>> After certain point it seems that Users are able to view other people
pages with their credentials, even though on every web page initialize , a
user context is set based on the logged in session variable.
What is that certain point you mention (above)? Is it after more than 1 user
accesses the site, after a higher number of users, or over a certain period
of time? What I am asking is what is the pattern or defining characteristics
when you see this situation occur. The code you posted generally looks ok
but it is pseudo code and it sounds like the problem is somewhere in the
details.
How are you talking/communicating to your business layer and what
pattern/techniques did you use for your business layer? Are there any static
variables, are you using a Singleton pattern?
--
- Paul Glavich
Microsoft MVP - ASP.NET
"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:uf*************@TK2MSFTNGP12.phx.gbl...
Hi
What i do basically this
object is class
class object
{
public string userName;
public string email;
}
in login web page set something like this
session["object"] = object
every page is derived from class page
class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}
}
Class contxt
{
public string username;
public string email;
}
I pass to contxt object to Business layer
don't worry abt syntax but the code looks something like
*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!