{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《IIS 6/.Net 2:How can user A get the user cookie fo》','https://www.manongdao.com/q-1052040.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
1) user A goes to the site, creates an account, and logs in 2) user b goes to the site. Rather than having to log in, user b enters as though user b is user a. User b gets access to all of user a's data and can brows the site as user a.
Note: user b does not log in. User b just hits the site, and the site returns as if user b is already logged in as user a.
Note 2: user a and user b are on distinct computers. Also, static variables are not involved in the code.
Setup: IIS 6 .Net 2.0 OutputCache off for the pages in the site
Check that you are not storing any data in static (c#) or Shared (VB) variables.
This question seems quite similar to Apache/Tomcat error - wrong pages being delivered. As my answer to that question mentions, if you use session cookies, check if your
Varyheader is correct.From research by other team members:
Based on the known issue of users sharing sessions as a result of output caching with ASP.NET, IIS 6.0, and Windows 2003 Server, the problem may only be repeatable 1 out of 100,000 requests (see the 'Sessions and Output Caching' section of this article) http://msdn.microsoft.com/en-us/magazine/cc163577.aspx