ASPX，类的全局实例，在code结构可能的错误 [英] Aspx, global instance of class, possible bug in code structure

问题描述

我追查在一些老的aspx code的错误。的问题是一个一些非常罕见occations（1 / 10.000浏览量左右）两个用户被混合起来，即得。用户A看到用户B的数据。

I am tracking down a bug in some old aspx code. The problem is that one some very rare occations (1/10.000 pageviews or so) two users are mixed up, ie. user A sees user B data.

下面是code是如何构成的：我们有这一个模块中定义这样的用户类：

Here is how the code is structured: We have a user class which is defined in a module like this:

Public Module MyGlobals
    Public myUser As CMyUser
End Module

在loginpage，我们验证用户名/密码，如果有效则coorosponding用户标识从数据库加载，我们做的：

On the loginpage, we validate the username/password and if valid then the coorosponding userid is loaded from db, and we do:

FormsAuthentication.SetAuthCookie(userid, False)

然后我们重定向到安全区域。在安全领域的母版，事件Page_Init，我们则有：

Then we redirect to the secure area. In the secure areas MasterPage, on event Page_Init, we then have:

If Context.User.Identity.IsAuthenticated then
    ' Initialize the user class (user data is loaded)
    MyGlobals.myUser = New CMyUser(Context.User.Identity.Name)
Else
    ' Redirect to loginpage
End If

此后，它是安全访问

Hereafter, is it safe to access the

MyGlobals.myUser

MyGlobals.myUser

例如从具有安全的母版为母版，或莫不是这种结构的问题？每一页

instance from every page which has the secure masterpage as masterpage, or could there be issues with this structure?

推荐答案

一个VB.Net模块就像是在C＃中的私有构造函数，只有静态字段静态类。

A VB.Net Module is like a static class with a private constructor and only static fields in C#.

这意味着，在一个模块中声明的所有变量都在所有线程共享。因此，每个请求的使用此模块将覆盖旧值（用户）。

That means, all variables declared in a module are shared across all threads. Hence every request(User) that's using this module will overwrite the old value.

我会强烈建议使用Session来存储用户的敏感数据。
但我不知道为什么你要存储用户名，因为它使用FormsAuthentication时（因为你已经证明自己以上）已经存储。

I would strongly recommend to use Session to store user-sensitive data. But i'm not sure why you want to store the Username because it's already stored when using FormsAuthentication(as you've shown yourself above).

如果你真的需要这种包装，你可以很容易地实现它，即使在通过一个静态上下文 HttpContext.Current.Session ：

If you really need this wrapper, you could easily achieve it even in a static context via HttpContext.Current.Session:

Module MyGlobals
    Public Property myUser As CMyUser
        Get
            If HttpContext.Current.Session("CurrentUser") Is Nothing Then
                Return Nothing
            Else
                Return DirectCast(HttpContext.Current.Session("CurrentUser"), CMyUser)
            End If
        End Get
        Set(ByVal value As CMyUser)
            HttpContext.Current.Session("CurrentUser") = value
        End Set
    End Property
End Module

这篇关于ASPX，类的全局实例，在code结构可能的错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！