L
Lauri Kotilainen
Hi,
I've already tried several avenues for this, and am quite stumped. The issue
I'm facing is a weird case of sessions getting mixed up (ie. users seeing each
others' data). Apparently this happens at peak load times.
The configuration is W2K3 with ASP.NET 1.1, IIS6.0, Cookieless sessions and
SQL Server as a Session State backend. The problem appears with InProc sessions
as well.
At first I thought I might be using a static variable somewhere to populate
session data, but alas that doesn't seem to be the case.
I wrote a piece of code to act as a simple sanity check -- it stores the
user-agent and IP address of the initial request in the session state, and if
for some reason they don't match on a subsequent request, the user is presented
with an error page and the session data is dumped to a log file.
The log file indicates that several consecutive requests from different hosts
and/or user agents have happened, with the same session id in all of them!
Next I'm thinking maybe I'm doing a Context.Response.Redirect somewhere
that's messing the session id up, but the way I do it is I add the session id to
the redirect URL with Context.Response.ApplyAppPathModifier, and never manually
construct the URL.
(note that this seems to also happen with images I'm generating, and I'm
referring to the images with a relative URL)
Based on my look at the code and a brief glance at the log file it seems that
the obvious points of failure would be the Session State http module or
Context.Response.ApplyAppPathModifier. I'd much rather have the problem in my
code so I could fix it though, so if anyone can offer any pointers to what I
might be doing that causes this, I'd appreciate it.
Thanks for your time,
-Lauri
I've already tried several avenues for this, and am quite stumped. The issue
I'm facing is a weird case of sessions getting mixed up (ie. users seeing each
others' data). Apparently this happens at peak load times.
The configuration is W2K3 with ASP.NET 1.1, IIS6.0, Cookieless sessions and
SQL Server as a Session State backend. The problem appears with InProc sessions
as well.
At first I thought I might be using a static variable somewhere to populate
session data, but alas that doesn't seem to be the case.
I wrote a piece of code to act as a simple sanity check -- it stores the
user-agent and IP address of the initial request in the session state, and if
for some reason they don't match on a subsequent request, the user is presented
with an error page and the session data is dumped to a log file.
The log file indicates that several consecutive requests from different hosts
and/or user agents have happened, with the same session id in all of them!
Next I'm thinking maybe I'm doing a Context.Response.Redirect somewhere
that's messing the session id up, but the way I do it is I add the session id to
the redirect URL with Context.Response.ApplyAppPathModifier, and never manually
construct the URL.
(note that this seems to also happen with images I'm generating, and I'm
referring to the images with a relative URL)
Based on my look at the code and a brief glance at the log file it seems that
the obvious points of failure would be the Session State http module or
Context.Response.ApplyAppPathModifier. I'd much rather have the problem in my
code so I could fix it though, so if anyone can offer any pointers to what I
might be doing that causes this, I'd appreciate it.
Thanks for your time,
-Lauri