Asp.net会话入门交叉/混合起来 [英] Asp.net Sessions Getting Crossed / Mixed Up
问题描述
几个星期前,我们有我们的一个客户联系我们说,有时当他创建活动它被下别人的名字创建!
Few weeks ago we had one of our customers contacting us saying that sometimes when he creates an activity it gets created under someone else's name!
我们做了一些故障,但没有找到任何东西。我们问用户下一次他遇到这些问题与我们联系。他确实与我们联系,我们能够做的GoToMeeting和他一起看这个问题与我们自己的眼睛。
We did some troubleshooting and couldn't find anything. We asked the user to contact us the next time he was experiencing these issues. He did contact us and we were able to do a gotomeeting with him and see the issue with our own eyes.
这不仅是活动的,他被公认为有人在其他应用程序。他曾获得了其他人应得的一切访问。那是当我们意识到我们有一个会议上混了问题。
It was not only the activities, he was recognized as someone else in the application. He had access to everything that other person should had access to. That was when we realized we are having a session mixed up issue.
我们code一点点:结果
像任何其他应用程序,我们有一个简单的登录页面输入该用户的电子邮件和密码,我们对我们的数据库中验证他们的身份,如果他们是有效的,我们称之为FormsAuthentication.SetAuthCookie()保存当前用户ID在cookie中,我们让他在
A little bit about our code:
Like any other application we have a simple login page that user enter email and password and we authenticate them against our database and if they are valid we call FormsAuthentication.SetAuthCookie() to save current user id in the cookie and we let him in.
BL.User currentUser = BL.User.Authenticate(txtUsername.Text, txtPassword.Text);
if (currentUser != null)
{
this.Session["NumberOfLoginTried"] = "0";
FormsAuthentication.SetAuthCookie(currentUser.UserID.ToString(), chRememberMe.Checked);
Response.Redirect(FormsAuthentication.GetRedirectUrl(currentUser.UserID.ToString(), false));
}
我们还使用了下面的一段code在我们的应用程序来获得登录用户ID(当前用户)。
We also use the following piece of code to get logged-in user id (current user) in our application.
public static int GetCurrentUserID()
{
int userID = -1;
int.TryParse(HttpContext.Current.User.Identity.Name, out userID);
return userID;
}
是的,我们做我们的功课和周围一派,看到以下两个链接:
And yes we did our homework and googled around and have seen the following two links:
我们拥有的.aspx和.ascx文件禁用内核模式缓存和用户模式缓存,这是仍在进行之中。
We have disabled kernel-mode caching and user-mode caching for .aspx and .ascx files and this is still happening.
P.S-该应用程序在Windows 2008上运行R2与IIS 7.5。而我们的不可以使用Cookie会话。
P.S- The app is running on Windows 2008 R2 with IIS 7.5. And we are NOT using cookieless session.
推荐答案
我们刚刚有一个非常类似的问题,这发生在随机的,看似非重复性。
We have just had a very similar problem, which occured at random, seemingly un-reproducibly.
问题竟然是ASP.NETs页面缓存机制 - 在我们的情况下,<尤其%@的OutputCache 标签
The problem turned out to be ASP.NETs Page caching mechanism - in our case the <%@ OutputCache tag in particular.
有是我们所使用的线&LT;%@的OutputCache NoStore =真正的时间=1%&GT; ,基本上意味着如果两个用户互相他们会看到1秒内访问同一页面在同一个页面(包括登录其他用户的用户名)。所以,如果他们刷新页面称,他们得到了正确的信息。
There was a line we had used
<%@ OutputCache NoStore="true" Duration="1" %> that basically meant if two users accessed the same page within 1 second of each other they would see the same page (including the logged in username of the other user). So if they refreshed said page, they got the correct information.
在我们的例子中,改变上述行&LT;%@的OutputCache NoStore =真正的时间=1的VaryByParam =*%&GT; ,禁止在IIS内核缓存在这个环节(的 http://lionsden.co.il/$c$cden/?p=446 )
In our case, changing said line to
<%@ OutputCache NoStore="true" Duration="1" VaryByParam="*" %>, disabling kernel caching in IIS as in this link (http://lionsden.co.il/codeden/?p=446)
和加入以下几行有问题的页面的Page_Load 事件:
and adding the following lines to the Page_Load event of the page in question:
Response.CacheControl = "private";
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
似乎已经解决了这个问题对我们来说。希望这可以帮助其他人有类似的问题。
Seems to have solved the problem for us. Hopefully this helps someone else with a similar issue.
这篇关于Asp.net会话入门交叉/混合起来的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
