MohitPandit
asked on
ASP.NET: Security Breech
Hello,
I've one website and around 500 users concurrently logged in at global level.
Yesterday, one user reported one issue that once he tried to log-in then he saw different user name automatically in text box at login page.
Could you please assist me, what are the different reasons for that?
FYI, we are using form authentication in the application.
Best Regards
I've one website and around 500 users concurrently logged in at global level.
Yesterday, one user reported one issue that once he tried to log-in then he saw different user name automatically in text box at login page.
Could you please assist me, what are the different reasons for that?
FYI, we are using form authentication in the application.
Best Regards
ASKER
Okay, let me check aforesaid things.
Best Regards
Best Regards
ASKER
I am not using claim/token. Please find below exact situations:
This issue is happening often to users, where they type in their username and password and then login, and the system refreshes the page and it pops up with someone elses username and then the password is blank
This issue is happening often to users, where they type in their username and password and then login, and the system refreshes the page and it pops up with someone elses username and then the password is blank
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, I shall dig into detail and update you.
Best Regards
Best Regards
Are you working in a load-balanced environment? It sounds like you've got session issues.
ASKER
No, load balanced is not implemented.
Best Regards
Best Regards
ASKER
No caching implemented. I'll try to dig more and let you update.
Best Regards
Best Regards
ASKER
I couldn't resume from this problem yet.
Best Regards
Best Regards
Mohit,
In such case you may have to post related Login Page code (all related aspx/cs and js)
In such case you may have to post related Login Page code (all related aspx/cs and js)
ASKER
Lately, came to know output cache was implemented. I've removed and didn't get any issue so far.
You may have to check your login authentication, check if login are unique?
make sure that you are managing session properly.
if you are using claim/token for authorization then make sure, your code is not generating duplicate token/claims.