Here's a doozy. I have written an application that relies on a couple of Session Variables that define the path and new name of a file that is being uploaded using the SA FileUpload object.
When an administator of the web server is authenticated (using Intigrated Windows Auth) it works great, and the variables persist. However, when a member of another group attempts an upload, the session vars get dropped, making the name of the file clear from memory and breaks the app.
Here's the fruity part...just as a test, I changed the authentication method for the virtual directory from Intigrated Windows (and yes all of the users in the group have the right level of access) to Clear Text and the Session vars persist, the users can upload files and the site works.
Is there a correlation between session vars and security...I gotta know before I toss my web server out the window.
token
When an administator of the web server is authenticated (using Intigrated Windows Auth) it works great, and the variables persist. However, when a member of another group attempts an upload, the session vars get dropped, making the name of the file clear from memory and breaks the app.
Here's the fruity part...just as a test, I changed the authentication method for the virtual directory from Intigrated Windows (and yes all of the users in the group have the right level of access) to Clear Text and the Session vars persist, the users can upload files and the site works.
Is there a correlation between session vars and security...I gotta know before I toss my web server out the window.
token
