Session problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,
I have a web site which uses FormAuthentication. After the logging in, i store the user credentials in a Session Variable which is not updated any where in the website. After certain point it seems that users are able to view other people pages with their credentials, even though on every web page initialize , a user context is set based on the logged in session variable.

If there any chance of session variable of one user getting updated/overlapping with users.

Env:
IIS6.0
Windows2003 Server


Thanks
Srinivasa Raghavan
 
Session object is create for every browser instance opened ( but it is one
session object for all browsers that was opened by Ctrl-N from other
browsers' windows )
so you understand that it is not possible

can you describe the situation in which this happend ?

Regards
Martin

Srinivasa Raghavan said:
Hi,
I have a web site which uses FormAuthentication. After the
Click to expand...
logging in, i store the user credentials in a Session Variable which is not
updated any where in the website. After certain point it seems that users
are able to view other people pages with their credentials, even though on
every web page initialize , a user context is set based on the logged in
session variable.
If there any chance of session variable of one user getting
Click to expand...
updated/overlapping with users.
 
Not possible with a session variable. Perhaps do you store an object in a
session variable that is shared by all users. What exactly do you store in
this session variable ?

Patrice

--

"Srinivasa Raghavan" <[email protected]> a écrit
dans le message de
Hi,
I have a web site which uses FormAuthentication. After the
Click to expand...
logging in, i store the user credentials in a Session Variable which is not
updated any where in the website. After certain point it seems that users
are able to view other people pages with their credentials, even though on
every web page initialize , a user context is set based on the logged in
session variable.
If there any chance of session variable of one user getting
Click to expand...
updated/overlapping with users.
 
Back
Top