Session problem

G

Guest

Hi,
I have a web site which uses FormAuthentication. After the logging in, i store the user credentials in a Session Variable which is not updated any where in the website. After certain point it seems that users are able to view other people pages with their credentials, even though on every web page initialize , a user context is set based on the logged in session variable.

If there any chance of session variable of one user getting updated/overlapping with users.

Env:
IIS6.0
Windows2003 Server


Thanks
Srinivasa Raghavan
 
M

Martin Marinov

Session object is create for every browser instance opened ( but it is one
session object for all browsers that was opened by Ctrl-N from other
browsers' windows )
so you understand that it is not possible

can you describe the situation in which this happend ?

Regards
Martin

Srinivasa Raghavan said:
Hi,
I have a web site which uses FormAuthentication. After the
Click to expand...
logging in, i store the user credentials in a Session Variable which is not
updated any where in the website. After certain point it seems that users
are able to view other people pages with their credentials, even though on
every web page initialize , a user context is set based on the logged in
session variable.
If there any chance of session variable of one user getting
Click to expand...
updated/overlapping with users.
 
P

Patrice

Not possible with a session variable. Perhaps do you store an object in a
session variable that is shared by all users. What exactly do you store in
this session variable ?

Patrice

--

"Srinivasa Raghavan" <[email protected]> a écrit
dans le message de
Hi,
I have a web site which uses FormAuthentication. After the
Click to expand...
logging in, i store the user credentials in a Session Variable which is not
updated any where in the website. After certain point it seems that users
are able to view other people pages with their credentials, even though on
every web page initialize , a user context is set based on the logged in
session variable.
If there any chance of session variable of one user getting
Click to expand...
updated/overlapping with users.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Session Problems 4
Session Problems 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Session vs Cookie performance for Authentication 1
A way to get back lost session values 3
Session Problems 2
Session Problems 0
Problem with session variables 4

Members online

Total: 28 (members: 1, guests: 27)
Robots: 219

Forum statistics

Threads
473,766
Messages
2,569,569
Members
45,042
Latest member
icassiem

Latest Threads

Top