Hi, Friends:

I'm facing problem with session variables.

I have posted my site on http://bamboat_3.europe.webmatrixhosting.net/. I am using session variables to stroe the Database Connection and the User ID (e.g. Session("DBConnection") and Session("User_ID")) and also using the same variables to retrieve the value on the other pages, but the problem is that its not working.

Even to find out the exactly that session variables are not working, check out this link
http://bamboat_3.europe.webmatrixhosting.net/CheckIn.aspx

There u will find that session variables is only working on the same page but it is not transfering the value to other page.

Please help me out from the above cited problem, because the uploaded site is properly working on my localhost (local PC).

NOTE: I am using SQL Server 2000 as back hand database

Looking forward to your kind reply.
Thank you

Generally I just pass a user id and maybe a name to match it through the session. But your site looks to be working at first glance. You can't really realy on a session for too much, session time out of somewhat unreliable and you can't depend on session on end events, if you want to keep data for extended time periods the best thing to do would be to use a cookie. The session can end earlier then expected, its a bug in asp.net 1.1, but I think its a pretty safe bet that it will be fixed by the next version. So Sujay has not been providing his ace technical support over on the wmh forums? :D Sujay is awesome.

You are asking for problems storing these things in Session variables. There are just too many things that could happen. Cookies are also not a good replacement.

A far better solution is to store your connection string in the Web.config file, then replace all your references to the Session variable with ConfigurationSettings.AppSettings("connectionString").

Originally posted by roteague
Cookies are also not a good replacement. cookies are more reliable then a buggy asp.net session though. The asp.net session state is infamous for not being reliable, hopefully these bugs will be fixed by 2.0

cookies are more reliable then a buggy asp.net session though

True, but do you really want to store your database connection string and database password on the user's computer? The Web.config is where these things should be stored.

Originally posted by roteague
True, but do you really want to store your database connection string and database password on the user's computer? The Web.config is where these things should be stored. aggreeed, that is why the only things I keep in the session are the userid or something to identify the user. That useid would be an incrimenting feild in the db. Infact, I do not even keep my db connection in the web.config, I just put it on every page, its just a habit I have gotten into.

I do not even keep my db connection in the web.config, I just put it on every page

You really should get in the habit of using the Web.config file, it is much safer than storing variable on a page (which gets sent to the user). Additionally, should you ever need to change, for example, you database connection string, you need to change it in only one place. You don't have to look through all the pages of a web site.

Originally posted by roteague
You really should get in the habit of using the Web.config file, it is much safer than storing variable on a page (which gets sent to the user). Additionally, should you ever need to change, for example, you database connection string, you need to change it in only one place. You don't have to look through all the pages of a web site. well even if the connection is on the page, it never goes to the user, the script never gets sent to the user, as it is run server side, so the user will never have an opportunity to get sent the connection string. Depending on the server, it might be easier to keep the connection string in the asp.net document, because any remote request for a .aspx file will just execute the code and the user will see the html, but a request for the web.config will give a file not served error message by default, but if anyone has been playing in those security settings (a hacker could conceivably I guess) he could then request the web.config, and this would only be useful if you were running an ecommerce site and you had tls he didnt want to go around or something. But about changeing it on every page, I have access connection strings here and there where I need them, and I guess I just started putting all strings all over, because not every page will access the main mssql db that would be storeing use names etc. I would only need to change it on pages that connect to the db, which is not all of the pages, but still more then one.