在.ASPXANONYMOUS价值 - 不同的用户得到相同的cookie [英] Different users get the same cookie - value in .ASPXANONYMOUS
问题描述
我的网站允许匿名用户。
我看到,在重负载下匿名用户从其他用户得到有时配置文件值。
My site allows anonymous users. I saw that under heavy load anonymous users get sometimes profile values from other users.
我先删除我的cookies,并得到了cookie值.ASPXANONYMOUS有效的独特价值。一对夫妇的请求后,我拿到它已经被另一个用户使用的.ASPXANONYMOUS一个新值。我在loggs看到,总有一对夫妇谁共享.ASPXANONYMOUS相同的值用户。
I first delete my cookies and get a valid unique value in the cookie value .ASPXANONYMOUS. After a couple of requests I get a new value for .ASPXANONYMOUS which is already used by another user. I see in my loggs that there are always a couple of users who share the same value in .ASPXANONYMOUS.
我可以在我的日志看到2个或更多的用户真的得到相同cookievalue为.ASPXANONYMOUS即使它们具有不同的IP
I can see in the my logs that 2 or more users realy get the same cookievalue for .ASPXANONYMOUS even if they have different IP.
下面是HTTTP流量。在不断变化的cookie被显示在第二图像(你必须要显示的图像全尺寸也能够读取日志):
Here is the htttp traffic. In the second image the changing cookie is shown (You have to display the image full size do be able to read the log):
一说工作确定的诸多要求:
再有就是这一个要求改变该cookie
Then there is this one request that changes the cookie
则使用新的cookie
为了安全起见我删除了依赖注入。
我不使用OutputCaching。
Just to be safe I removed dependency injection. I dont use OutputCaching.
我的web.config中有此设置进行验证:
My web.config has this setting for authentication:
<anonymousIdentification enabled="true" cookieless="UseCookies" cookieName=".ASPXANONYMOUS"
cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" />
<authentication mode="Forms">
<forms loginUrl="~/de/Account/Login" />
</authentication>
没有任何人有一个想法,还有什么我可以登录或者我应该看看?
Does anybody have an idea what else I could log or what I should have a look at?
更新
我现在看到的HTTP流量我发现是完全有效的。在.ASPXANONYMOUS不断变化的价值是什么,是因为该cookie得到更新。值包含AnonymousID和时间戳。
I saw now that the http-traffic I showed is perfectly valid. A changing value in .ASPXANONYMOUS is something that happens because the cookie gets refreshed. The value contains AnonymousID and a Timestamp.
这不会导致具有.ASPXANONYMOUS正常条件下相同的值的用户。
This does not lead to users having the same value in .ASPXANONYMOUS under normal conditions.
问题真的是,每当cokies得到从AnonymousIdentificationModule设置,那么有机会,一对夫妇的用户获得该cookie。设置在我的应用程序的cookie可是没有这个奇怪的sideefect。
The problem realy is, that whenever the cokies get set from the AnonymousIdentificationModule, then there is a chance that a couple of user get this cookie. Setting a cookie in my application doesnt have this strange sideefect.
推荐答案
我有同样的问题,解决办法是,关闭输出缓存,您拨打的setcookie的响应。下面是描述这个几个环节
I had the same problem and solution was to turn off output caching for the responses where you call SetCookie. Below are several links describing this
- Don’t let your cookie being cached by accident!
- ASP.NET Session Mix-up using StateServer (SCARY!)
- Integrated Pipeline and the kernel-mode cache
这篇关于在.ASPXANONYMOUS价值 - 不同的用户得到相同的cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!