5, 2:09 pm, Arne Vajhøj<a...@vajhoej.dk> wrote:
>> On 5/5/2012 2:50 PM, Davej wrote:
>>> On May 5, 11:59 am, Davej<galt...@hotmail.com> wrote:
>>>> On May 5, 11:08 am, Arne Vajhøj<a...@vajhoej.dk> wrote:
>>>>> On 5/5/2012 11:57 AM, Davej wrote:
>>>>>> On May 5, 10:53 am, Arne Vajhøj<a...@vajhoej.dk> wrote:
>>>>>>> On 5/5/2012 11:34 AM, Davej wrote:
>>
>>>>>>>> I thought I had WebClient working, but it isn't working right. I
>>>>>>>> establish a session with Session["sessname"] = myid and use
>>>>>>>> Response.Redirect("newpage") and I keep returning the hidden
>>>>>>>> "__VIEWSTATE" and "__EVENTVALIDATION" fields, but my session dies
>>>>>>>> immediately.
>>
>>>>>>>> WebClient keeps returning the VS and EV but they aren't changing.
>>
>>>>>>> And you are also returning the right session cookie?
>>>> [....]
>>>>>>> If you control the ASP.NET side, then you could disable
>>>>>>> view state.
>>
>>>>>> Cookies? Does Session[] create a cookie? I am just extracting and
>>>>>> returning the VS and EV strings. Thanks.
>>
>>>>> ASP.NET gives you a cookie that identifies the session.
>>
>>>>> When you send that with the following requests, then you
>>>>> get the correct Session object associated with the request.
>>
>>>>> ViewState stores the page context which is different.
>>
>>>> NameValueCollection NameValPairs = new NameValueCollection();
>>
>>>> NameValPairs.Add("form2", "");
>>>> NameValPairs.Add("__VIEWSTATE", m_strVS);
>>>> NameValPairs.Add("__EVENTVALIDATION", m_strEV);
>>>> NameValPairs.Add("Input", update);
>>
>>>> m_pageBuffer = m_client.UploadValues(uriString, "POST", NameValPairs);
>>
>>>> So is there (hopefully) something simple like
>>>> AddCookie("SessionState")
>>
>>>> ???
>>>> I don't see it.
>>
>>> Oh, so if I use an instance of a CookieAwareWebClient what do I
>>> actually have to do to make it work? Declare the address of the page
>>> as a Uri and then call GetWebRequest before using the WebClient? This
>>> stuff is over my head.
>>
>> Nothing. Just use the same instance for all requests.

> Hmmm... just substituting CookieAwareWebClient does not seem to
> produce different results. It supports cookies, but will it both
> receive and send them without help?

It should.

> I download the login page.
> submit name& pwd.
> I see that I have been redirected to the logged-in page.
> I post to the logged-in page and get what looks like a legitimate
> result.
> I post to the logged-in page a second time and EV and VS do not
> change. I think that means my session variable has not been found.

Maybe - maybe not.

Aren't there a more specific way to check if you are logged in or not?

Arne


Davej

unread,
May 5, 2012, 5:07:14 PM5/5/12
to
You are right that I am making this problem more difficult and
mysterious for myself by not consistently sending complete debug
information back from the website. Actually..... it may be working
now!!!

Davej

unread,
May 6, 2012, 9:19:33 PM5/6/12
to
Ah, it is working until I throw some sort of exception reading the
database with SqlDataReader or improperly passing the result array
back. At that point everything dies -- including the sessions.

Thanks for your help!!!

Arne Vajhøj

unread,
May 6, 2012, 9:43:12 PM5/6/12
to
>> You are right that I am making this problem more difficult and
>> mysterious for myself by not consistently sending complete debug
>> information back from the website. Actually..... it may be working
>> now!!!
>
> Ah, it is working until I throw some sort of exception reading the
> database with SqlDataReader or improperly passing the result array
> back. At that point everything dies -- including the sessions.

The session should not be invalidated due to an exception.

But obviously you need to handle the exception properly.

Would it be possible to expose the data as a web service
instead of as a web page (that would make many things
easier client side)?

Arne


Davej

unread,
May 7, 2012, 10:00:36 AM5/7/12
to
On May 6, 8:43 pm, Arne Vajhøj <a...@vajhoej.dk> wrote:
> On 5/6/2012 9:19 PM, Davej wrote:
> [...]
> > Ah, it is working until I throw some sort of exception reading the
> > database with SqlDataReader or improperly passing the result array
> > back. At that point everything dies -- including the sessions.
>
> The session should not be invalidated due to an exception.
>
> But obviously you need to handle the exception properly.
>
> Would it be possible to expose the data as a web service
> instead of as a web page (that would make many things
> easier client side)?
>
> Arne

I was confused by web services so I went down the path of "screen
scraping" with the idea that I could perhaps switch over later.

I have a couple of database-related subroutine calls commented out
right now because they seem to make everything die.

Arne Vajhøj

unread,
May 7, 2012, 7:36:53 PM5/7/12
to
On 5/7/2012 10:00 AM, Davej wrote:
> On May 6, 8:43 pm, Arne Vajhøj<a...@vajhoej.dk> wrote:
>> On 5/6/2012 9:19 PM, Davej wrote:
>> [...]
>>> Ah, it is working until I throw some sort of exception reading the
>>> database with SqlDataReader or improperly passing the result array
>>> back. At that point everything dies -- including the sessions.
>>
>> The session should not be invalidated due to an exception.
>>
>> But obviously you need to handle the exception properly.
>>
>> Would it be possible to expose the data as a web service
>> instead of as a web page (that would make many things
>> easier client side)?
>
> I was confused by web services so I went down the path of "screen
> scraping" with the idea that I could perhaps switch over later.

I think it would have been way easier for you with web services.

WCF is a bit complex, but there are alternatives:
* oldfashioned .asmx web services
* a simple web handler (.ashx)

Arne


Davej

unread,
May 8, 2012, 6:35:01 AM5/8/12
to
I will have to read up on those. I wanted to avoid just using some
mysterious library that would magically do everything. I am still
trying to grasp some of the underlying limitations and issues of my
simple-minded approach; for example sending numbers is no problem, but
strings have to be sent with caution, particularly in the download
direction. In my application strings are not too important, but I have
some strings come back in the debugging messages and I did include a
"chat" feature. Although I have not tested this I'm guessing that
"<table>" or "</html>" would be bad sequences to find in a chat
message.

Arne Vajhøj

unread,
May 8, 2012, 8:57:42 PM5/8/12
to
On 5/8/2012 6:35 AM, Davej wrote:
> On May 7, 6:36 pm, Arne Vajhøj<a...@vajhoej.dk> wrote:
>> On 5/7/2012 10:00 AM, Davej wrote:
>>> On May 6, 8:43 pm, Arne Vajhøj<a...@vajhoej.dk> wrote:
>>>> On 5/6/2012 9:19 PM, Davej wrote:
>>>> [...]
>>>>> Ah, it is working until I throw some sort of exception reading the
>>>>> database with SqlDataReader or improperly passing the result array
>>>>> back. At that point everything dies -- including the sessions.
>>
>>>> The session should not be invalidated due to an exception.
>>
>>>> But obviously you need to handle the exception properly.
>>
>>>> Would it be possible to expose the data as a web service
>>>> instead of as a web page (that would make many things
>>>> easier client side)?
>>
>>> I was confused by web services so I went down the path of "screen
>>> scraping" with the idea that I could perhaps switch over later.
>>
>> I think it would have been way easier for you with web services.
>>
>> WCF is a bit complex, but there are alternatives:
>> * oldfashioned .asmx web services
>> * a simple web handler (.ashx)
>
> I will have to read up on those. I wanted to avoid just using some
> mysterious library that would magically do everything. I am still
> trying to grasp some of the underlying limitations and issues of my
> simple-minded approach; for example sending numbers is no problem, but
> strings have to be sent with caution, particularly in the download
> direction. In my application strings are not too important, but I have
> some strings come back in the debugging messages and I did include a
> "chat" feature. Although I have not tested this I'm guessing that
> "<table>" or"</html>" would be bad sequences to find in a chat
> message.

A simple web handler (.ashx) does not contain much magic.

Arne

Davej

unread,
May 10, 2012, 2:36:34 PM5/10/12
to
If it does not force me to use XML I will give it a try next week.
Thanks.

Arne Vajhøj

unread,
May 14, 2012, 7:30:24 PM5/14/12
to
> If it does not force me to use XML I will give it a try next week.

You can do XML, JSON, CSV or whatever format you like.

Unless bandwidth is a primary concern, then I believe
XML would be a nice format.

Arne


Davej

unread,
May 15, 2012, 11:09:43 AM5/15/12
to
On May 14, 6:30 pm, Arne Vajhøj <a...@vajhoej.dk> wrote:
> On 5/10/2012 2:36 PM, Davej wrote:
> > On May 8, 7:57 pm, Arne Vajhøj<a...@vajhoej.dk>  wrote:
>
> >> A simple web handler (.ashx) does not contain much magic.
>
> > If it does not force me to use XML I will give it a try next week.
>
> You can do XML, JSON, CSV or whatever format you like.
>
> Unless bandwidth is a primary concern, then I believe
> XML would be a nice format.
>
> Arne

Well, I am still trying to get my basic functionality working, but if
I try a web service option I would want to keep the simple
(concatenated/delimited strings with a simple header) message format
that I am using now. Maybe add a wrapper if that is required. I am
curious about how major or minor the change over might be. I noticed
that there are apparently some changes that need to be made to the
web.config file for a web service. Thanks.

Arne Vajhøj

unread,
May 15, 2012, 6:50:18 PM5/15/12
to
On 5/15/2012 11:09 AM, Davej wrote:
> On May 14, 6:30 pm, Arne Vajhøj<a...@vajhoej.dk> wrote:
>> On 5/10/2012 2:36 PM, Davej wrote:
>>> On May 8, 7:57 pm, Arne Vajhøj<a...@vajhoej.dk> wrote:
>>
>>>> A simple web handler (.ashx) does not contain much magic.
>>
>>> If it does not force me to use XML I will give it a try next week.
>>
>> You can do XML, JSON, CSV or whatever format you like.
>>
>> Unless bandwidth is a primary concern, then I believe
>> XML would be a nice format.
>
> Well, I am still trying to get my basic functionality working, but if
> I try a web service option I would want to keep the simple
> (concatenated/delimited strings with a simple header) message format
> that I am using now. Maybe add a wrapper if that is required. I am
> curious about how major or minor the change over might be. I noticed
> that there are apparently some changes that need to be made to the
> web.config file for a web service.

That is only for WCF.

Neither old style .asmx nor simple web handlers .ashx
requires changes to web.config.

Arne
0 new messages