ASP.NET会话混淆使用的StateServer(吓人!) [英] ASP.NET Session Mix-up using StateServer (SCARY!)
问题描述
我们存储在会话两个对象。不知何故,从另一用户的对象之一得到了装入不同用户的会话。用户应该有这个特定的数据无法获得,而且只要他们看到它,他们知道什么是非常错误的。
We store two objects in session. Somehow, one of the objects from another user got loaded into a different user's session. The user should have had no access to this particular data, and as soon as they saw it they knew something was very wrong.
我们有一个是psented他$ P $中数据的可视证明,并有确实的没办法就可能已经发生,除非会议搞混了。这是一个非常可怕的情况下,我们无法弄清楚(我们不能复制)。对我们来说,唯一的答案是难辞其咎ASP.NET的StateServer混合会话变量了,这是完全不能接受的,并把我们处在倒霉的位置。
We have visual proof of the data that was presented to him, and there is certainly no way it could've happened unless the sessions got mixed up. This is a very scary situation which we can not figure out (we can not reproduce it). The only answer for us is to blame ASP.NET StateServer for mixing the session variables up, which is completely unacceptable and puts us in a bad position.
我们的应用程序与IIS6的Windows Server 2003上运行ASP.NET 2.0应用程序,使用的StateServer无Cookie =FALSE会话模式和FormsAuthentication。
Our applications are ASP.NET 2.0 apps running on Windows Server 2003 with IIS6, using the StateServer cookieless="false" session mode and FormsAuthentication.
有其他人有这个问题?我们怎样才能解决这个问题?
Has anybody else had this problem? How can we resolve it?
推荐答案
我们遇到了这个确切问题,我的previous公司,花了3周时间调试。 ASP.NET是给用户别人的会话状态。这是真的不可能在调试环境中复制。
We ran into this exact issue in my previous company and took 3 weeks to debug it. ASP.NET was giving a user someone else's session state. It was really impossible to duplicate in a debug environment.
当我们发现它只是一些在web.config中的修复。我不完全记得,所以我花了一些时间在Google上搜寻。我认为这个问题必须是与输出缓存。看看这篇文章的会话和输出缓存。
The fix when we found it was just something in web.config. I don't fully remember it, so I spent some time googling. I believe the issue had something to do with output caching. Take a look at this article under "Sessions and Output Caching".
<一个href=\"http://msdn.microsoft.com/en-us/magazine/cc163577.aspx\">http://msdn.microsoft.com/en-us/magazine/cc163577.aspx
如果这听起来像您的情况,则修复可能只是禁止在web.config中enableKernelOutputCache选项。
If that sounds like your scenario, then the fix might just be disabling the enableKernelOutputCache option in web.config.
祝你好运。
这篇关于ASP.NET会话混淆使用的StateServer(吓人!)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
