ASP.NET Session Mix-up using StateServer (SCARY!)

Question

We store two objects in session. Somehow, one of the objects from another user got loaded into a different user\'s session. The user should have had no access to this partic

Answer 1

Possible answer - similar isue reported using cookieless session state.

session showing something wrong

Edit - Added

Another possible answer:

An ASP.NET page is stored in the HTTP.sys kernel cache in IIS 6.0 when the ASP.NET page generates an HTTP header that contains a Set-Cookie response