SESSION: System confuses users who access it simultaneously

Question

SESSION: System confuses users who access it simultaneously

Navigation

#1 by (1 votes)
#2 by (0 votes)

1

When 2 users access the system at the same time, it somehow confuses users, not just the name, but their permissions too ...

I'm assigning the session after logging in to ActionFilter

public class UsuarioAttribute : ActionFilterAttribute

public override void OnActionExecuting(ActionExecutingContext filterContext)
{
    int idUsuario= new UsuarioNegocio().GetIdByExternalId(decodedToken.ExternalUserId.ToInt32());//Id vem de um token

    Usuario usuario = new UsuarioNegocio().GetById(idUsuario);

    filterContext.HttpContext.Session["Usuario"] = usuario;
}

And in BaseController I have the following method to retrieve the session:

public Usuario GetCurrentUser()
{
   return (Usuario)HttpContext.Session["Usuario"];
}

Has anyone had this problem with session?

c# asp.net-mvc

asked by anonymous 04.02.2016 / 13:32

2 answers

0

The problem was in the controller in the exit method, it was like this:

[HttpGet, OutputCache(NoStore = true, Duration = 1)]

I just left with the get and resolved (I can not explain the reason):

[HttpGet]

04.02.2016 / 17:32

AccessKey in Jquery System to identify that the user owns the topic PHP + Mysql

score 1 · Accepted Answer

This is the wrong way to persist user data in ASP.NET MVC session.

Alternatives to this are:

Use an object derived from ProfileBase (explain here) ;
Use an authentication provider such as ASP.NET Identity . Examples here .

EDIT

You said in response that you are using OutputCache , which is a global resource. That is, the first user to create the cache will create Session information for everyone.

[HttpGet, OutputCache(NoStore = true, Duration = 1)]

It seems absurd, but it makes perfect sense, just because session data is also held by OutputCache .