I have an mvc4 site running on an win2k8 iis 7.5. It uses built in security for authentication. The users on log in are presented with a grid showing their jobs at the top of the page is the email address of the current user that allows them access to the log off menu. Very very occasionally users report that they see grids from other users. The screen shots I have been sent show the email address not of the user reporting the issue. I am stuck as to the cause of this issue. Versions of the same site are in use on other servers and there have been no reports of this issue occurring elsewhere. IIS is set not to cache pages etc I am unsure as how to trace the cause of this / stop it happening. It is from reports a very occasionally event - however it should not be happening. Does anyone have any ideas / suggestions.
Asked
Active
Viewed 45 times
0
-
When you say built in security- do you mean Active Directory or AAD? (as opposed to usernames and passwords specific to the site?) – Carl Aug 13 '20 at 08:50
-
Site specific via Microsoft.AspNet.Identity; Microsoft.Owin.Security; using email address as username and strong password – ktq53 Aug 13 '20 at 09:41
1 Answers
0
Since the AspNet Identity is an authentication technology based on the client cookies, there is a possibility, in that case, there is another user opening the webpage without closing the preceding browser session. In the words, the preceding client session is still preserved in the browser.
I suggest you consider setting up the session timeout.
How to set session timeout in web.config
Abraham Qian
- 7,117
- 1
- 8
- 22
-
Hi thanks for the response - The users are from separate sites so not sharing browser. – ktq53 Aug 14 '20 at 09:29