SESSION: System confuses users who access it simultaneously

Asked

Viewed 112 times

1

When 2 users access at the same time the system, somehow it confuses the users, not only the name, but their permissions as well...

I am assigning the session after logging into Actionfilter

public class UsuarioAttribute : ActionFilterAttribute

public override void OnActionExecuting(ActionExecutingContext filterContext)
{
    int idUsuario= new UsuarioNegocio().GetIdByExternalId(decodedToken.ExternalUserId.ToInt32());//Id vem de um token

    Usuario usuario = new UsuarioNegocio().GetById(idUsuario);

    filterContext.HttpContext.Session["Usuario"] = usuario;
}

And in Basecontroller I have the following method to recover the session:

public Usuario GetCurrentUser()
{
   return (Usuario)HttpContext.Session["Usuario"];
}

Has anyone ever had this problem with session?

c# asp.net-mvc

  • Maybe it’s because you’re using a static variable. So when another user logs in, it’s updated, unless you save the object. Try a Global.

2 answers

1


This is the wrong way to persist session user data in ASP.NET MVC.

The alternatives to this are:

EDIT

You said by answer you’re using OutputCache, which is a global resource. That is, the first user to create the cache will create Session information for all.

[HttpGet, OutputCache(NoStore = true, Duration = 1)]

It seems absurd, but it makes perfect sense, precisely because the data of the session are also maintained by OutputCache.

0

The problem was found in the controller in the exit method, it was like this:

[HttpGet, OutputCache(NoStore = true, Duration = 1)]

I left only with the get and solved (I can not explain the reason):

[HttpGet]
  • 1

    Because the OutputCache is global. It is not per user.

  • Thank you very much Gypsy, if you want to give as answer copying what I wrote I leave you as best answer!

  • Okay, I updated the reply with a few more comments. Thank you.

Browser other questions tagged c# asp.net-mvc

You are not signed in. Login or sign up in order to post.