Padarn Session for many users

Question

I'm evaluating Padarn for my project and I'm trying to implement a very simple authentication scheme:

namespace SampleSite
{
    public class Login : Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Request.Form["login"] == "admin" && Request.Form["password"] == "123")
            {
                Session["username"] = "admin";
                Response.Redirect("PostFiles.html");
            }
            else
            {
                Response.Redirect("Default.aspx");
            }
        }
    }
}

It's working fine for a single user, however, when my friend tried to hit the page while I was debugging, a NullReferenceException was thrown at

Session["username"] = "admin";

Then we realized it's not working for concurrent users.

Are concurrent sessions really not supported? Is this some configuration I'm missing?

Answer 1

It turns out that, for no good reason at all, the hands-on lab ships with a domain set for the cookies. Even worse, the domain is nonsensical. It's probably a remnant of some sort of testing we were doing internally and never reverted for release.

What's happening is that the configuration has this in it:

<Cookies Domain="169.0.0.2" />

This is causing the session cookies to get stripped from any client (unless it's IP happens to be 169.0.0.2).

This, in turn, causes a new session to be generated with every browser request, which effectively throws out your session variables.

Change your web.config to not have a cookie domain like this, and all will be well:

<Cookies />

The NullReferenceException you get in your Page code is because the Session object on the page in null. This happens when the maximum number of Sessions for the service has been reached (which occurs quickly when each request is generating a new Session).

Answer 2

Multiple sessions are definitely supported. By default 10 concurrent sessions are supported.

I put together this quick validation test Page:

class SessionTest : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        var newVariable = Request.Form["value"];

        if (newVariable != null)
        {
            Session["TestVariable"] = newVariable;
        }
    }

    protected override void Render(HtmlTextWriter writer)
    {
        var sessionVariable = Session["TestVariable"];

        writer
            .Html()
                .Body()
                    .Form(t => t
                        [HtmlTextWriterAttribute.Id, "Test"]
                        ["method", "POST"])

                        .Text(string.Format("CurrentValue: {0}", sessionVariable ?? "[null]"))
                        .Br()
                        .Input(t => t
                                [HtmlTextWriterAttribute.Type, "text"]
                                [HtmlTextWriterAttribute.Name, "value"]
                                [HtmlTextWriterAttribute.Maxlength, "32"])
                        .EndTag() // input
                        .Br()
                        .SubmitButton("Submit", "Submit")
                    .EndTag() // form
                    .Form(t => t
                        [HtmlTextWriterAttribute.Id, "Reload"]
                        ["method", "POST"])
                        .SubmitButton("Reload", "Reload")
                    .EndTag() // form
                .EndTag() // body
            .EndTag(); // html                
    }
}

It simply displays a variable for the current Session and lets you change it. I opened two browsers, on in IE and one in Chrome, which generates two sessions just like two PCs would. I then hit the page from both browsers and they showed different saved session state as expected: