Different users get the same cookie - value in .ASPXANONYMOUS
Posted
by Malcolm Frexner
on Stack Overflow
See other posts from Stack Overflow
or by Malcolm Frexner
Published on 2010-03-15T16:27:55Z
Indexed on
2010/03/15
18:19 UTC
Read the original article
Hit count: 326
My site allows anonymous users. I saw that under heavy load user get sometimes profile values from other users.
This happens for anonymous users.
I logged the access to profile data:
/// <summary>
///
/// </summary>
/// <param name="controller"></param>
/// <returns></returns>
public static string ProfileID(this Controller controller )
{
if (ApplicationConfiguration.LogProfileAccess)
{
StringBuilder sb = new StringBuilder();
(from header in controller.Request.Headers.ToPairs()
select string.Concat(header.Key, ":", header.Value, ";")).ToList().ForEach(x => sb.Append(x));
string log = string.Format("ip:{0} url:{1} IsAuthenticated:{2} Name:{3} AnonId:{4} header:{5}",
controller.Request.UserHostAddress,
controller.Request.Url.ToString(),
controller.Request.IsAuthenticated,
controller.User.Identity.Name,
controller.Request.AnonymousID,
sb);
_log.Debug(log);
}
return controller.Request.IsAuthenticated ? controller.User.Identity.Name : controller.Request.AnonymousID;
}
I can see in the log that user realy get the same cookievalue for .ASPXANONYMOUS even if they have different IP.
Just to be safe I removed dependency injection for the FormsAuthentication. I dont use OutputCaching.
My web.config has this setting for authentication:
<anonymousIdentification enabled="true" cookieless="UseCookies" cookieName=".ASPXANONYMOUS"
cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" />
<authentication mode="Forms">
<forms loginUrl="~/de/Account/Login" />
</authentication>
Does anybody have an idea what else I could log or what I should have a look at?
© Stack Overflow or respective owner
