Viewstate seems to be hijacked inadvertently
we are using asp.net 2.x, we use session state stored in sql server, 2 web servers in loadbalance, iis6.
our issue is that in the last 3 months we have had 2 cases where some one using our enquiry form has seen someone else's info e.g. first name and last name. We are not populating the form from objects in session so I have come to the conclusion that the second user has somehow received the viewstate from the first user, after that user has tried to submit and got an error e.g. has posted view state and returned the the same page and the other user has requested that page at the same time (must have been on the same server I am guessing if it is a viewstate issue).
have any of you experienced this before? some questions mulling around in my head is how does the worker process know to retun view 开发者_开发百科state to a unique request and how does it determine a unique request etc..
do you use asp.net caching?
in the past, there have been some known issues with caching and mismatched sessions in load controlled environments.
I believe this article talks about it http://msdn.microsoft.com/en-us/magazine/cc163577.aspx#S1
精彩评论