ASP - USER AUTHENTICATION, cookies problem?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Paul
    Junior Member
    • May 2004
    • 11

    ASP - USER AUTHENTICATION, cookies problem?

    USER AUTHENTICATION (LOGIN/LOGOUT procedure)
    When the user LOGS IN his user name, access rights and other
    user-related information is stored into Session variables

    Session("access") = "blabla"
    Session("login") = "nickname"

    when the user LOGS OUT (or the session expires) this
    information is discarded

    Session("access") = ""
    Session("login") = ""

    NOTE: I do NOT use IP address for user authentication.

    PROBLEM
    After the first user logs in to my site, any other user
    (different PC behind that NAT) that opens internet browser (MSIE)
    and visits my site is ALREADY logged in as the first user!

    Any help would be greatly appreciated!

    It seems that the problem is only restricted to users that
    are "hidden" behind single IP address (using NAT). The logging
    works perfectly for any not behind NAT user.
    It acts as if only one cookie file was created for all users
    that access my site from behid NAT; as if the cookie was
    created on the NAT router and not directly on client's computer.
  • Guest

    #2
    IIS uses a single session cookie which contains only a SessionID value. All other Session data is stored in a collection-type object on the web server.

    If you are using any HTTP_REFERER or REMOTE_ADDR server variables, they often get lost from computers behind firewalls or proxy servers.

    If your browser blocks Session cookies then Session data won't be maintained.

    If your users navigate from one IIS Web Application to another Session data can be lost

    Comment

    Working...
    😀
    😂
    🥰
    😘
    🤢
    😎
    😞
    😡
    👍
    👎