ServerVariables Returning wrong user

[rob68isy]

I have ASP page which requires Windows Authentication. when users connecting via Intranet (same domain) from a remote site (different LAN) use tthis and subsequent pages Requesy.ServerVariables("AUTH_USER") returns the wrong user. If the browser is refreshed then the correct user pops up. The information is user-sensitive and if the browser is not refreshed, the user can see other persons data.


Help! IIS5 W2K

 

[Sheco]

It is probably only returning the value that it received in the Request header. Refreshing the browser forces the header to be re-sent.

 

[Sheco]

Is there a proxy server involved in this?

 

[rob68isy]

Yes. There is a proxy server involved...

 

[Sheco]

Does it only happen to users of the proxy?

 

[rob68isy]

Yes. I guess I should have stated that earlier

 

[Sheco]

If you have a handy way to simulate the problem, you can take a look at the entire contents of the Request with something like this: (VBScript version)

For each foo in Request.ServerVariables
Response.Write foo & " = " & foo.value & "<BR>
Next