B
Berrucho
Please Help!
I recently posted this same issue but got no answer... please help
Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
Using forms authentication, persistent cookie = false
Recently my asp.net app is returning wrong data to users. Users frequently
get data that should only be seen by other user.
Upon authentication against database in the login page, I set auth cookie
and fill some session variables like userid, user role ... this info is
then read and used as criteria for database query.
In search for an answer I set a hidden field = session.sessionID.tostring
that gets filled every page_load and discovered that sometimes the
sessionID returned is exactly the same in two browsers running in two
different machines. Also noticed that when this happens to user B, user A
had been recently logged.
I thought I was changing session data somewhere in my app, thus the
described errors, but now I understand that as the browser gets a sessionID
that is already being used by another user my queries get the session
values of the other user and not the current user
I also noticed that sometimes the hidden field of user A of page1.aspx was
sessionID ex. xxxxaaaa... and when navigating to another page the sessionID
value was diferent but = to sessionID of user B
Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
login page, and sometimes users are redirected meaning that the sessionID
is not the same...
All pages have EnableSessionState=True
I have session_start and session_end counting number of users online in
global.asax
Please Help, Looking for a resolution for some days, read dozens of
threads, my books, msdn ... no way...
Thanks
B
I recently posted this same issue but got no answer... please help
Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
Using forms authentication, persistent cookie = false
Recently my asp.net app is returning wrong data to users. Users frequently
get data that should only be seen by other user.
Upon authentication against database in the login page, I set auth cookie
and fill some session variables like userid, user role ... this info is
then read and used as criteria for database query.
In search for an answer I set a hidden field = session.sessionID.tostring
that gets filled every page_load and discovered that sometimes the
sessionID returned is exactly the same in two browsers running in two
different machines. Also noticed that when this happens to user B, user A
had been recently logged.
I thought I was changing session data somewhere in my app, thus the
described errors, but now I understand that as the browser gets a sessionID
that is already being used by another user my queries get the session
values of the other user and not the current user
I also noticed that sometimes the hidden field of user A of page1.aspx was
sessionID ex. xxxxaaaa... and when navigating to another page the sessionID
value was diferent but = to sessionID of user B
Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
login page, and sometimes users are redirected meaning that the sessionID
is not the same...
All pages have EnableSessionState=True
I have session_start and session_end counting number of users online in
global.asax
Please Help, Looking for a resolution for some days, read dozens of
threads, my books, msdn ... no way...
Thanks
B