Session Hijacking?

Discussion in 'ASP .Net' started by Kevin, Oct 26, 2004.

  1. Kevin

    Kevin Guest

    Hello all,

    I have written an asp.net application using C# and am having an
    issue in multiple-user environments. If one user is logged in (using
    Windows authentication), everything is fine. Once another user logs
    in, the other user already logged on also becomes that user. I have
    code in the Session_Start section of Global.aspx for retrieving user
    info from the SQL 2000 database. My assumption is that each new user
    would simply have their own Session rather than all users sharing it.
    Anyone have any thoughts on a resolution? What are some clarifying
    questions I can answer that will help lead to potential solutions?

    Thanks much,
    Kevin
    Kevin, Oct 26, 2004
    #1
    1. Advertising

  2. Any chance you're using *static* variables to store your user information?
    These would be shared across *all* users of that instance of that application.

    "Kevin" wrote:

    > Hello all,
    >
    > I have written an asp.net application using C# and am having an
    > issue in multiple-user environments. If one user is logged in (using
    > Windows authentication), everything is fine. Once another user logs
    > in, the other user already logged on also becomes that user. I have
    > code in the Session_Start section of Global.aspx for retrieving user
    > info from the SQL 2000 database. My assumption is that each new user
    > would simply have their own Session rather than all users sharing it.
    > Anyone have any thoughts on a resolution? What are some clarifying
    > questions I can answer that will help lead to potential solutions?
    >
    > Thanks much,
    > Kevin
    >
    =?Utf-8?B?QmlsbCBCb3Jn?=, Oct 26, 2004
    #2
    1. Advertising

  3. Hi Kevin,

    Be sure you are using the Session() object and not the Cache() or
    Application() objects. Is the logic in your Session_Start() doing something
    to make all users use the same data? Ken.

    --
    Ken Dopierala Jr.
    For great ASP.Net web hosting try:
    http://www.webhost4life.com/default.asp?refid=Spinlight
    If you sign up under me and need help, email me.

    "Kevin" <> wrote in message
    news:...
    > Hello all,
    >
    > I have written an asp.net application using C# and am having an
    > issue in multiple-user environments. If one user is logged in (using
    > Windows authentication), everything is fine. Once another user logs
    > in, the other user already logged on also becomes that user. I have
    > code in the Session_Start section of Global.aspx for retrieving user
    > info from the SQL 2000 database. My assumption is that each new user
    > would simply have their own Session rather than all users sharing it.
    > Anyone have any thoughts on a resolution? What are some clarifying
    > questions I can answer that will help lead to potential solutions?
    >
    > Thanks much,
    > Kevin
    Ken Dopierala Jr., Oct 26, 2004
    #3
  4. Kevin

    Kevin Guest

    Thanks Bill and Ken. I was indeed using static variables!

    Bill Borg <> wrote in message news:<>...
    > Any chance you're using *static* variables to store your user information?
    > These would be shared across *all* users of that instance of that application.
    >
    > "Kevin" wrote:
    >
    > > Hello all,
    > >
    > > I have written an asp.net application using C# and am having an
    > > issue in multiple-user environments. If one user is logged in (using
    > > Windows authentication), everything is fine. Once another user logs
    > > in, the other user already logged on also becomes that user. I have
    > > code in the Session_Start section of Global.aspx for retrieving user
    > > info from the SQL 2000 database. My assumption is that each new user
    > > would simply have their own Session rather than all users sharing it.
    > > Anyone have any thoughts on a resolution? What are some clarifying
    > > questions I can answer that will help lead to potential solutions?
    > >
    > > Thanks much,
    > > Kevin
    > >
    Kevin, Oct 27, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    461
  2. Hope Paka
    Replies:
    13
    Views:
    1,068
    =?Utf-8?B?RG9uYWxkIFNjb3R0?=
    Jul 15, 2005
  3. Session Hijacking

    , Feb 9, 2006, in forum: Java
    Replies:
    5
    Views:
    3,005
    JScoobyCed
    Feb 10, 2006
  4. ead_no1
    Replies:
    0
    Views:
    2,936
    ead_no1
    Oct 21, 2006
  5. Robert Slaney

    XSS - Session hijacking

    Robert Slaney, Feb 5, 2009, in forum: ASP .Net Security
    Replies:
    2
    Views:
    1,004
    Steven Cheng
    Feb 5, 2009
Loading...

Share This Page