Alpha DevCon 2018
Results 1 to 7 of 7

Thread: Multiple users with same session id

  1. #1
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,631

    Default Multiple users with same session id

    Can this happen? How can it be fixed?

    Multiple users login to the app and have session var set to filter for their own records. On the server I watch the session folders with their session id get created and the app writes a text debug file with their user id. OK so far.

    However it has happened that another user logs on and has the same session id, so has the same session folder. The app writes the debug file, and of course the user id is different. now when the first user requests a page they get data for user 2.

    This must mean that different users have a cookie with the same session id. This is of course a disaster. What to do?

    I am about to start converting this old app to a5v12, but this needs to be corrected immediately.

    Bill.

  2. #2
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,640

    Default Re: Multiple users with same session id

    Older versions of the server allowed session ID recycling, which could lead to this. I do not remember exactly when it was changed, but versions 11 and 12 definitely do NOT have this problem and I highly suspect 10 does not either.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  3. #3
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,631

    Default Re: Multiple users with same session id

    Thanks Lenny. For a "today" solution, would it work to have the user clear cookies from their browser and then they would get a new, hopefully unique, session id? Is there a more targeted way to clear just the WAS cookie? These are remote and non-technical users, but I'm sure they will cooperate if it solves this problem.

    If the session id is a uuid, curious that duplicates get assigned.

    Bill.

  4. #4
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,640

    Default Re: Multiple users with same session id

    Clearing cookies may not be enough. If they are using a link/bookmark that has the session ID as part of it, they will use that same session ID again.

    If it is a known session ID that keeps appearing, you could add code to your pages that looks for that session ID and do a Session.Abandon() (if that exists back in V9).

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  5. #5
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,631

    Default Re: Multiple users with same session id

    Understood about the bookmark. Will check that case by case.

    Since this is short term, would it work if I set the WAS to not use cookies, forcing tracking through url? Then I don't need to rely on users to do anything.

    Not sure if there is unintended consequence to that.

    Bill.

  6. #6
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,640

    Default Re: Multiple users with same session id

    The issue is that the older server would trust any session id requested by the browser. This could be from a cookie, or from a link with a session id in it. In order to have occurred in the first place, a link with the session ID was shared between users at some point, so there is a fair likelihood that clearing cookies or even turning them off will not fully solve this. There were also a number of bugs in cookieless session tracking that have been fixed over the years. For thos 2 reasons, I would not turn off cookies in an attempt to fix this.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  7. #7
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,631

    Default Re: Multiple users with same session id

    Thanks for the insight Lenny.

    Bill.

Similar Threads

  1. Using Session variables across multiple grids in same session
    By timposey in forum Application Server Version 10 - Web/Browser Applications
    Replies: 2
    Last Post: 11-24-2010, 10:49 AM
  2. Multiple users with multiple databases
    By jbk in forum Alpha Five Version 9 - Desktop Applications
    Replies: 23
    Last Post: 02-26-2009, 07:41 AM
  3. Multiple users for WAS
    By richardurban in forum Web Application Server v7
    Replies: 8
    Last Post: 07-30-2007, 02:37 PM
  4. different users got the same session ID
    By Steve Wood in forum Web Application Server v6
    Replies: 1
    Last Post: 07-17-2005, 12:21 AM
  5. Multiple Users
    By Rich Hartnett in forum Alpha Five Version 6
    Replies: 2
    Last Post: 04-12-2005, 01:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •