ASP.NET: Security Breech


I've one website and around 500 users concurrently logged in at global level.

Yesterday, one user reported one issue that once he tried to log-in then he saw different user name automatically in text box at login page.

Could you please assist me, what are the different reasons for that?

FYI, we are using form authentication in the application.

Best Regards
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Imran Javed ZiaConsultant Software Engineer - .NET ArchitectCommented:
It is very difficult to identify such issue without detail analysis and there can be any problem, I may recommend to check following things first:
You may have to check your login authentication, check if login are unique?
make sure that you are managing session properly.
if you are using claim/token for authorization then make sure, your code is not generating duplicate token/claims.
MohitPanditAuthor Commented:
Okay, let me check aforesaid things.

Best Regards
MohitPanditAuthor Commented:
I am not using claim/token. Please find below exact situations:

This issue is happening often to users, where they type in their username and password and then login, and the system refreshes the page and it pops up with someone elses username and then the password is blank
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Imran Javed ZiaConsultant Software Engineer - .NET ArchitectCommented:
in this case make sure that login page has not being cached. secondly check your code for login fail (what your code does if user is not authenticated).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MohitPanditAuthor Commented:
Yes, I shall dig into detail and update you.

Best Regards
käµfm³d 👽Commented:
Are you working in a load-balanced environment? It sounds like you've got session issues.
MohitPanditAuthor Commented:
No, load balanced is not implemented.

Best Regards
MohitPanditAuthor Commented:
No caching implemented. I'll try to dig more and let you update.

Best Regards
MohitPanditAuthor Commented:
I couldn't resume from this problem yet.

Best Regards
Imran Javed ZiaConsultant Software Engineer - .NET ArchitectCommented:

In such case you may have to post related Login Page code (all related aspx/cs and js)
MohitPanditAuthor Commented:
Lately, came to know output cache was implemented. I've removed and didn't get any issue so far.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.