Problem with session variables

[OscarArg]

Hello
I have an ASP.NET app (VS 2005) that requires users to login and then
presents some private information to users. The user identity is kept after
login by session variables. (cookies)
Everything goes OK as long as users connect directly to the web server.

However, when conecting thru an ISA server, sometimes one user sees
information belonging to another recent user.

The web server is configured for immediate page expiration.

Any ideas?
TIA

 

[darrel]

However, when conecting thru an ISA server, sometimes one user sees

information belonging to another recent user.

Are you using ISA for load balancing? If so, then there's likely more than
one server and you'll have to configure IIS on the servers to handle SQL
based session variables.

-Darrel

 

[OscarArg]

No, no load balancing, a single Web server and a separate, single ISA server
2004 on W2003 server.
I think that as the requested URLs are the same for every user the ISA is
somehow caching the pages based just on the URL and when another user
requests the same page from another session, the ISA serves the cached page
instead of forwarding the request to the web server. ... Could this be the
case, and if so, how could it be prevented?

 

[darrel]

No, no load balancing, a single Web server and a separate, single ISA

server
2004 on W2003 server.
I think that as the requested URLs are the same for every user the ISA is
somehow caching the pages based just on the URL and when another user
requests the same page from another session, the ISA serves the cached
page
instead of forwarding the request to the web server. ... Could this be the
case, and if so, how could it be prevented?

This issue is that your web server probably just sees one user...the ISA
server. So everyone is sharing the same session variable.

Alas, that's just a guess. hopefully someone that knows for sure can chime
in.

-Darrel