P
Philip Tepedino
I'm having an odd problem. My website's session state is getting shared
between users!
This problem only happens when a user tries to access the site from inside
our corporate LAN. The user, instead of getting a unique session ID, gets
somehow confused as another session and has access to all of the other
session's info!
I tried switching to cookieless sessions but that didn't make any
difference. This is a huge problem for me, since my site stores user's
specific info on session variables, and when a second user logs in, it has
the info of another client.
It also seems to be caching, somehow, the user's authentication ticket. I've
had a couple instances where after a user logs in, the second user can go to
the site, and not even log in. They already show as logged in (as the first
user)
My first thought was that some cache engine was screwing me, so I had IT
disable caching for my IP range.
It didn't help. Clients are still sharing sessions.
Also, all internal addresses are being proxy'd, but from what I understand
that shouldn't affect the session since a cookie (or the URL-based
cookieless version) would basically link a client with a session regardless
of a proxy server.
Its a total mess, and I'm out of ideas on how I can get this working.
Any help would be greatly appreciated!
Philip Tepedino
Siemens Westinghouse Generation Services
between users!
This problem only happens when a user tries to access the site from inside
our corporate LAN. The user, instead of getting a unique session ID, gets
somehow confused as another session and has access to all of the other
session's info!
I tried switching to cookieless sessions but that didn't make any
difference. This is a huge problem for me, since my site stores user's
specific info on session variables, and when a second user logs in, it has
the info of another client.
It also seems to be caching, somehow, the user's authentication ticket. I've
had a couple instances where after a user logs in, the second user can go to
the site, and not even log in. They already show as logged in (as the first
user)
My first thought was that some cache engine was screwing me, so I had IT
disable caching for my IP range.
It didn't help. Clients are still sharing sessions.
Also, all internal addresses are being proxy'd, but from what I understand
that shouldn't affect the session since a cookie (or the URL-based
cookieless version) would basically link a client with a session regardless
of a proxy server.
Its a total mess, and I'm out of ideas on how I can get this working.
Any help would be greatly appreciated!
Philip Tepedino
Siemens Westinghouse Generation Services