468,268 Members | 1,978 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,268 developers. It's quick & easy.

Problem with Session State being shared between users!

I'm having an odd problem. My website's session state is getting shared
between users!
This problem only happens when a user tries to access the site from inside
our corporate LAN. The user, instead of getting a unique session ID, gets
somehow confused as another session and has access to all of the other
session's info!
I tried switching to cookieless sessions but that didn't make any
difference. This is a huge problem for me, since my site stores user's
specific info on session variables, and when a second user logs in, it has
the info of another client.
It also seems to be caching, somehow, the user's authentication ticket. I've
had a couple instances where after a user logs in, the second user can go to
the site, and not even log in. They already show as logged in (as the first
user)

My first thought was that some cache engine was screwing me, so I had IT
disable caching for my IP range.
It didn't help. Clients are still sharing sessions.
Also, all internal addresses are being proxy'd, but from what I understand
that shouldn't affect the session since a cookie (or the URL-based
cookieless version) would basically link a client with a session regardless
of a proxy server.

Its a total mess, and I'm out of ideas on how I can get this working.
Any help would be greatly appreciated!
Philip Tepedino
Siemens Westinghouse Generation Services

Nov 18 '05 #1
3 3187
shared sessions are almost always a coding error, where session data is
stored in static (shared in vb) variable, or a public variable in vb module
which also is a static variable.

-- bruce (sqlwork.com)
"Philip Tepedino" <pt*******@swgs.net> wrote in message
news:%2******************@TK2MSFTNGP09.phx.gbl...
I'm having an odd problem. My website's session state is getting shared
between users!
This problem only happens when a user tries to access the site from inside
our corporate LAN. The user, instead of getting a unique session ID, gets
somehow confused as another session and has access to all of the other
session's info!
I tried switching to cookieless sessions but that didn't make any
difference. This is a huge problem for me, since my site stores user's
specific info on session variables, and when a second user logs in, it has
the info of another client.
It also seems to be caching, somehow, the user's authentication ticket. I've had a couple instances where after a user logs in, the second user can go to the site, and not even log in. They already show as logged in (as the first user)

My first thought was that some cache engine was screwing me, so I had IT
disable caching for my IP range.
It didn't help. Clients are still sharing sessions.
Also, all internal addresses are being proxy'd, but from what I understand
that shouldn't affect the session since a cookie (or the URL-based
cookieless version) would basically link a client with a session regardless of a proxy server.

Its a total mess, and I'm out of ideas on how I can get this working.
Any help would be greatly appreciated!
Philip Tepedino
Siemens Westinghouse Generation Services

Nov 18 '05 #2
You have a really good point. I believe some variables may be set as shared.
I guess I expected share to share only on a certain session, but now that
you mention it, that makes no sense at all. not sure what I was thinking!

I guess a question would be.. whats a good alternative? just using session
variables?

thanks a lot!

"bruce barker" <no***********@safeco.com> wrote in message
news:ej**************@TK2MSFTNGP12.phx.gbl...
shared sessions are almost always a coding error, where session data is
stored in static (shared in vb) variable, or a public variable in vb module which also is a static variable.

-- bruce (sqlwork.com)
"Philip Tepedino" <pt*******@swgs.net> wrote in message
news:%2******************@TK2MSFTNGP09.phx.gbl...
I'm having an odd problem. My website's session state is getting shared
between users!
This problem only happens when a user tries to access the site from inside our corporate LAN. The user, instead of getting a unique session ID, gets somehow confused as another session and has access to all of the other
session's info!
I tried switching to cookieless sessions but that didn't make any
difference. This is a huge problem for me, since my site stores user's
specific info on session variables, and when a second user logs in, it has the info of another client.
It also seems to be caching, somehow, the user's authentication ticket. I've
had a couple instances where after a user logs in, the second user can go to
the site, and not even log in. They already show as logged in (as the

first
user)

My first thought was that some cache engine was screwing me, so I had IT
disable caching for my IP range.
It didn't help. Clients are still sharing sessions.
Also, all internal addresses are being proxy'd, but from what I

understand that shouldn't affect the session since a cookie (or the URL-based
cookieless version) would basically link a client with a session

regardless
of a proxy server.

Its a total mess, and I'm out of ideas on how I can get this working.
Any help would be greatly appreciated!
Philip Tepedino
Siemens Westinghouse Generation Services


Nov 18 '05 #3
jcn

I think I have the same problem than you have. Some Session variables
are shared between users. I have this problem only for somme of the
Session variables and only for some of my solution webforms. Users
don't share variable until they navigate to 2 of the webforms of my
application. This application contains 50 webforms.

I have no solution and I hope you solved your problem so you can help
me.

Regards

--
jcn
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------

Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

10 posts views Thread by Jacob Anderson | last post: by
3 posts views Thread by ton | last post: by
3 posts views Thread by grooby | last post: by
8 posts views Thread by Anthony P. Mancini | last post: by
5 posts views Thread by Oleg Ogurok | last post: by
3 posts views Thread by Grigs | last post: by
reply views Thread by kermitthefrogpy | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.