Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > ASP Session Swapping!!! HIPAA Compliancy Related!!!

Thread Tools

ASP Session Swapping!!! HIPAA Compliancy Related!!!

Jerry Kizziar
Posts: n/a

I have a client that on 2 occasions has had their classic ASP Sessions
swapped with another user. We have a support site that uses the Session
object to store all of the relevant data, and one of the options on the site
is to download txt files related to that client. When they log in they go to
the area to download files, click on a file and it displays it in the (same)
browser, they click back and it goes back to the listing of files. Both
occasions, reportedly they clicked back, had a long delay and then it would
give them a listing of the wrong clients files.

Oddly enough both times they got the listing of the wrong clients files, it
was the same clients files that appeared. We also display the name of the
client and the user, Session("client") and Session("login") and they were

Once they log in to the site, none of the session variables are changed.

The server is running Windows 2003 Standard with IIS 6 (not IIS5 isolation

Any help would be greatly appreciated!!!!
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP Session Swapping!!! HIPAA Compliancy Related!!! Chris ASP General 8 02-13-2006 01:33 PM
Slightly OT: Anyone doing HIPAA healthcare work using .Net? WTH ASP .Net Web Services 0 06-15-2005 03:51 AM
VS 2005 XHTML Compliancy problem =?Utf-8?B?V2FsdCBaeWRoZWs=?= ASP .Net 3 12-20-2004 05:51 PM
508 Compliancy Tools for ASP.NET VBDotNETCoder ASP .Net 3 11-16-2004 02:40 PM
Web site question: HIPAA compliance Dave Navarro HTML 5 06-08-2004 10:43 AM