What's wrong with this code?

---

• From: "darrel" <notreal@xxxxxxxxxxx>
• Date: Tue, 30 Jan 2007 13:27:23 -0600

---

Our CMS sets a cookie when you login. Various applications within the CMS
check the cookie to establish the user's name, permissions, etc.

The class below is what is references whenever we need to grab the user
data. For instance, when the user saves a database record, we attach their
username to the record by requesting SecureUsers.su_strUser

The problem (as you can probably guess) is that if two people trigger a
thread at the same time, one user's data can be 'grabbed' by the other's
process.

I'm assume this is because these variables are all 'shared', as 'shared' is
at the class level rather than instance level, correct? If so, are Public
Properties the solution? Or should I be calling a public function within
this class that returns the values (creating an instance of the class
first)? Or...?

-Darrel

=================================================================

Public Class SecureUsers
Inherits System.Web.UI.UserControl

Public Shared su_strUser As String
Public Shared su_strEmail As String
Public Shared su_intDistrict As Integer
Public Shared su_intAdminLevel As Integer
Public Shared su_categories As String
Public Shared su_strDistrict As String

....

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
If Not Request.Cookies("CMSUser") Is Nothing Then
su_strUser =
Server.HtmlEncode(Request.Cookies("CMSUser")("su_strUser"))
su_strDistrict =
Server.HtmlEncode(Request.Cookies("CMSUser")("su_strDistrict"))
su_intDistrict =
Server.HtmlEncode(Request.Cookies("CMSUser")("su_intDistrict"))
su_strEmail =
Server.HtmlEncode(Request.Cookies("CMSUser")("su_strEmail"))
su_categories =
Server.HtmlEncode(Request.Cookies("CMSUser")("su_categories"))
su_intAdminLevel =
Server.HtmlEncode(Request.Cookies("CMSUser")("su_intAdminLevel"))
End If
End Sub

End Class

=================================================================


.

---

• Follow-Ups:
  • Re: What's wrong with this code?
    • From: bruce barker

• Prev by Date: Running a web App on PC using the Development Server?
• Next by Date: Re: Help: Working with hyperlinks in C#
• Previous by thread: Running a web App on PC using the Development Server?
• Next by thread: Re: What's wrong with this code?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: DESPERATE: FormsAuthentication Problem ... >>> database and create a semicolon delimited string listing the roles ... >>> them in the forms authentication cookie. ... >>> Dim authTicket As FormsAuthenticationTicket = New ... (microsoft.public.dotnet.framework.aspnet) Re: How to login to a site using cookie? (not applet) ... What about Cookie? ... /** Post a string to an URL and get the reply as a string. ... // InputStream before completely writing out your output ... protected PasswordAuthentication getPasswordAuthentication() ... (comp.lang.java.programmer) Re: Strange Role-Based authentication problem! ... I'd run Trace=true on your page to see if you're getting two ASP.NET forms authentication cookies. ... Since you're setting the cookie manually and then callings FormsAuth.SetAuthCookie, it's also adding in its own cookie. ... dsn.Close; string strRole = ""; ... (microsoft.public.dotnet.framework.aspnet) Re: Cookie question ... that grabs a cookie value: ... why is it checking if endStr equals to false? ... boolean value is required a number type-converts to boolean as; ... returns the index of the argument string within the subject string as an ... (comp.lang.javascript) Re: Ticket disappears when browser is closed ... be careful - if the cookie is save to the users harddrive - anyone who has access to that directory can grab the cookie and bypass authentication. ... Dim New DatabaseUser ... Dim userData As String = DatabaseUser.UserData ... ByVal PersonID As Integer, ByVal roles As String) ... (microsoft.public.dotnet.framework.aspnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)