You have a really good point. I believe some variables may be set as shared.
I guess I expected share to share only on a certain session, but now that
you mention it, that makes no sense at all. not sure what I was thinking!
I guess a question would be.. whats a good alternative? just using session
variables?
thanks a lot!
"bruce barker" <nospam_brubar@safeco.com> wrote in message
news:ejaFQtYdEHA.2504@TK2MSFTNGP12.phx.gbl...[color=blue]
> shared sessions are almost always a coding error, where session data is
> stored in static (shared in vb) variable, or a public variable in vb[/color]
module[color=blue]
> which also is a static variable.
>
> -- bruce (sqlwork.com)
>
>
> "Philip Tepedino" <ptepedino@swgs.net> wrote in message
> news:%23cr6%23EYdEHA.3704@TK2MSFTNGP09.phx.gbl...[color=green]
> > I'm having an odd problem. My website's session state is getting shared
> > between users!
> > This problem only happens when a user tries to access the site from[/color][/color]
inside[color=blue][color=green]
> > our corporate LAN. The user, instead of getting a unique session ID,[/color][/color]
gets[color=blue][color=green]
> > somehow confused as another session and has access to all of the other
> > session's info!
> > I tried switching to cookieless sessions but that didn't make any
> > difference. This is a huge problem for me, since my site stores user's
> > specific info on session variables, and when a second user logs in, it[/color][/color]
has[color=blue][color=green]
> > the info of another client.
> > It also seems to be caching, somehow, the user's authentication ticket.[/color]
> I've[color=green]
> > had a couple instances where after a user logs in, the second user can[/color][/color]
go[color=blue]
> to[color=green]
> > the site, and not even log in. They already show as logged in (as the[/color]
> first[color=green]
> > user)
> >
> > My first thought was that some cache engine was screwing me, so I had IT
> > disable caching for my IP range.
> > It didn't help. Clients are still sharing sessions.
> > Also, all internal addresses are being proxy'd, but from what I[/color][/color]
understand[color=blue][color=green]
> > that shouldn't affect the session since a cookie (or the URL-based
> > cookieless version) would basically link a client with a session[/color]
> regardless[color=green]
> > of a proxy server.
> >
> > Its a total mess, and I'm out of ideas on how I can get this working.
> > Any help would be greatly appreciated!
> >
> >
> > Philip Tepedino
> > Siemens Westinghouse Generation Services
> >
> >
> >[/color]
>
>[/color]
