[Mono-aspnet-list] Users picking up other user's session info

Robert Jordan robertj at gmx.net
Thu Sep 9 12:41:06 EDT 2010


On 09.09.2010 17:43, dugc wrote:
>
>
> I have noticed that some pages are more likely to cause this problem than
> others (although getting exact feedback from users is difficult).  The pages
> in question have a cache instruction at the top:
>
> <%@ OutputCache Duration="1" VaryByParam="*" %>
>
> This is something I put in place a long time ago to ensure that pages were
> *not* cached locally on a user's machine, as some users were commenting that
> some pages were out of date and in the end clearing their local cache sorted
> it.  However I have done more reading on the OutputCache and realise that it
> is perhaps not a good idea to use it in this way.  Could it be what is
> causing the problems?

Definitely. You must restrict the cache location with

	<%@ OutputCache Location="Client" ... %>

or better refrain from caching at all because even Location="Client" 
might be problematic if the browser is shared by more than
one user, e.g. logout as "foo" and login at "bar" from the
same browser instance.

Robert



More information about the Mono-aspnet-list mailing list