Same sessionID retuned to diff browsers in diff machines

B

Berrucho

Please Help!

I recently posted this same issue but got no answer... please help

Using VB.NET, IIS5, W2K Adv SP3 all patches, .net 1.0, VS.NET 2002
Using forms authentication, persistent cookie = false

Recently my asp.net app is returning wrong data to users. Users frequently
get data that should only be seen by other user.

Upon authentication against database in the login page, I set auth cookie
and fill some session variables like userid, user role ... this info is
then read and used as criteria for database query.

In search for an answer I set a hidden field = session.sessionID.tostring
that gets filled every page_load and discovered that sometimes the
sessionID returned is exactly the same in two browsers running in two
different machines. Also noticed that when this happens to user B, user A
had been recently logged.

I thought I was changing session data somewhere in my app, thus the
described errors, but now I understand that as the browser gets a sessionID
that is already being used by another user my queries get the session
values of the other user and not the current user

I also noticed that sometimes the hidden field of user A of page1.aspx was
sessionID ex. xxxxaaaa... and when navigating to another page the sessionID
value was diferent but = to sessionID of user B

Also tested if on page_load, SessionID <> Hidden Field Value , redirect to
login page, and sometimes users are redirected meaning that the sessionID
is not the same...

All pages have EnableSessionState=True

I have session_start and session_end counting number of users online in
global.asax

Please Help, Looking for a resolution for some days, read dozens of
threads, my books, msdn ... no way...

Thanks

B
 
I

Infant Newbie

I dont know why this is so but I use a different approach. Note that the
HttpContext.Current.User returns the current user (note that i am just
writing no code here). Check where u logon the user and put the userid there
as username. U can then find out who is logged in at any time.

Will email u some code in a few minutes

(e-mail address removed)
http://www.meshcode.net
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,830
Latest member
ZADIva7383

Latest Threads

Top