Session Hijacking?

K

Kevin

Hello all,

I have written an asp.net application using C# and am having an
issue in multiple-user environments. If one user is logged in (using
Windows authentication), everything is fine. Once another user logs
in, the other user already logged on also becomes that user. I have
code in the Session_Start section of Global.aspx for retrieving user
info from the SQL 2000 database. My assumption is that each new user
would simply have their own Session rather than all users sharing it.
Anyone have any thoughts on a resolution? What are some clarifying
questions I can answer that will help lead to potential solutions?

Thanks much,
Kevin
 
G

Guest

Any chance you're using *static* variables to store your user information?
These would be shared across *all* users of that instance of that application.
 
K

Ken Dopierala Jr.

Hi Kevin,

Be sure you are using the Session() object and not the Cache() or
Application() objects. Is the logic in your Session_Start() doing something
to make all users use the same data? Ken.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top