When multiple users are logged into the website, the last logged in users details are visible to all previously logged in users. This is causing serious vulnerability issue.
I'm not using any session variables in storing user data instead, Once the user logged into my website, i'm keeping his acc details in helper class file like below. And in my all other pages, am using getting userdetails like UserData.userid, UserData.username etc...
public class UserData
{
public static int userid;
public static string username;
public static string useremail;
public int user_id
{
get { return userid; }
set { userid = value; }
}
public string user_name
{
get { return username; }
set { username = value; }
}
public string user_email
{
get { return useremail; }
set { useremail = value; }
}
}
You are declaring the fields of this class as static. This means that every instance of the class UserData will have the same values in these fields.
See here documentation about the static keyword and when you set these values you set the same values for every instance still around in your program.
You need to remove the static keyword, but given the fact that you don't really have any use for these fields you could remove them and simply change your class to use auto implemented properties instead
public class UserData
{
public int user_id {get;set;}
public string user_name {get;set;}
public string user_email {get;set;}
}