Session problem

Discussion in 'ASP .Net' started by =?Utf-8?B?U3Jpbml2YXNhIFJhZ2hhdmFu?=, Jun 15, 2004.

  1. Hi,
    I have a web site which uses FormAuthentication. After the logging in, i store the user credentials in a Session Variable which is not updated any where in the website. After certain point it seems that users are able to view other people pages with their credentials, even though on every web page initialize , a user context is set based on the logged in session variable.

    If there any chance of session variable of one user getting updated/overlapping with users.

    Env:
    IIS6.0
    Windows2003 Server


    Thanks
    Srinivasa Raghavan
    =?Utf-8?B?U3Jpbml2YXNhIFJhZ2hhdmFu?=, Jun 15, 2004
    #1
    1. Advertising

  2. Session object is create for every browser instance opened ( but it is one
    session object for all browsers that was opened by Ctrl-N from other
    browsers' windows )
    so you understand that it is not possible

    can you describe the situation in which this happend ?

    Regards
    Martin

    "Srinivasa Raghavan" <> wrote in
    message news:...
    > Hi,
    > I have a web site which uses FormAuthentication. After the

    logging in, i store the user credentials in a Session Variable which is not
    updated any where in the website. After certain point it seems that users
    are able to view other people pages with their credentials, even though on
    every web page initialize , a user context is set based on the logged in
    session variable.
    >
    > If there any chance of session variable of one user getting

    updated/overlapping with users.
    >
    > Env:
    > IIS6.0
    > Windows2003 Server
    >
    >
    > Thanks
    > Srinivasa Raghavan
    >
    >
    >
    >
    >
    >
    Martin Marinov, Jun 15, 2004
    #2
    1. Advertising

  3. =?Utf-8?B?U3Jpbml2YXNhIFJhZ2hhdmFu?=

    Patrice Guest

    Not possible with a session variable. Perhaps do you store an object in a
    session variable that is shared by all users. What exactly do you store in
    this session variable ?

    Patrice

    --

    "Srinivasa Raghavan" <> a écrit
    dans le message de
    news:...
    > Hi,
    > I have a web site which uses FormAuthentication. After the

    logging in, i store the user credentials in a Session Variable which is not
    updated any where in the website. After certain point it seems that users
    are able to view other people pages with their credentials, even though on
    every web page initialize , a user context is set based on the logged in
    session variable.
    >
    > If there any chance of session variable of one user getting

    updated/overlapping with users.
    >
    > Env:
    > IIS6.0
    > Windows2003 Server
    >
    >
    > Thanks
    > Srinivasa Raghavan
    >
    >
    >
    >
    >
    >
    Patrice, Jun 15, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andreas Klemt
    Replies:
    1
    Views:
    441
    Steve C. Orr, MCSD
    Jul 23, 2003
  2. shamanthakamani
    Replies:
    1
    Views:
    3,462
    Natty Gur
    Nov 20, 2003
  3. Jeff Smythe
    Replies:
    3
    Views:
    1,217
    Jeff Smythe
    Jan 2, 2004
  4. =?Utf-8?B?Um9iSEs=?=
    Replies:
    4
    Views:
    5,236
    =?Utf-8?B?Um9iSEs=?=
    Apr 11, 2007
  5. Jazzis
    Replies:
    2
    Views:
    227
    Jazzis
    Sep 23, 2003
Loading...

Share This Page