G
Guest
Hi,
I have a web site which uses FormAuthentication. After the logging in, i store the user credentials in a Session Variable which is not updated any where in the website. After certain point it seems that users are able to view other people pages with their credentials, even though on every web page initialize , a user context is set based on the logged in session variable.
If there any chance of session variable of one user getting updated/overlapping with users.
Env:
IIS6.0
Windows2003 Server
Thanks
Srinivasa Raghavan
I have a web site which uses FormAuthentication. After the logging in, i store the user credentials in a Session Variable which is not updated any where in the website. After certain point it seems that users are able to view other people pages with their credentials, even though on every web page initialize , a user context is set based on the logged in session variable.
If there any chance of session variable of one user getting updated/overlapping with users.
Env:
IIS6.0
Windows2003 Server
Thanks
Srinivasa Raghavan