I have an issue in vb.net asp web form application, problem is that i have a page that is user for create request. After request create redirect to confirmation page and confirmation page showing confirm_no and player name. Problem is that if multiple member create request on confirmation they can see other member confirm no and player name.
here is my code.
Private Shared selectedRequest As PostRequestModel = Nothing
<System.Web.Services.WebMethod(EnableSession:=True)>
Public Shared Function PostRequest(ByVal earlierTime As String, ByVal latestTime As String, ByVal request As String) As String
selectedRequest = JsonConvert.DeserializeObject(Of PostRequestModel)(request)
SyncLock selectedRequest
selectedearlierTime = GetTimeIn24Hour(earlierTime)
selectedlatestTime = GetTimeIn24Hour(latestTime)
selectedRequestTime = GetTimeIn24Hour(selectedRequest.playTime)
selectedRequest.earliestTime = selectedearlierTime
selectedRequest.latestTime = selectedlatestTime
CreateRequest()
HttpContext.Current.Session("confirmed_request_response_" & HttpContext.Current.Session.SessionID) = selectedRequest
If cpError Then
logger.Error("App: The players don't qualify for this request because of the following error, " + mErrorReason)
Else
If HttpContext.Current.Session("Main_confirm") IsNot Nothing Then
confNo = HttpContext.Current.Session("Main_confirm")
End If
logger.Info("App: Your Tee Time request has been recorded having confirmation number " + confNo)
End If
Dim response = New BookingValidationResponse(Not cpError, mErrorReason)
Return JsonConvert.SerializeObject(response)
End SyncLock
End Function
on confirmation page, page_load method function get the session value print it to web form:
Public Sub LoadRequestFromSession()
Dim sessionKey As String = "confirmed_request_response_" & HttpContext.Current.Session.SessionID
If HttpContext.Current.Session(sessionKey) IsNot Nothing Then
Dim requestFromSession As PostRequestModel = DirectCast(HttpContext.Current.Session(sessionKey), PostRequestModel)
End If
End Sub