Session Problems

It sounds like your "setting of the context based on user credentials" might
be suspect rather than the sessio ndata being shared between users. Can you
provide more details on the method you use?

--
- Paul Glavich
Microsoft MVP - ASP.NET
"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...

Hi,
I have a web site which uses formAuthentication. After the
logging in, i store the user credentials in a Session Variable which is
not updated any where in the website. After certain point it seems that
Users are able to view other people pages with their credentials, even
though on every web page initialize , a user context is set based on the
logged in session variable.

If there any chance of session variable of one user getting
updated/overlapping with users.

Thanks
Srinivasa Raghavan



*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

the page code looks ok, how does the business layer keep track of the
creditals? be sure its not in a static. any non free threaded com+
components?
-- bruce (sqlwork.com)

"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:uf*************@TK2MSFTNGP12.phx.gbl...

Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

>> After certain point it seems that Users are able to view other people
pages with their credentials, even though on every web page initialize , a
user context is set based on the logged in session variable.

What is that certain point you mention (above)? Is it after more than 1 user
accesses the site, after a higher number of users, or over a certain period
of time? What I am asking is what is the pattern or defining characteristics
when you see this situation occur. The code you posted generally looks ok
but it is pseudo code and it sounds like the problem is somewhere in the
details.

How are you talking/communicating to your business layer and what
pattern/techniques did you use for your business layer? Are there any static
variables, are you using a Singleton pattern?
--
- Paul Glavich
Microsoft MVP - ASP.NET
"Srinivasa Raghavan Sethuraman" <sr*****@msdc.hcltech.com> wrote in message
news:uf*************@TK2MSFTNGP12.phx.gbl...

Hi

What i do basically this

object is class
class object
{

public string userName;
public string email;

}

in login web page set something like this
session["object"] = object

every page is derived from class page

class page
{
context contxt = new context();
InitializeContext()
{
contxt.userName = (object)(Session["username"]);
}

}
Class contxt
{
public string username;
public string email;

}

I pass to contxt object to Business layer

don't worry abt syntax but the code looks something like

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!