Sessionstate 服务器(webfarm)环境,用户会话混淆
我有一个奇怪的问题。首先让我描述一下我的情况:
- Webserver01(Web 应用程序、SQL、SessionState 服务)
- Webserver02(Web 应用程序)
两个 Web 服务器都使用 NLB 进行负载平衡。
现在问题来了。登录用户非常非常偶然,如何从完全不同的用户那里获取会话。我们是如何注意到的?我们接到一位客户的电话,告诉我们他突然可以访问其他客户的个人资料..!!
为了消除 Sessionstate,我们将使 Webserver02 脱机并禁用 SessionState 并将其放入 InProc。
但我的主要问题是我注意到两个网络服务器都有不同的日期时间!差别只有几分钟,很草率,但却是事实。这是否也是用户会话混淆的原因?有人在 SessionState 服务中遇到过类似的问题吗?
非常感谢。
I've got a strange problem. Let me first describe my situation:
- Webserver01 (Webapplication, SQL, SessionState Service)
- Webserver02 (Webapplication)
Both webservers are load balanced using NLB.
Now comes the problem. Very, very, very incidental a logged in user, some how gets the session from a completely different user. How do we noticed? We got a call from one of our customers, telling that he suddenly has access to anothers customers profile..!!
To eliminate the Sessionstate, we're going to take Webserver02 offline and disable SessionState and put it InProc.
But my main question here is that i've noticed that both webservers have different date-time! The difference is only a few minutes, sloppy, but true. Could this also be the cause of user Sessions getting mixed up? Anyone expirenced similiar problem(s) with SessionState service?
Many thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我过去也遇到过类似的情况。在我的情况下,一位开发人员(老实说不是我)在我们的数据访问层中创建了一个静态数据库连接,这导致了随机问题,与您遇到的问题非常相似。您能确认您没有静态数据库连接吗?
IE,
I've had a similar situation in the past. In my situation a developer (not me honestly) had created a single static database connection in our Data Access layer which caused random issues, very similar to the one your experiencing. Can you confirm that you've got no static database connections?
I.E.,
还是没发现问题。虽然这样的事已经不再发生了。我们已经彻底清理了我们的代码...这可能会成功...
Still didn't found the problem. Although it hasn't occurred anymore. We've drasticly cleaned our code... that might did the trick...