Mixed Up Accounts?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Jonathan Wood
    #1

    Mixed Up Accounts?

    Greetings,

    I have a large Website and have had a couple of reports of people logging in
    and then viewing someone else's accounts.

    I understand this isn't enough to troubleshoot this. But I'm curious if
    anyone knows if this has ever come up before. It's hard to know where to
    start on something like this.

    I'm using ASP.NET membership along with my own tables keyed on the
    membership user key, ASP.NET 3.5, and SQL Server 2005.

    Thanks.

    Jonathan

    Tags: None
    • bruce barker
      #2
      Re: Mixed Up Accounts?

      this is almost always misuse of static variables or if a vb.net
      programmer use of module variables which are static (shared for all
      requests).

      -- bruce (sqlwork.com)

      Jonathan Wood wrote:
      Greetings,
      >
      I have a large Website and have had a couple of reports of people
      logging in and then viewing someone else's accounts.
      >
      I understand this isn't enough to troubleshoot this. But I'm curious if
      anyone knows if this has ever come up before. It's hard to know where to
      start on something like this.
      >
      I'm using ASP.NET membership along with my own tables keyed on the
      membership user key, ASP.NET 3.5, and SQL Server 2005.
      >
      Thanks.
      >
      Jonathan
      >

        Comment

        • Jonathan Wood
          #3
          Re: Mixed Up Accounts?

          Bruce,
          this is almost always misuse of static variables or if a vb.net programmer
          use of module variables which are static (shared for all requests).
          I have a good understanding of static variables. While I can't rule anything
          out at this point, I would question this being the problem because 1) I'm
          primarily using ASP.NET membership to handle it for me, 2) Every time I run
          it and virtually every time anyone else does, it works just fine. If I was
          using the wrong type of variable, wouldn't I see it fail more often?

          Thanks.

          Jonathan

            Comment

            • Jonathan Wood
              #4
              Re: Mixed Up Accounts?

              Dangit! Burned by caching for the second time.

              The first time was when I downloaded the Personal Website Starter Kit from
              ASP.NET and found the images didn't change as expected. Turned out someone
              had went in and added caching to all the pages.

              This was the second time.

              Hopefully, it only takes two times to learn. <g>

              --
              Jonathan Wood
              SoftCircuits Programming
              Home page - SoftCircuits
              http://www.softcircuits.com



              "Jonathan Wood" <jwood@softcirc uits.comwrote in message
              news:O3oQANOHJH A.1160@TK2MSFTN GP05.phx.gbl...
              Greetings,
              >
              I have a large Website and have had a couple of reports of people logging
              in and then viewing someone else's accounts.
              >
              I understand this isn't enough to troubleshoot this. But I'm curious if
              anyone knows if this has ever come up before. It's hard to know where to
              start on something like this.
              >
              I'm using ASP.NET membership along with my own tables keyed on the
              membership user key, ASP.NET 3.5, and SQL Server 2005.
              >
              Thanks.
              >
              Jonathan
              >

                Comment

                Previous template Next
                Working...