Session Question

[Mangler]

Here is the process on the site before I ask the question:

User logs in
session is created based on username and userid
user edits a record in the db
a hidden field with the userid session is inserted in the db to show
who edited the record



I had a user ( mike, id -1 ) edit a record today but the userid that
got inserted was 2 ( scott ). mike doenst know scotts credentials and
scott has never used the PC that mike is using, matter of fact scott
hasnt even logged into the site today.

can someone help me figure out what might have happened so i can
correct it?

 

[Mangler]

Here is the process on the site before I ask the question:

User logs in
session is created based on username and userid
user edits a record in the db
a hidden field with the userid session is inserted in the db to show
who edited the record

I had a user ( mike, id -1 ) edit a record today but the userid that
got inserted was 2 ( scott ).  mike doenst know scotts credentials and
scott has never used the PC that mike is using, matter of fact scott
hasnt even logged into the site today.

can someone help me figure out what might have happened so i can
correct it?

i apologize in advance, not sure why it got posted so many freaking
times.

 

[Evertjan.]

Mangler wrote on 29 mei 2008 in microsoft.public.inetserver.asp.general:

Here is the process on the site before I ask the question:

User logs in
session is created based on username and userid
user edits a record in the db
a hidden field with the userid session is inserted in the db to show
who edited the record

A session is not something that can be inserted, it is not a value.

a session variable value could be put in the database, but why put that in
a [clientside] hidden formfield? [these fields are not exactly hidden to
the user if he wants to see or manpulate it.]

If a user logs in succesfully, you can set a session variable to his
usernumber, and use that to put into the database. The user does not have
to know that number, and the number does not have to be outside the server
anyway, as the user is identified by the asp session.id.

[unless the user has even ram cookies switched off,
but then there is no session in the ASP sense.]

I had a user ( mike, id -1 ) edit a record today but the userid that
got inserted was 2 ( scott ). mike doenst know scotts credentials and
scott has never used the PC that mike is using, matter of fact scott
hasnt even logged into the site today.

can someone help me figure out what might have happened so i can
correct it?

Either you made a programming error,
[like counting from zero, and later from one],
or someone is making use of your unsafe programming.

 

[Anthony Jones]

Here is the process on the site before I ask the question:

User logs in
session is created based on username and userid
user edits a record in the db
a hidden field with the userid session is inserted in the db to show
who edited the record



I had a user ( mike, id -1 ) edit a record today but the userid that
got inserted was 2 ( scott ). mike doenst know scotts credentials and
scott has never used the PC that mike is using, matter of fact scott
hasnt even logged into the site today.

can someone help me figure out what might have happened so i can
correct it?

If you are using hidden fields and it sounds like you are, could it be that
one user is receiving a cached version of another users form? IOW is there
a proxy server that is common to both users?

 

[Mangler]

If you are using hidden fields and it sounds like you are, could it be that
one user is receiving a cached version of another users form?  IOW is there
a proxy server that is common to both users?- Hide quoted text -

- Show quoted text -

i am using a hidden field and am not sure if there is a cached version
of another users form. i tested it myself on my PC which no one else
uses and here is what happend. Mike edited something and it recorded
Scots userid, then i edited something and it recorded mikes userid.
is that the cached form your talking about? If so, how can i prevent
this?

 

[Mangler]

i am using a hidden field and am not sure if there is a cached version
of another users form.  i tested it myself on my PC which no one else
uses and here is what happend.  Mike edited something and it recorded
Scots userid, then i edited something and it recorded mikes userid.
is that the cached form your talking about?  If so, how can i prevent
this?- Hide quoted text -

- Show quoted text -

Ok i figured out what is going on but am not sure how to correct it.
I logged in several different times under different people and went to
the page to do an edit. the hidden field is always holding the userid
of the last person that went there. Any suggestions on how to prevent
this?

 

[Mangler]

If you are using hidden fields and it sounds like you are, could it be that
one user is receiving a cached version of another users form?  IOW is there
a proxy server that is common to both users?- Hide quoted text -

- Show quoted text -

This is weird, it only happens on this one page. I have several other
pages that edit other parts of the DB and it has the same tracking
feature, identical the only difference being that the other pages work
fine. It even does it locally on my machine.

 

[Anthony Jones]

Ok i figured out what is going on but am not sure how to correct it.
I logged in several different times under different people and went to
the page to do an edit. the hidden field is always holding the userid
of the last person that went there. Any suggestions on how to prevent
this?

Tweak you program logic so that it doesn't send th last userID in the hidden
field?