0

Recently migrated our .NET website to a Cloud environment with a gateway server acting as an IIS Web Farm to load balance our requests.

Our application uses forms authentication through cookies and the web farm has server affinity checked at the Client level.

At least one to many times per day, a client will call us stating they see someone else's name on our "Logged in as" area. Checking our logs, that "other" person is in fact logged in. The authorization cookie has a timeout period of 8 hours. We are looking into reducing this to 1 hour with a popup warning letting the user know they are about to be logged out.

Any ideas as to how to fix this or prevent it from happening?

Indy-Jones
  • 668
  • 1
  • 7
  • 19
  • It kinda sounds like the load balancer is doing some sort of response caching.. – Mike Christensen May 03 '13 at 20:19
  • 1
    I've seen this before. Caching of dynamically generated resources (i.e. from webresource.axd) will sometimes cache Set-Cookie headers. It should be possible to change your cache policies to prevent this. – dadoo Games May 03 '13 at 20:27

0 Answers0