ASPX,类的全局实例,在code结构可能的错误 [英] Aspx, global instance of class, possible bug in code structure
问题描述
我追查在一些老的aspx code的错误。的问题是一个一些非常罕见occations(1 / 10.000浏览量左右)两个用户被混合起来,即得。用户A看到用户B的数据。
I am tracking down a bug in some old aspx code. The problem is that one some very rare occations (1/10.000 pageviews or so) two users are mixed up, ie. user A sees user B data.
下面是code是如何构成的:我们有这一个模块中定义这样的用户类:
Here is how the code is structured: We have a user class which is defined in a module like this:
Public Module MyGlobals
Public myUser As CMyUser
End Module
在loginpage,我们验证用户名/密码,如果有效则coorosponding用户标识从数据库加载,我们做的:
On the loginpage, we validate the username/password and if valid then the coorosponding userid is loaded from db, and we do:
FormsAuthentication.SetAuthCookie(userid, False)
然后我们重定向到安全区域。在安全领域的母版,事件Page_Init,我们则有:
Then we redirect to the secure area. In the secure areas MasterPage, on event Page_Init, we then have:
If Context.User.Identity.IsAuthenticated then
' Initialize the user class (user data is loaded)
MyGlobals.myUser = New CMyUser(Context.User.Identity.Name)
Else
' Redirect to loginpage
End If
此后,它是安全访问
Hereafter, is it safe to access the
MyGlobals.myUser
MyGlobals.myUser
例如从具有安全的母版为母版,或莫不是这种结构的问题?每一页
instance from every page which has the secure masterpage as masterpage, or could there be issues with this structure?
推荐答案
一个VB.Net模块就像是在C#中的私有构造函数,只有静态字段静态类。
A VB.Net Module is like a static class with a private constructor and only static fields in C#.
这意味着,在一个模块中声明的所有变量都在所有线程共享。因此,每个请求的使用此模块将覆盖旧值(用户)。
That means, all variables declared in a module are shared across all threads. Hence every request(User) that's using this module will overwrite the old value.
我会强烈建议使用Session来存储用户的敏感数据。
但我不知道为什么你要存储用户名,因为它使用FormsAuthentication时(因为你已经证明自己以上)已经存储。
I would strongly recommend to use Session to store user-sensitive data. But i'm not sure why you want to store the Username because it's already stored when using FormsAuthentication(as you've shown yourself above).
如果你真的需要这种包装,你可以很容易地实现它,即使在通过一个静态上下文 HttpContext.Current.Session
:
If you really need this wrapper, you could easily achieve it even in a static context via HttpContext.Current.Session
:
Module MyGlobals
Public Property myUser As CMyUser
Get
If HttpContext.Current.Session("CurrentUser") Is Nothing Then
Return Nothing
Else
Return DirectCast(HttpContext.Current.Session("CurrentUser"), CMyUser)
End If
End Get
Set(ByVal value As CMyUser)
HttpContext.Current.Session("CurrentUser") = value
End Set
End Property
End Module
这篇关于ASPX,类的全局实例,在code结构可能的错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!