IIS 6/.Net 2:How can user A get the user cookie for unrelated user B who is in a different session a

Posted by jon.ediger on Stack Overflow See other posts from Stack Overflow or by jon.ediger
Published on 2008-11-04T18:00:06Z Indexed on 2010/05/11 4:04 UTC
Read the original article Hit count: 386

Filed under:
|
|
|

1) user A goes to the site, creates an account, and logs in 2) user b goes to the site. Rather than having to log in, user b enters as though user b is user a. User b gets access to all of user a's data and can brows the site as user a.

Note: user b does not log in. User b just hits the site, and the site returns as if user b is already logged in as user a.

Note 2: user a and user b are on distinct computers. Also, static variables are not involved in the code.

Setup: IIS 6 .Net 2.0 OutputCache off for the pages in the site

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about .NET