许多用户之间的会话自动交换[ASP.NET]

I used a custom SessionWrapper class for handling Session in my ASP.NET project. It seems ok but I have recently found that it has hilarious error. If many user login to my website, their session will be exchanged or mixed. User A will has session of User B and maybe User C has Session of User A. It may change after User refresh the page.

我使用了一个定制的SessionWrapper类来处理我的ASP中的会话。网络项目。看起来还可以，但是我最近发现它有一个很搞笑的错误。如果许多用户登录我的网站，他们的会话将被交换或混合。用户A有用户B的会话，用户C有用户A的会话，用户刷新页面后可能会改变。

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Collections;

namespace MyNamespace
{
    public class SessionWrapper
    {
        public static string USER_SESSION = "userSession";

       public static void SetUserSession(string email, Dictionary<int, DateTime> products)
        {
            UserSession userSession = new UserSession() { Email = email, Products = products };
            System.Web.HttpContext.Current.Session.Add(USER_SESSION, userSession);
        }

        public static UserSession GetUserSession()
        {
            if (System.Web.HttpContext.Current.Session[USER_SESSION] != null)
            {
                return System.Web.HttpContext.Current.Session[USER_SESSION] as UserSession;
            }
            return null;
        }

        public static void RemoveUserSession()
        {
            if (System.Web.HttpContext.Current.Session[USER_SESSION] != null)
            {
                System.Web.HttpContext.Current.Session.Remove(USER_SESSION);
            }
        }
    }

    public class UserSession
    {
        private string email;
        private Dictionary<int, DateTime> products = new Dictionary<int, DateTime>();

        public string Email
        {
            get;
            set;
        }

        public Dictionary<int, DateTime> Products
        {
            get;
            set;
        }
    }
}

5 个解决方案

#1

The only reason apart from some strange code in application like Jonas H noticed is that you are testing it in either one browser instance in separate tabs or two instances of the same browser.

除了Jonas H注意到应用程序中的一些奇怪代码之外，唯一的原因是您正在不同的选项卡中的一个浏览器实例或同一个浏览器的两个实例中测试它。

Try display the HttpContext.Current.Session.SessionID to determine whether you are in the same session in all cases.

试着在HttpContext.Current.Session显示。SessionID确定您是否在所有情况下都在同一个会话中。

#2

It's the "static" modifier. Static variables exist for the lifetime of the AppDomain they were created in.

这是“静态”修饰符。静态变量存在于创建它们的AppDomain的生命周期中。

i.e. the w3wp.exe app process that spawns the app domain that the process itself runs in. No matter which request it is answering to at the time.

即在w3wp。exe应用程序进程，生成进程本身运行的应用程序域。不管是哪个请求，它在当时回答。

Therefore your static variables can be set by one user, and the read into another users session with how you have this setup.

因此，您的静态变量可以由一个用户设置，而读取到另一个用户会话的方式是如何设置的。

#3

You are adding all sessions with the same key: USER_SESSION. You need to provide a unique key for each user (perhaps the email address).

您将使用相同的键:USER_SESSION添加所有会话。您需要为每个用户(可能是电子邮件地址)提供唯一的密钥。

#4

The provided code should behave as desired. If the problem indeed exists as described, it must be caused by code elsewhere in the application.

所提供的代码应该按照期望的方式运行。如果问题确实如所描述的那样存在，那么它一定是由应用程序中的其他代码引起的。

#5

Try adding locking semantics:

尝试添加锁定语义:

private static Object locker = new Object();

public static UserSession GetUserSession()
{
  lock( locker)
  {
    if (System.Web.HttpContext.Current.Session[USER_SESSION] != null)
    {
      return System.Web.HttpContext.Current.Session[USER_SESSION] as UserSession;
    }
    return null;
  }
}

#1