473,396 Members | 2,002 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > sessions/session ids being assigned to more than one user

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Sessions/Session IDs being assigned to more than one user

I'm running on IIS 7 and we're seeing Sessions assigned to more than 1 IP address.

I ruled out the possibility of it being caused by users resetting their IP addresses, for instance by unplugging their modems.

In at least one instance a user logged in and found data from a different user in had been saved to his account (the user IDs that determine in which account the data is stored are kept in session variables). In another instance an employee logged in to check a problem as was given the session of a different user.

It's not just the session variables, but I saw in our log the session ID itself is being associated with two different IP addresses. At one point this was happening with over 10% of our users.

I'm wondering if the problem is not in our system, because I'm seeing that in each case the IPs sharing a session ID are on the same ISP or share at least one NameServer.

I very much welcome any ideas, we're getting desperate!
Feb 7 '10 #1

✓ answered by prideleader

The answer is that it is an issue with the caching in IIS7. I've written more about it here: http://lionsden.co.il/codeden/?p=446

2 1815
Frinavale
9,735 Expert Mod 8TB
I'm not sure how your users are able to access eachother's Session data. This is not how Session has been designed to work.

Session IDs that are associated with the same IP address seems common to me. If a user is on the same network as someone else they will likely share the same IP address as another person on the same network.

Session is tied to the user's browser (usually) through cookies....a Session Identifier cookie is sent to the browser so that that browser can be associated with the Session that has been assigned to that browser.


If you have configured your Session to be cookieless then the session identifier is not stored in a cookie....it's stored in the URL (in the query string).

This means that if the user copies the link from the address bar in the browser and sends it to another user, the same session will be used.

-Frinny
Feb 8 '10 #2
The answer is that it is an issue with the caching in IIS7. I've written more about it here: http://lionsden.co.il/codeden/?p=446
Feb 18 '10 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

22
Sessions and closing the browser
by: Theo | last post by:
Question for the group The authentication system for the site Im working on seems to function properly and all is good. A session keeps track of everything and a cookie is used to accept or deny...
PHP
1
cookies and sessions
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
PHP
9
php sessions problem - wrong logic maybe
by: Bartosz Wegrzyn | last post by:
I need help with sessions. I createt set of web site for nav with authorization. first I go into main.php which looks like this: <?php //common functions include_once '../login/common.php';...
PHP
2
Zope 2.7.2 win32 - Sessions not working
by: Kyle Yancey | last post by:
I've scratched my chin over this for the longest time. I think I'm going to need some help. I'm creating a web app with zope. It has a typical user login based on email and password. A ZSql...
Python
2
Sessions & Cookies
by: Ik Ben Het | last post by:
Hello, I posted a simular question in the "IIS Security" group but it think it is more usefull to post it here. I want to do something very simpel. Make a part of my website available only...
ASP / Active Server Pages
3
Sessions and static attributes
by: Danny Crowell | last post by:
I have a question related to ASP.net sessions and static attributes. In an ASP.net application (MyApp) I have a class called Globals with a public static string called UserName. Will UserName be...
ASP.NET
1
2 IE Sessions Sharing The Same Per-Session Cookie!!
by: AnthonyC | last post by:
I am having a problem tracking down what I believe to be a problem with the way cookies are being used on our website application. When user log onto the application, an in-memory (per-session)...
ASP / Active Server Pages
3
SESSIONS
by: jantox | last post by:
Good day, We have some Java programmers in our software dev, and they are pressuring us to use Sessions to store data and use that Session to get query data. They say that it is ok since it is...
PHP
3
sessions
by: Jon Slaughter | last post by:
Any pitfalls or stuff I need to worry about when working with sessions? I want to write a log file and hit counter along with a login interface and I'm trying to learn this stuff. ...
PHP
3
Atli
PHP Sessions
by: Atli | last post by:
Introduction: Sessions are one of the simplest and more powerful tools in a web developers arsenal. This tool is invaluable in dynamic web page development and it is one of those things every...
PHP
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!