Problem with Session State being shared between users!

Discussion in 'ASP .Net' started by Philip Tepedino, Jul 29, 2004.

  1. I'm having an odd problem. My website's session state is getting shared
    between users!
    This problem only happens when a user tries to access the site from inside
    our corporate LAN. The user, instead of getting a unique session ID, gets
    somehow confused as another session and has access to all of the other
    session's info!
    I tried switching to cookieless sessions but that didn't make any
    difference. This is a huge problem for me, since my site stores user's
    specific info on session variables, and when a second user logs in, it has
    the info of another client.
    It also seems to be caching, somehow, the user's authentication ticket. I've
    had a couple instances where after a user logs in, the second user can go to
    the site, and not even log in. They already show as logged in (as the first
    user)

    My first thought was that some cache engine was screwing me, so I had IT
    disable caching for my IP range.
    It didn't help. Clients are still sharing sessions.
    Also, all internal addresses are being proxy'd, but from what I understand
    that shouldn't affect the session since a cookie (or the URL-based
    cookieless version) would basically link a client with a session regardless
    of a proxy server.

    Its a total mess, and I'm out of ideas on how I can get this working.
    Any help would be greatly appreciated!


    Philip Tepedino
    Siemens Westinghouse Generation Services
     
    Philip Tepedino, Jul 29, 2004
    #1
    1. Advertising

  2. Philip Tepedino

    bruce barker Guest

    shared sessions are almost always a coding error, where session data is
    stored in static (shared in vb) variable, or a public variable in vb module
    which also is a static variable.

    -- bruce (sqlwork.com)


    "Philip Tepedino" <> wrote in message
    news:%23cr6%...
    > I'm having an odd problem. My website's session state is getting shared
    > between users!
    > This problem only happens when a user tries to access the site from inside
    > our corporate LAN. The user, instead of getting a unique session ID, gets
    > somehow confused as another session and has access to all of the other
    > session's info!
    > I tried switching to cookieless sessions but that didn't make any
    > difference. This is a huge problem for me, since my site stores user's
    > specific info on session variables, and when a second user logs in, it has
    > the info of another client.
    > It also seems to be caching, somehow, the user's authentication ticket.

    I've
    > had a couple instances where after a user logs in, the second user can go

    to
    > the site, and not even log in. They already show as logged in (as the

    first
    > user)
    >
    > My first thought was that some cache engine was screwing me, so I had IT
    > disable caching for my IP range.
    > It didn't help. Clients are still sharing sessions.
    > Also, all internal addresses are being proxy'd, but from what I understand
    > that shouldn't affect the session since a cookie (or the URL-based
    > cookieless version) would basically link a client with a session

    regardless
    > of a proxy server.
    >
    > Its a total mess, and I'm out of ideas on how I can get this working.
    > Any help would be greatly appreciated!
    >
    >
    > Philip Tepedino
    > Siemens Westinghouse Generation Services
    >
    >
    >
     
    bruce barker, Jul 29, 2004
    #2
    1. Advertising

  3. You have a really good point. I believe some variables may be set as shared.
    I guess I expected share to share only on a certain session, but now that
    you mention it, that makes no sense at all. not sure what I was thinking!

    I guess a question would be.. whats a good alternative? just using session
    variables?

    thanks a lot!



    "bruce barker" <> wrote in message
    news:...
    > shared sessions are almost always a coding error, where session data is
    > stored in static (shared in vb) variable, or a public variable in vb

    module
    > which also is a static variable.
    >
    > -- bruce (sqlwork.com)
    >
    >
    > "Philip Tepedino" <> wrote in message
    > news:%23cr6%...
    > > I'm having an odd problem. My website's session state is getting shared
    > > between users!
    > > This problem only happens when a user tries to access the site from

    inside
    > > our corporate LAN. The user, instead of getting a unique session ID,

    gets
    > > somehow confused as another session and has access to all of the other
    > > session's info!
    > > I tried switching to cookieless sessions but that didn't make any
    > > difference. This is a huge problem for me, since my site stores user's
    > > specific info on session variables, and when a second user logs in, it

    has
    > > the info of another client.
    > > It also seems to be caching, somehow, the user's authentication ticket.

    > I've
    > > had a couple instances where after a user logs in, the second user can

    go
    > to
    > > the site, and not even log in. They already show as logged in (as the

    > first
    > > user)
    > >
    > > My first thought was that some cache engine was screwing me, so I had IT
    > > disable caching for my IP range.
    > > It didn't help. Clients are still sharing sessions.
    > > Also, all internal addresses are being proxy'd, but from what I

    understand
    > > that shouldn't affect the session since a cookie (or the URL-based
    > > cookieless version) would basically link a client with a session

    > regardless
    > > of a proxy server.
    > >
    > > Its a total mess, and I'm out of ideas on how I can get this working.
    > > Any help would be greatly appreciated!
    > >
    > >
    > > Philip Tepedino
    > > Siemens Westinghouse Generation Services
    > >
    > >
    > >

    >
    >
     
    Philip Tepedino, Jul 29, 2004
    #3
  4. Philip Tepedino

    jcn Guest

    I think I have the same problem than you have. Some Session variables
    are shared between users. I have this problem only for somme of the
    Session variables and only for some of my solution webforms. Users
    don't share variable until they navigate to 2 of the webforms of my
    application. This application contains 50 webforms.

    I have no solution and I hope you solved your problem so you can help
    me.

    Regards



    --
    jcn
    ------------------------------------------------------------------------
    Posted via http://www.codecomments.com
    ------------------------------------------------------------------------
     
    jcn, May 12, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. shamanthakamani
    Replies:
    1
    Views:
    3,508
    Natty Gur
    Nov 20, 2003
  2. ton
    Replies:
    5
    Views:
    709
  3. Not Liking Dot Net Today
    Replies:
    0
    Views:
    624
    Not Liking Dot Net Today
    Apr 21, 2004
  4. Lauri Kotilainen

    Session state IDs mixed between users

    Lauri Kotilainen, Sep 21, 2005, in forum: ASP .Net
    Replies:
    15
    Views:
    1,592
    Pennidren
    Feb 13, 2010
  5. archana
    Replies:
    0
    Views:
    352
    archana
    Mar 13, 2007
Loading...

Share This Page