Wednesday, July 19, 2006
ASP.NET Kernel-Mode Output Caching is bad!
I was bit shocked when opening my VS today I got a link from the RSS feed from Microsoft on my start page to an article that talks about 10 ASP.Net pitfalls .
One of the things the author talks about is an issue with Kernel-Mode output caching. Apparently, if you're ASP.NET either 1.1 or 2.0 on Windows Server 2003 on IIS 6 (which is probably at the very least 50% of people) there is a known and very dangerous problem with using kernel-mode output caching. If turned on then you will get random "cross-session" problems, that is, a user might be injected into someone else's session!
That is because the kernel-mode output caching sometimes loads the sessionID along with everything else from the cache!! Crazy stuff.
The reccomendation is: if you've got the above setup (Windows Server 2003, ASP.Net on IIS 6) turn off Kernel-mode output caching! It's preffered to turn it off on the web.config file but you can also turn it off for the whole server by using the registry.
With this, it makes you wonder if output caching is really worth it, since without enabling kernel-mode the performance of the caching system will drop drastically.
For more details on the issue and to read the full article (well worth a read) see:
http://msdn.microsoft.com/msdnmag/issues/06/07/WebAppFollies/default.aspx
I was bit shocked when opening my VS today I got a link from the RSS feed from Microsoft on my start page to an article that talks about 10 ASP.Net pitfalls .
One of the things the author talks about is an issue with Kernel-Mode output caching. Apparently, if you're ASP.NET either 1.1 or 2.0 on Windows Server 2003 on IIS 6 (which is probably at the very least 50% of people) there is a known and very dangerous problem with using kernel-mode output caching. If turned on then you will get random "cross-session" problems, that is, a user might be injected into someone else's session!
That is because the kernel-mode output caching sometimes loads the sessionID along with everything else from the cache!! Crazy stuff.
The reccomendation is: if you've got the above setup (Windows Server 2003, ASP.Net on IIS 6) turn off Kernel-mode output caching! It's preffered to turn it off on the web.config file but you can also turn it off for the whole server by using the registry.
With this, it makes you wonder if output caching is really worth it, since without enabling kernel-mode the performance of the caching system will drop drastically.
For more details on the issue and to read the full article (well worth a read) see:
http://msdn.microsoft.com/msdnmag/issues/06/07/WebAppFollies/default.aspx
# posted by Matheus Guimaraes @ 10:14 am 
