I recently had a strange thing happen in an ASP.Net application I wrote in VB. When each session starts, one of the first thing it does is create a record in a SQL table and captures its ID value, which is an identity field.

Two sessions were started very close to each other (within miliseconds). The first session needed to update a record in a SQL database using a stored procedure with the ID value. Prior to this update being processed, the second session had been started and received its ID value, which was one more then the first session. When the first session went to update the table, it used the ID value from the second session. Both sessions actually updated the same record, and the record that should have been updated by the first session was never updated.

Has anyone ever experienced this? Or can anyone tell me how this could have happened? Is there any way that one session can share data with another session unless a value has been stored globally?

I have no clue where to start looking. This application has over 10,000 lines of code (it is a credit card processing system). It has run flawlessly for multiple years until this.

LastMitch commented: This question is very vague +0

Rename Every Session.. Use the datetime for naming each sessions.. Thank You..

I may need to be a bit clearer. I do not store any data in session, viewstate, or application. All data is memory resident only until the code has completed. Each session starts then completes and is done. A session is NEVER connected to multiple times. This application processes credit card transactions so once a session has completed and a result for the credit card transaction returned to the calling application, that application will not ever reconnect to the session for anything.

Sorry for misinterpreting your Query.. Well Your problem is that your sp picks the latter id and do the updation.. Well In this case you can create a time delay between the two sessions..

Have you heard about System.Threading.Timer class.. You can create a time delay using the same..

Refer the link below:

http://stackoverflow.com/questions/5603843/c-sharp-executing-a-method-with-intervals-using-system-threading-timer

http://msdn.microsoft.com/en-IN/library/system.threading.timer%28v=vs.95%29.aspx

This did not happen because of the stored procedure. The SP was run once for each session and each session got a different ID value (I can see that this is the case in my log data). The session in question started with one ID then finished with the ID value of the second session.

Member Avatar for LastMitch

This application processes credit card transactions so once a session has completed and a result for the credit card transaction returned to the calling application, that application will not ever reconnect to the session for anything.

Disregard Session for now.

Does the credit card transaction works?

Once the customer click submit on the checkout and does the data goes to the database and the other to the payment page where the customer enter the payment info?

Try to provide a little codesnippet something like this with your post so it would much easier to understand:

<configuration>
  <system.web>
    <sessionState mode="StateServer"
      stateConnectionString="tcpip=SampleStateServer:42424"
      cookieless="false"
      timeout="20"/>
  </system.web>
</configuration>

I got that small codesnippet from here it's called Session-State Modes

You can also try this:

<configuration>
   <system.web>
      <pages buffer="true"
             enableSessionState="true"
             autoEventWireup="true"
             smartNavigation="true"/>
   </system.web>
</configuration>

I got that small codesnippet from here it's called <pages> Element

If that's not what you are talking about.

Then you really need to provide a codesnippet or noone will be able to assists you.

You may be correct in that no one will be able to help. While I appreciate you trying to help, it does not appear as if my issue is being understood.

A code snippit will not be helpful. I am not asking a specific question about how to code something. I am asking a question about whether or not IIS and ASP.NET should allow one session to access or change data that is running in a different, concurrent session without storing that data in the application object or making a variable/class sharable. Even if you did make a variable or class sharable, I still would not think that it would be possible for a separate session to be able to access or change the data.

The situation is this: Two credit card transactions are being initiated at nearly the same time. Session 1 starts, then session 2 starts, then session 1 finishes, then session 2 finishes. Both are running in their own session, with their own, different values. Both have received an ID value from a stored procedure, and both ID values are different. At one point, the session that started first and completed first gets the ID value that the second session has, causing the first session to update the record for the second session. When the second session completes, it updates the same record, which in effect overwrites the data that the first session saves to the database, causing the data from the first session to be lost.

commented: That is corect! +0
Member Avatar for LastMitch

Two credit card transactions are being initiated at nearly the same time. Session 1 starts, then session 2 starts, then session 1 finishes, then session 2 finishes. Both are running in their own session, with their own, different values. Both have received an ID value from a stored procedure, and both ID values are different. At one point, the session that started first and completed first gets the ID value that the second session has, causing the first session to update the record for the second session. When the second session completes, it updates the same record, which in effect overwrites the data that the first session saves to the database, causing the data from the first session to be lost.

I'm assume this is a ecommerce website? Is it mobile ecommerce website or just a ecommerce website?

Did read this question I posted:

Once the customer click submit on the checkout sheet and does the data goes to the database and the other to the payment page where the customer enter the payment info?

Another words everything is in the Database and Payment Plan (PayPal) in the end.

What does it has to do with Session when all the transaction is in the database and Payment Plan?

I hope you understand you are dealing with sensitive infomation.

May I ask what is the issue?

May I ask what is the issue?

What does it has to do with Session when all the transaction is in the database and Payment Pay?

Another words everything is in the Database and Payment plan (PayPal) in the end.

To me, loosing data is a BIG issue. As I have stated previously, the data is being overwritten because both sessions are updating the same database record.

Once the customer click submit on the checkout sheet and does the data goes to the database and the other to the payment page where the customer enter the payment info?

I'm assume this is a ecommerce website? Is it mobile ecommerce website or just a ecommerce website?

and from one of my previous posts:

I may need to be a bit clearer. I do not store any data in session, viewstate, or application. All data is memory resident only until the code has completed. Each session starts then completes and is done. A session is NEVER connected to multiple times. This application processes credit card transactions so once a session has completed and a result for the credit card transaction returned to the calling application, that application will not ever reconnect to the session for anything.

This is not technically an ecommerce site. It is a site that other sites (our own websites) and internal systems use to process a credit card transaction. To these other sites and systems, it looks like PayPal, Authorize.Net, etc. It is passed data for a credit card transaction, like amount, credit card number, customer info, etc. It then proceses the transaction and returns a response which tells the site or system if the credit card transaction was approved or not. This transactional data is stored in a SQL database for reporting. Because the two sessions updated the same record in SQL, because they both had the same record ID value near the end of the process, data from the first session was lost from this database, causing us to not be able to report correctly on this transaction.

What the customer did or did not do on the website they are using has no bearing on what this program does. No customer actually ever directly connects with this program. Its only task is to process a credit card transaction, save the data and results of the transaction to a SQL database, and return the approval results back to the calling site.

commented: Really a Big Issue? +0
Member Avatar for LastMitch

To me, loosing data is a BIG issue. As I have stated previously, the data is being overwritten because both sessions are updating the same database record.

That is very serious issue but can't be overwritten unless someone have access to that database and the Payment Plan. Another words someone has unauthorise access to your website.

It is passed data for a credit card transaction, like amount, credit card number, customer info, etc. It then proceses the transaction and returns a response which tells the site or system if the credit card transaction was approved or not. This transactional data is stored in a SQL database for reporting. Because the two sessions updated the same record in SQL, because they both had the same record ID value near the end of the process, data from the first session was lost from this database, causing us to not be able to report correctly on this transaction.

You are talking about this:

http://www.credit-card-processing.worldwideoptimize.com/credit-card-swipe-machines-and-terminals.html

I think what you mention is the second payment process which has something to do internal systems that process a credit card transaction. You have 2 different payment process method? Which is normal. Ususally the internal system has a software provided.

You have to separate the 2 payment process with a separate id (another words there should be 2 columns, one is online and the other internal) so when you do transcation it won't overwritten the same data in the database. This is something you need to ask your web developer to add a code your to transaction process sheet and add a column in your SQL.

What the customer did or did not do on the website they are using has no bearing on what this program does. No customer actually ever directly connects with this program. Its only task is to process a credit card transaction, save the data and results of the transaction to a SQL database, and return the approval results back to the calling site.

The customers should receive an copy of an invoice/receipt through email or from a mail letter.

This is something you have do manually before you email/mail the invoice/receipt.

Sorry, but LastMitch, I have no words. You are totally not understanding the issue.

Another words someone has unauthorise access to your website.

No one has gotten unauthorized access to the website. Please read my posts.

The only thing I am trying to get an answer to, as posted previously:

I am asking a question about whether or not IIS and ASP.NET should allow one session to access or change data that is running in a different, concurrent session without storing that data in the application object or making a variable/class sharable. Even if you did make a variable or class sharable, I still would not think that it would be possible for a separate session to be able to access or change the data.

commented: Can you please refrain yourself downvoting me again? -2
Member Avatar for LastMitch

The only thing I am trying to get an answer to, as posted previously:

The answer is NO.

I am asking a question about whether or not IIS and ASP.NET should allow one session to access or change data that is running in a different, concurrent session without storing that data in the application object or making a variable/class sharable. Even if you did make a variable or class sharable, I still would not think that it would be possible for a separate session to be able to access or change the data.

Base on your info you provided.

If you post this question in the ASP.net forum I don't feel the ASP.net members will answer this question because it is a bit vague and most likely will not be answer:

http://forums.asp.net/t/1893435.aspx/1?Values+from+one+session+in+a+different+session

So my answer is NO because the info you provide so far.

Glennt, you appear to describe something known as "session crosstalk".

It's not a subject I know much about but Google gives several results for "ASP.net session crosstalk", indicating that it's not an unknown issue.

Airshow, thanks. That was in the correct direction of the issue I found but all of the examples I could find for session crosstalk did not seem to answer what I have experienced, mainly because I am not using session or application variables for the values that changed. But it does atleast give me something to continue researching. Since this application was compiled for .Net 2.0, I might try to compile to 4.0 (the server it is running on is old enough to not support 4.5) and see if that might atleast keep it from happening again in the future.

Good luck.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.