cookie/session appears to be overwritten in thin client enviroment

Question

I have a asp.net mvc web page that stores my employeeid in session state, however when 2 employees access within the same time frame it appears to get overwritten or mixed up. I have spent 2 hours googling for answer but have found none. I am unfamiliar with thin clients myself so I am wondering how does session state works in this scenario. If the same user is logged into the server/thin clients do they share the same cookies session state? What are my alternatives? We use the same generic user over and over for our thin clients fyi...

I do not use any static instances. Example: Session["EmployeeId"] = model.Employee.Id; Non static class for the model. – The thin clients are using Windows XP Embedded. The users do use separate instances of the browser but it is still the same windows generic username for both instances. No proxy.

It appears since I am using the default session state it uses cookies so different instances still see the same cookie and get the same session. Since this is MVC I cannot really change to be url driven as that would mess up my routing and would have to do extensive work for that... Please any ideas anyone?

just to make sure: you're not storing anything in a static variable, right? — Thousand, Sep 25 '12 at 17:01
What kind of thin client is this ? The users do run separate instances of a browser, right ? Is there a proxy between the server and clients (which could drop the sessions or mix them up) ? But, start with looking at the first comment by @JaneDoe. — driis, Sep 25 '12 at 17:15
@Jane - Nope I saw that all over when googling. Example: Session["EmployeeId"] = model.Employee.Id; Non static class for the model. And this code is a controller action. — retslig, Sep 25 '12 at 18:51
@driis - The thin clients are using Windows XP Embedded. The users do use separate instances of the browser but it is still the same windows generic username for both instances... No proxy. — retslig, Sep 25 '12 at 18:54
It appears since I am using the default session state it uses cookies so different instances still see the same cookie and get the same session. Since this is MVC I cannot really change to be url driven as that would mess up my routing and would have to do extensive work for that... Please any ideas anyone? — retslig, Sep 26 '12 at 15:52

score 0 · Accepted Answer · answered Oct 01 '12 at 12:57

0

My solution that I ended up implementing was this: Session["EmployeeId" + model.Employee.Id] = model.Employee.Id. This makes each user unique for me. While this is not ideal it did resolve my problem.

answered Oct 01 '12 at 12:57

retslig

888
5
22

cookie/session appears to be overwritten in thin client enviroment

1 Answers1