Padarn Session for many users

Question

I'm evaluating Padarn for my project and I'm trying to implement a very simple authentication scheme:

namespace SampleSite
{
    public class Login : Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Request.Form["login"] == "admin" && Request.Form["password"] == "123")
            {
                Session["username"] = "admin";
                Response.Redirect("PostFiles.html");
            }
            else
            {
                Response.Redirect("Default.aspx");
            }
        }
    }
}

It's working fine for a single user, however, when my friend tried to hit the page while I was debugging, a NullReferenceException was thrown at

Session["username"] = "admin";

Then we realized it's not working for concurrent users.

Are concurrent sessions really not supported? Is this some configuration I'm missing?

Concurrent sessions should be fine - the default I think it to allow up to 20. Two questions: what platform are you running on (i.e. desktop, CE, Mono) and exactly what Padarn build number? — ctacke, Apr 30 '14 at 20:55
build is "Evaluation Binaries (v 1.5.13272 : September 2013)", from my ocfhttpd.exe.config file, MaxConnections is indeed set to 20 — Eduardo Wada, Apr 30 '14 at 20:58
Correction: Platform is Windows CE 7.0 with Compact Framework 3.5 — Eduardo Wada, Apr 30 '14 at 21:25

score 0 · Answer 1 · answered May 02 '14 at 03:42

Multiple sessions are definitely supported. By default 10 concurrent sessions are supported.

I put together this quick validation test Page:

class SessionTest : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        var newVariable = Request.Form["value"];

        if (newVariable != null)
        {
            Session["TestVariable"] = newVariable;
        }
    }

    protected override void Render(HtmlTextWriter writer)
    {
        var sessionVariable = Session["TestVariable"];

        writer
            .Html()
                .Body()
                    .Form(t => t
                        [HtmlTextWriterAttribute.Id, "Test"]
                        ["method", "POST"])

                        .Text(string.Format("CurrentValue: {0}", sessionVariable ?? "[null]"))
                        .Br()
                        .Input(t => t
                                [HtmlTextWriterAttribute.Type, "text"]
                                [HtmlTextWriterAttribute.Name, "value"]
                                [HtmlTextWriterAttribute.Maxlength, "32"])
                        .EndTag() // input
                        .Br()
                        .SubmitButton("Submit", "Submit")
                    .EndTag() // form
                    .Form(t => t
                        [HtmlTextWriterAttribute.Id, "Reload"]
                        ["method", "POST"])
                        .SubmitButton("Reload", "Reload")
                    .EndTag() // form
                .EndTag() // body
            .EndTag(); // html                
    }
}

It simply displays a variable for the current Session and lets you change it. I opened two browsers, on in IE and one in Chrome, which generates two sessions just like two PCs would. I then hit the page from both browsers and they showed different saved session state as expected:

From Chrome From IE

I'm still able to reproduce the issue on the test page but it seems intermitent, I'm trying to find a reproductable error case — Eduardo Wada, May 02 '14 at 15:01
Actually, it's not really working, even when I don't get an exception the value is lost if I reload the page — Eduardo Wada, May 02 '14 at 15:36
I'd need a repro project. The above code works for me. I never see an exception and the value remains when I refresh. — ctacke, May 02 '14 at 17:44

score 0 · Accepted Answer · answered May 05 '14 at 14:32

It turns out that, for no good reason at all, the hands-on lab ships with a domain set for the cookies. Even worse, the domain is nonsensical. It's probably a remnant of some sort of testing we were doing internally and never reverted for release.

What's happening is that the configuration has this in it:

<Cookies Domain="169.0.0.2" />

This is causing the session cookies to get stripped from any client (unless it's IP happens to be 169.0.0.2).

This, in turn, causes a new session to be generated with every browser request, which effectively throws out your session variables.

Change your web.config to not have a cookie domain like this, and all will be well:

<Cookies />

The NullReferenceException you get in your Page code is because the Session object on the page in null. This happens when the maximum number of Sessions for the service has been reached (which occurs quickly when each request is generating a new Session).

Padarn Session for many users

2 Answers2

Linked