Arthur Fuller
fuller.artful at gmail.com
Wed Jul 2 13:39:51 CDT 2008
A followup to this problem description. We have been investigating. What we have found is that the problem exists only in the under 10 seconds threshhold. We are trying to set OutputCache to 1 seoncd or so, but our adjustments don't seem to have any effect. A. On Wed, Jul 2, 2008 at 2:16 PM, Arthur Fuller <fuller.artful at gmail.com> wrote: > We are having a bizarre problem, just reported recently by a couple of > users. We have randomly been able to duplicate the problem. > > Scenario: > > 1. Web site requires login. Submit button fires a stored procedure. > 2. You should see your data page, and I should see mine. The sproc is > straightforward, nothing complex or magical at all. > 3. Somehow or other, and apparently at random, the system gets confused > with SessionID. We have two distinctly different types of problem, but both > involving most of the same data: > > Scenario 1: > user a and b login and see user c's data (who is not logged in) > Scenario 2: (internal test) > user a and b both login, then 1 second later (new window) user b logs > in and gets user a's data. > > All this points (IMO) to a bug in the SessionID thing. It seems to be > similar to the scoping of IDs in SQL, but I don't know pretty much > everything about IIS, so I'm reaching out for ideas. The sproc behind the > login Submit button hasn't changed for a year or more, but the faulty > behavior was just reported about a week ago, and then reported again, and > then we were able to duplicate it ourselves. There's nothing in the SQL part > of this that could cause this, IMO. Completely different user names and > completely different passwords, but somehow the SessionIDs are getting > confused. > > Has anyone any ideas for how to get to the bottom of this problem? > > TIA, > Arthur >