!!! huge problem, users get sessions of other users !!! (IIS7 bug?) - Commercial Forums :: How do I... - Web, Cloud & Mobile Applications Delivery and Migration Platform

Rich web/cloud/mobile app delivery

Search Forum Home

Forum Commercial Foru... Commercial Foru... !!! huge problem, users get sessions of other users !!! (IIS7 bug?)

9/25/2009 1:44 AM

	Visualizer
665 posts

Re: !!! huge problem, users get sessions of other users !!!

On one of the threads Pali sent we found this...

You should not be enabling output caching for any response which depends on session state - I am not sure what the IIS bug here is.

Anil Ruia
Senior Software Design Engineer
IIS Core Server

I'm not sure if this is the thruth, coz other people on the forum doubt about this. But for now we disabled all IIS7 caching...

9/25/2009 2:21 PM

	palli
11189 posts

Re: !!! huge problem, users get sessions of other users !!!

Hi Tom,

I am not convinced that your problem relates to making ThreadSuspend work or not. That should not be relevant here I think Personally I just think it's good practice to have ThreadSuspend do this cleanup of session when you have sensitive information, to make sure that when user does go to another web page, he is not able to click the browser's back button and have everything intact like the way it was when he left. For sensitive information, that can be disastrous.

I tested the ThreadSuspend event firing in VS2008 dev server on 6.3.11 (currently same as 6.3.10), and it does fire in all refreshes and going to another web page, but not on browser close within the dev environment, but that is probably something related to the dev environment, as when deplolyed to server and logging to a text file, it does fire on browser close.

Please let us know how this change in caching turns out in relation to your session conflicts.

Palli

Páll Björnsson - Visual WebGui support team - Email: support@visualwebgui.com