Try our conversational search powered by Generative AI!

Login / User Authentication Troubles


We are using the default form login for our website. The roleManager is set on MultiplexingRoleProvider with SqlServerRoleProvider mapped on the ActiveDirectoryMembershipProvider. The membership provider is the ActiveDirectoryMembershipProvider. Everything works fine - most of the time.
But occasionally something very weird happens. A different user is already logged in when someone calls the website. The username appears on the page and is marked as logged in. Additionally all the users private data is visible to the visitor.

Have someone a clue about what happens here? Any hints to solve that problem? That would be great. Thankx.

additional notes:
- form login is using requireSSL="true" and timeout="129600"
- <sessionState cookieless="UseCookies" cookieName="EPiServer" mode="InProc" ...
- The website is running in https mode
- clearing the application pool manually helps

Jun 10, 2011 14:35
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.