Apparent session crosstalk

[Shari]

We are having a very strange problem. We have users processing
personal information, and sometimes, they will go to different page
within that person (i.e. from address details, to insurance coverage),
and all of a sudden, be looking at the data from someone else. This
is obviously causing us exposure to data integrity problems as they
may not notice this data has changed, and go ahead and save it.

We have figured out that when this happens, another user had either
been viewing, or updating, the 2nd person (i.e. the person whose data
gets displayed back to the first user).

Our environment is using a Cisco switch for load balancing between two
servers. No web garden. We have had the users hit one of the servers
directly (thus, eliminating Cicso from the picture) and it still
occurs.

We are not sure if the session variable that stores the person id is
getting altered somehow, or if it is serving back the wrong data. We
have put in a bunch of log messages to determine if the person id is
changing, although we suspect it is the correct person id since they
sometimes don't notice it and go ahead and do the save. This then
modifies the original person information with the wrong data that was
being displayed on the screen.

We are really at a loss and would greatly appreciate any suggestions!

thanks,
Shari

 

[Ken Dopierala Jr.]

Hi Shari,

The first thing to check is to make sure you are using Session() and not
Cache() or Application() by mistake. That is the most common reason this
happens. Session variables might be being used everywhere except for one
key line of code. Also if you encapsulate these objects, check out that
code to make sure there isn't a mistype somewhere. The next thing you
should do after checking that is find a way to consistently make the problem
happen. Have a couple developers or QA people figure out a way to make it
happen. Once you can do that then you can find the code where it occurs.
Good luck! Ken.

 

[Jonathan Allen]

Try this...

Store a GUID in the session object. Pass the same GUID to the user as a
cookie. On each page request, check to see if the GUID in the cookie matches
the one in session. If it doesn't, then somehow your users are hitting other
people's sessions.

 

[Shari]

I found a solution in another post
http://groups.google.com/groups?hl=...&prev=/groups?q=asp+wrong+data&ie=UTF-8&hl=en

The poster Andrew mentions the line
<%@ OutputCache Duration="1" VaryByParam="*" %>

Our pages had an output cache duration of 1 as well, so it was caching
the page for 1 second on the server, so another user accessing the
page within the second would get that page served back.

We took this line out and implemented it last weekend, and so far this
week, the problem has not recurred.