locked
ASP NET MVC last logged in user always replaces the previous logged in user RRS feed

  • Question

  • User1151703306 posted

    Hi,

    I have an ASP NET MVC app.

    On this ASP NET MVC app getting the current user with

    Welcome <strong>@HttpContext.Current.User.Identity.Name</strong>
    

    But I have verified that the last logged in user always replaces the previous logged in user

    e.g.

    the user Foo connects at hours 11:35 and on the View of app, I see on the browser

    Welcome Foo
    

    the user Foo2 connects at hours 11:45 from other devices and on the View of app, I see on my browser

    Welcome Foo2
    

    The user Foo replaced on the app user Foo2...

    If restart browser I see always

    Welcome Foo2
    

    How do fix this?

    What is wrong?

    Thanks

    Friday, January 22, 2021 10:51 AM

Answers

  • User753101303 posted

    This is an attempt to solve your issue or you configured a cache and this particular action is not supposed to be cached at all? If you configured cachiing options try perhaps to disable them all for now and see what happens?

    Also my very first move would be to show a date/time next to the user name to be 100% sure if it looks like a caching issue or if this is really some unexpected behavior in the user name.

    Beyond that I'm don't see how I could make that to happen with the correct built-in http context access methods. ah BTW which authentication method do you use? If this is a custom principal it could be coding error (maybe with static data) causing the last created custom principal being used for all users ???

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, January 22, 2021 3:36 PM
  • User-474980206 posted

    the timestamp shows the page is not cached. this implies a coding error where somewhere the user is stored in a static. if your view is really using:

    @HttpContext.Current.User.Identity.Name<

     then your code to load the identity into the context is wrong. you don't show this code.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, January 22, 2021 9:38 PM

All replies

  • User753101303 posted

    Hi,

    This kind of behavior happens with agressive server side output caching or when using static data shared accross all users (a static method or property returning user or request scoped data is ok).

    You are using System.Web.HttpContext.Current.User.Identity.Name (in a view it should be exposed as Context.User.Identity.Name) or could it be that you are porting to ASP.NET Core and tried to implement a custom replacement for that? 

    Friday, January 22, 2021 12:15 PM
  • User1151703306 posted

    Thanks for reply.

    If change in the View (index.cshtml) from

    Welcome <strong>@HttpContext.Current.User.Identity.Name</strong>

    to

    Welcome <strong>@Context.Current.User.Identity.Name</strong>

    I have this error

     CS1061: 'HttpContextBase' does not contain a definition for 'Current' and no accessible extension method 'Current' accepting a first argument of type 'HttpContextBase' could be found (are you missing a using directive or an assembly reference?)
    

    This MVC app working only th browser Google Chrome (company standard)...

    How can I avoid user replacement? 

    Friday, January 22, 2021 1:59 PM
  • User753101303 posted

    This is:

    @Context.Current.User.Identity.Name

    For now I'm trying to understand what happens. Those built in methods are returning the correct user ie the authenticated user for the http request that is currently processed by your code and they work fine out of the box.

    So for now I would see:
    - you are using your own HttpContext.Current.User.Identity.Name. I see that sometimes when porting from ASP.NET 4.x to ASP.NET Core. if not implemented correctly it could cause this
    - else if you are using server side output cache, the content cached for a user could be reused for another user causing the wrong name to be shown
    - the common cause is using static data (ie having a single value for all users) but it doesn't seems the case here (unless this is actually your own custom implementation)

    If using really ASP.NET 4.x and the build in System.Web.HttpContext.Current.User.Identity.Name (it is exposed as shortcurt in web forms, controlers, views, razor pages) it always worked fine for me out of the box and never heard about a problem on that from others so more likely something wrong was done.

    Friday, January 22, 2021 2:41 PM
  • User1151703306 posted

    In my case it's not about porting from ASP.NET 4.x to ASP.NET Core

    On controller.cs I have

        public class NoCache : ActionFilterAttribute
        {
            public override void OnResultExecuting(ResultExecutingContext filterContext)
            {
                filterContext.HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
                filterContext.HttpContext.Response.Cache.SetValidUntilExpires(false);
                filterContext.HttpContext.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
                filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
                filterContext.HttpContext.Response.Cache.SetNoStore();
                base.OnResultExecuting(filterContext);
            }
        }

    On global.asax

            protected void Application_PostAuthorizeRequest()
            {            HttpContext.Current.SetSessionStateBehavior(System.Web.SessionState.SessionStateBehavior.Required);
            }

    Friday, January 22, 2021 2:52 PM
  • User753101303 posted

    This is an attempt to solve your issue or you configured a cache and this particular action is not supposed to be cached at all? If you configured cachiing options try perhaps to disable them all for now and see what happens?

    Also my very first move would be to show a date/time next to the user name to be 100% sure if it looks like a caching issue or if this is really some unexpected behavior in the user name.

    Beyond that I'm don't see how I could make that to happen with the correct built-in http context access methods. ah BTW which authentication method do you use? If this is a custom principal it could be coding error (maybe with static data) causing the last created custom principal being used for all users ???

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, January 22, 2021 3:36 PM
  • User1151703306 posted

    Ok thank you.

    I have tried using Google Chrome browser, using my pc, with 

    Welcome <strong>@Context.User.Identity.Name  @DateTime.Now</strong>

    the return is

    Welcome Domain\foo 22/01/2021 16:45:03

    After I'm connected from mobile device using Internet Samsung browser and using user Domain\foo2

    the return is

    Welcome Domain\foo2 22/01/2021 16:50:35

    When refresh the browser on my pc and go and refresh on mobile device the return is

    Welcome Domain\foo 22/01/2021 16:51:46

    The user Foo replaced on the app user Foo2...

    Friday, January 22, 2021 3:53 PM
  • User-474980206 posted

    as you did not show the values for both the pc & mobile refresh, did the times match? the whole point of the exercise 

    Friday, January 22, 2021 4:56 PM
  • User1151703306 posted

    bruce (sqlwork.com)

    as you did not show the values for both the pc & mobile refresh, did the times match? the whole point of the exercise 

    I show the values of both the pc & mobile refresh...

    First access from pc

    Welcome Domain\foo 22/01/2021 16:45:03

    First access from mobile device 

    Welcome Domain\foo2 22/01/2021 16:50:35

    Last access from pc after refresh

    Welcome Domain\foo2 22/01/2021 16:51:46

    The user foo2 replaced on the app user foo...

    First access from mobile device

    Welcome Domain\foo2 22/01/2021 16:55:13

    First access from pc

    Welcome Domain\foo 22/01/2021 16:58:33

    Last access from mobile device after refresh

    Welcome Domain\foo 22/01/2021 16:59:53

    The user foo replaced on the app user foo2...

    Friday, January 22, 2021 5:27 PM
  • User-474980206 posted

    the timestamp shows the page is not cached. this implies a coding error where somewhere the user is stored in a static. if your view is really using:

    @HttpContext.Current.User.Identity.Name<

     then your code to load the identity into the context is wrong. you don't show this code.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, January 22, 2021 9:38 PM