locked
Context.User was stored on Server and reused for every other user RRS feed

  • Question

  • User769474054 posted

    Hi,

    I have the following code in my global.asax.cs where it checks for any user exists in DB else it gets them form other service and assigns them to HttContext.User property

    In global.asax.cs:

    Session_Start
    {
       if(UserExist(ref CurrentUser))
          {
             Session["CurrentUser"]=CurrentUser;
    HttpContext.User=CurrentUser; }
    else
    {
    CurrentUser=GetUserFromService();
    AddUsertoLocalDB(CurrentUser);
    Session["CurrentUser"]=HttpContext.User=CurrentUser;
    } }

    Now in one of my page, I am accessing thsi Context.User to fetch some detais like first name and last name

    In my page.aspx.cs

    void printDetails()
    {
       lblFName.Text=HttpContext.User.FirstName;
       lblLName.Text=HttpContext.User.LastName;
       lblUnit.Text=HttpContext.User.Unit;
       lblAge.Text=HttpContext.User.Age;
       lblAddress.Text=HttpContext.User.Address;
    }

    interestingly, this prints values of previously logged in user for all users.

    For eg: if I go to this page, then it displays my details for everyone who is accessign this page.

    when I recycle the App Pool in IIS for this website it again resets and shows correctly for the first person accessing that page but after that it still shows the same user details to every other user accessign the same page.

    was Context.User cached on IIS? Any idea on how do we get around this?

    Wednesday, July 4, 2018 2:43 PM

All replies

  • User475983607 posted

    Most likely due to a static variable.  The code shown seems overly engineered since the state is stored in Session.  Either Session has a value or it does not, very simple logic.

    Wednesday, July 4, 2018 3:20 PM
  • User769474054 posted

    Hi mgebhard, 

    So, you mean the Session value is set in a static variable? can you please elaborate?

    Wednesday, July 4, 2018 4:18 PM
  • User475983607 posted

    So, you mean the Session value is set in a static variable?

    No, not at all.  I imagine you have a static variable elsewhere in the code base.   The described behavior is exactly how a static variable behaves in a web application.

    I can only guess because the shared code is not complete enough to make a concrete determination.  My best guess is the CurrentUser parameter has something to do with the issue.

    if(UserExist(ref CurrentUser))

    Or the GetUserFromService() has the static variable.

    CurrentUser=GetUserFromService();

    We'll need to see all the relevant bit of code the if you need help debugging.  Otherwise, do a project/solution search the keyword static.  Or look for a singleton pattern.

    Wednesday, July 4, 2018 4:47 PM
  • User769474054 posted

    Ohh Got you,

    Yes, the GetUserFromService uses a Static Method to retrieve user info from our database. But it makes sense to make them static as they are just utilities that return user information from the company's database given user ID or login name.

    Previously they were instance methods, but recently we need to change them as the old system is end of life. SO I thought may be static methods is a good way to go and went ahead. Since then I see this issue.

    But I am not sure why using a static method would cause such issue as the user ID that was passed to the method would be different based on the context.User parameter.

    if User A logs in Context.User would be User A information

    if User B access the page, Context.User would be User B information right?

    Any ideas there. If you need, I could post the relevant code here.

    Thursday, July 5, 2018 2:03 AM
  • User475983607 posted

    Ohh Got you,

    You do NOT get me.  A static variable not a static method!  It could also be a singleton or just a bug.

    Previously they were instance methods, but recently we need to change them as the old system is end of life. SO I thought may be static methods is a good way to go and went ahead. Since then I see this issue.

    Well, if you changed instance methods to static methods, there is a good chance you also changed instance fields to static too.

    if User A logs in Context.User would be User A information

    if User B access the page, Context.User would be User B information right?

    Yes, that's the way web sites work by default.  You have to write code to force a web app to behave as described in your problem statement.

    Any ideas there. If you need, I could post the relevant code here.

    As stated above there is not much we can do without the source code.  IMHO, the code shown seems overly complicated for setting Session.

    Thursday, July 5, 2018 10:14 AM