用户会话错误 [英] User on wrong session
问题描述
我找到了一些文章,这些文章描述了与我的问题类似但还不够接近的问题.我遇到一个真正的间歇性问题,一个用户可以登陆另一个用户会话,并最终看到他们存储在会话中的某些信息.这是我的场景:我们在使用应用程序请求路由和Web场框架的负载平衡环境中使用AbleCommerce.我们使用进程内会话,但我们已配置并运行了粘性会话(客户端/服务器关联).我已经验证了没有缓存导致此问题(没有使用页面输出缓存,没有ARR缓存,没有IIS或WAAS缓存).通过基于会话的单例对象将存储在会话中的信息(偶尔会在其他浏览器上终止)存储在会话中.
I've found articles that describe issues similar to mine but not close enough. I have a really intermittent problem where one user can land on another users session and end up seeing some of their information that's stored in a session. Here's my scenario: We use AbleCommerce in a load balanced environment using Application Request Routing and Web Farm Framework. We use in-proc sessions but we have sticky sessions (client/server affinity) configured and working. I've verified there is no caching causing this issue (nothing using page output cache, no ARR caching, no IIS or WAAS caching). The information stored in the session that very occasionally ends up on someone elses browser is stored in the session via a session based singleton object.
例如:
public class ExampleObject
{
public string ExampleData{get; set;}
public static TicketingSession Instance
{
get
{
if (HttpContext.Current.Session["ExampleObject"] == null)
{
HttpContext.Current.Session["ExampleObject"] = new ExampleObject();
}
return (ExampleObject)HttpContext.Current.Session["ExampleObject"];
}
}
}
然后在其他一些代码中,我可以使用此代码:
And then in some other code I can use this:
ExampleObject.Instance.ExampleData = "whatever";
//or
txtSomeTextBox.Text = ExampleObject.Instance.ExampleData;
我知道我应该避免在负载平衡的环境中使用静态数据和进程内会话,但是由于我使用的是客户端/服务器相似性,并且由于我使用的此静态对象只是一个属性,因此getter会简单地返回该对象直接从会话状态我看不到问题.
I know I should steer clear of static data and in-proc sessions in load balanced environments but since I'm using client/server affinity and since this static object I'm using is just a property whos getter simply returns the object directly from the session state I don't see an issue.
推荐答案
在进行网络养殖时,您需要远离Inproc会话.您需要使用进程外会话存储来确保Session ID是唯一的.
You need to move away from inproc session when in a web farming scenario. You need to use an out of process session store to ensure the Session ID is unique.
ASP.NET将其Session ID存储在浏览器的cookie集合中.如果用户具有相同的Session ID,则他们的会话在服务器上将显示相同.使用单独的服务器,甚至在同一服务器上使用工作进程,都可能导致这些Session ID冲突.
ASP.NET stores its Session ID in the browser's cookie collection. If the users have the same Session ID their sessions will appear the same to the server. Using separate servers, or even worker processes on the same server, can result in these types of Session ID collisions.
您可以在ASP支持的各种会话状态模式下通过 MSDN获得更多详细信息.NET .
You can get more detail via MSDN on various Session-State modes supported by ASP.NET.
这篇关于用户会话错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
