Soren
It is even worse. I have just made a test. I have moved all variables in question, marked below with arrows, to userSession unit.
uses
GR32, Vcl.Graphics; //gr32 is for TBitmap32
in session.oncreate I put
s32:= nil; d32:= nil; m:= nil; d:= nil; bufor:= nil; pic:= nil;
d32:= Tbitmap32.Create; s32:= TBitmap32.Create;
m:= TBitmap.Create; d:= TBitmap.Create; bufor:= Tbitmap.Create;
pic:= Tpicture.Create;
and session.ondestroy
if assigned(s32) then FreeAndNil(s32);
if assigned(d32) then FreeAndNil(d32);
if assigned(pic) then FreeAndNil(pic);
if assigned(bufor) then FreeAndNil(bufor);
if assigned(m) then FreeAndNil(m);
if assigned(d) then FreeAndNil(d);
I opened two sessions in two different-browser tabs and I got the same variable values for user1 and user2!! My photography app does not work for more than one user at the same time. Perhaps the problem is related to TIWImage put on the form at design time, and this component uses shared value for both the users. When I draw on TIWImage.picture.bitmap.canvas, the same value is shown for the other user.
This is a serious security threat for any intraweb app and should be properly looked into.
It is even worse. I have just made a test. I have moved all variables in question, marked below with arrows, to userSession unit.
uses
GR32, Vcl.Graphics; //gr32 is for TBitmap32
Code:
TIWUserSession = class(TIWUserSessionBase)
procedure IWUserSessionBaseCreate(Sender: TObject);
procedure IWUserSessionBaseDestroy(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
s32,d32: Tbitmap32; <=
m,d, bufor: Tbitmap; <=
pic: Tpicture; <=
wejścia: integer;
pokażLicznik: boolean;
procedure liczWejścia(rodzajDanych: jakieDane);
procedure zapisujAdres;
function DoS: boolean;
end;
s32:= nil; d32:= nil; m:= nil; d:= nil; bufor:= nil; pic:= nil;
d32:= Tbitmap32.Create; s32:= TBitmap32.Create;
m:= TBitmap.Create; d:= TBitmap.Create; bufor:= Tbitmap.Create;
pic:= Tpicture.Create;
and session.ondestroy
if assigned(s32) then FreeAndNil(s32);
if assigned(d32) then FreeAndNil(d32);
if assigned(pic) then FreeAndNil(pic);
if assigned(bufor) then FreeAndNil(bufor);
if assigned(m) then FreeAndNil(m);
if assigned(d) then FreeAndNil(d);
I opened two sessions in two different-browser tabs and I got the same variable values for user1 and user2!! My photography app does not work for more than one user at the same time. Perhaps the problem is related to TIWImage put on the form at design time, and this component uses shared value for both the users. When I draw on TIWImage.picture.bitmap.canvas, the same value is shown for the other user.
This is a serious security threat for any intraweb app and should be properly looked into.