473,395 Members | 1,869 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > session hijacking?

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Session Hijacking?

Hello all,

I have written an asp.net application using C# and am having an
issue in multiple-user environments. If one user is logged in (using
Windows authentication), everything is fine. Once another user logs
in, the other user already logged on also becomes that user. I have
code in the Session_Start section of Global.aspx for retrieving user
info from the SQL 2000 database. My assumption is that each new user
would simply have their own Session rather than all users sharing it.
Anyone have any thoughts on a resolution? What are some clarifying
questions I can answer that will help lead to potential solutions?

Thanks much,
Kevin
Nov 18 '05 #1
3 1893
Hi Kevin,

Be sure you are using the Session() object and not the Cache() or
Application() objects. Is the logic in your Session_Start() doing something
to make all users use the same data? Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"Kevin" <ke***@kevinolds.com> wrote in message
news:9a**************************@posting.google.c om...
Hello all,

I have written an asp.net application using C# and am having an
issue in multiple-user environments. If one user is logged in (using
Windows authentication), everything is fine. Once another user logs
in, the other user already logged on also becomes that user. I have
code in the Session_Start section of Global.aspx for retrieving user
info from the SQL 2000 database. My assumption is that each new user
would simply have their own Session rather than all users sharing it.
Anyone have any thoughts on a resolution? What are some clarifying
questions I can answer that will help lead to potential solutions?

Thanks much,
Kevin

Nov 18 '05 #2
Any chance you're using *static* variables to store your user information?
These would be shared across *all* users of that instance of that application.

"Kevin" wrote:
Hello all,

I have written an asp.net application using C# and am having an
issue in multiple-user environments. If one user is logged in (using
Windows authentication), everything is fine. Once another user logs
in, the other user already logged on also becomes that user. I have
code in the Session_Start section of Global.aspx for retrieving user
info from the SQL 2000 database. My assumption is that each new user
would simply have their own Session rather than all users sharing it.
Anyone have any thoughts on a resolution? What are some clarifying
questions I can answer that will help lead to potential solutions?

Thanks much,
Kevin

Nov 18 '05 #3
Thanks Bill and Ken. I was indeed using static variables!

Bill Borg <Bi******@discussions.microsoft.com> wrote in message news:<AF**********************************@microso ft.com>...
Any chance you're using *static* variables to store your user information?
These would be shared across *all* users of that instance of that application.

"Kevin" wrote:
Hello all,

I have written an asp.net application using C# and am having an
issue in multiple-user environments. If one user is logged in (using
Windows authentication), everything is fine. Once another user logs
in, the other user already logged on also becomes that user. I have
code in the Session_Start section of Global.aspx for retrieving user
info from the SQL 2000 database. My assumption is that each new user
would simply have their own Session rather than all users sharing it.
Anyone have any thoughts on a resolution? What are some clarifying
questions I can answer that will help lead to potential solutions?

Thanks much,
Kevin

Nov 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
Reality Check: Session Hijacking
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
PHP
5
session id is determined by the cookie?
by: jrefactors | last post by:
When we open a new web browser, all the windows that are open from that web browser belong to the same session. However, if we open a new web browser, then it will be different sessions. Is that...
PHP
1
Is session enough secure?
by: opt_inf_env | last post by:
Hello, I have a page such that each user can see only a corresponding (personal) part of the page. In the beginning I wanted to perform initialization of users (by asking there names and...
PHP
7
php session without cookie useage
by: ehendrikd | last post by:
hi all i need some clarification on how the php session work in relation to cookies. we have a web site where users need to log in. a few of our users were having troubles with their browser...
PHP
4
Decrypt Session objects?
by: Stefan | last post by:
Hi! I just want to know if it's common to decrypt a Session-Object in a ASP.NET application. My collegue says that I have not do this because the information is stored on the server. Any...
C# / C Sharp
13
Is the way i do, secure enought to avoid session hijacking
by: Hope Paka | last post by:
I am storing user login information (not password) in the session. I also use, cookieless session. I realized that, if someone copy-pastes the URL after he/she logged in to the system to another...
ASP.NET
2
Session fixation idea
by: Gordon Burditt | last post by:
I had this idea about preventing session fixation, and I'm wondering what anyone else thinks about it. The idea is, essentially, don't allow session ids that YOUR PHP didn't generate (and aren't...
PHP
43
why a session-based program behaves different on different computers
by: davidkoree | last post by:
I mean not about cookie. Does it have something to do with operating system or browser plugin? I appreciate any help.
PHP
2
Session ID management
by: =?Utf-8?B?YW5vb3A=?= | last post by:
Hello, I am developing a Simple ASP Application with a Login page. I want to know how session ID can be generated after User has authenticated instead of generation along with the Login page...
ASP / Active Server Pages
2
Securing ASP app with session
by: Drew | last post by:
I have been working on internal, intranet apps in the past few years, so I haven't needed to secure apps with a login/password and sessions like I did 8 or so years ago (I use Windows Auth now,...
ASP / Active Server Pages
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!