0

When two users access the system at the same time , somehow it confuses users , not only the name , but its permissions too ...

I'm assigning the session after login in ActionFilter

public class UserAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        int idUser = new UserBusiness().GetIdByExternalId(decodedToken.ExternalUserId.ToInt32());//Id from goes token
        User user = new UserBusiness().GetById(idUser);
        filterContext.HttpContext.Session["User"] = user;

     }
}

And in BaseController have the following method to retrieve the session: 

public User GetCurrentUser()
{
    return (User)HttpContext.Session["User"];
}

Has anyone had this problem with session?

Simon Karlsson
  • 4,090
  • 22
  • 39
AleBabaloff
  • 129
  • 7
  • 1
    Are your two users one person in different tabs of their browser? – Paddy Feb 04 '16 at 12:47
  • No, I'm using different client machines. – AleBabaloff Feb 04 '16 at 12:51
  • 2
    Are you sure your issue is with what's in session and not a problem with your tokens? – Paddy Feb 04 '16 at 12:54
  • Yes, the problem is not with our tokens =/ – AleBabaloff Feb 04 '16 at 12:57
  • In that case, there is insufficient information in your question to diagnose the issue. From what you have stated and supplied, the code should work, however, you have not shown where this is subsequently accessed and used. – Paddy Feb 04 '16 at 12:58
  • 1
    How do you know the tokens aren't mixed up? ASP.NET *doesn't* confuse sessions. A different session dictionary is generated for different *user sessions*. If both users log in with the same credentials, they may get the same session. Where does `decodedToken`come from ? Are you sure eg that you don't store it in a static field somewhere? – Panagiotis Kanavos Feb 04 '16 at 13:02
  • PS - why do you create the UserBusiness object twice? If this is a Repository, you are creating and opening two connections for no reason. Is your repository returning the same user object for different users, perhaps due to an error? – Panagiotis Kanavos Feb 04 '16 at 13:06

1 Answers1

0

The problem was in the controller method out , was as follows:

[HttpGet, OutputCache(NoStore = true, Duration = 1)]

I left only with the get and decided (not explain why):

[HttpGet]
AleBabaloff
  • 129
  • 7
  • You are caching the output, but not differentiating between users. You need to add the user session key to the outcache key so this doesn't happen. See http://stackoverflow.com/questions/17187736/output-cache-per-user – Robert McKee Feb 04 '16 at 16:59