Sitecore切换与另一个用户的用户会话 [英] Sitecore switches user session with another user

问题描述

我有一个使用Sitecore的FBA网站.每隔一段时间，它将使一个用户与另一个用户混淆.我的意思是，用户A会以某种方式无意中劫持用户B的会话.用户A将会查看以下页面:a)他们无权查看，并且是b)为用户B定制的页面.一次能够(不经意地)复制，单击后，我又恢复了原来的会话到另一个页面.

I have an FBA site that uses Sitecore. Every so often, it will confuse one user with another. What I mean is, somehow User A will unintentionally hijack User B's session. User A will be looking at a page that a) they don't have permission to view, and that's b) customized for User B. The one time I was able to reproduce (accidentally) , I got my original session back after I clicked through to another page.

我知道Sitecore利用Aspnet成员资格数据库，因此这可能是该数据库的问题，但我真的无法猜测.感觉上更像是会话问题.另外，这不是在群集上发生，而是在独立计算机上发生.

I know Sitecore leverages the Aspnet membership DB, so this might be an issue with that DB, but I really couldn't guess. It feels more like a session issue than anything else. Also, this is not happening on a cluster, but on a standalone machine.

无论如何，任何信息-甚至理论-都可以提供帮助.我认为我以前从未见过像这样的东西.

Anyway, any information - even theories - could help. I don't think I've ever seen anything quite like this before.

推荐答案

我很久以前也遇到过类似的问题.事实证明，有一个静态(共享)方法检索用户(或会话).那不是Sitecore的错误，而是一个不好的实现...完全不确定这是您的问题，但是可能值得检查一下是否没有共享用于访问用户的字段或方法.

I had a similar issue long ago. It turned out that there was a static (shared) method retrieving the user (or session). That was not a Sitecore bug but rather a bad implementation... Not at all sure this is your problem but it might be worth to check that no fields or methods used to access the user are shared.

这篇关于Sitecore切换与另一个用户的用户会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！