Is there danger of one user getting back results for another user because webmethods are Shared?

Question

I have recently moved away from Ajax.dll and started to use WebMethods. I have read that Shared functions are dangerous and have read up on them as to why. I wonder if anyone with experience using webmethod can tell me if there is any danger calling user specific data based on the Session and returning it to the wrong user because the WebMethod is required to be Shared. I would expect not, but its been bugging me.

<WebMethod(EnableSession:=True)> _
<ScriptMethod()> _
Public Shared Function GetSomething(ByVal SomeUserSpecificVariable As String) As String

 // Do something with HttpContext.Current.Session("UserID")

 Return something

End Function

Answer 1

I guess you are referring to shared functions as opposed to instance functions. There might be edge cases, e.g. the instance constructor of the class containing the webmethod must be called in order to make the instance save. In that case, only instance methods of the class can ever be safe. But that would be a detail of the class implementation.

Of course you cannot ever store user data in shared members of the class, because every user would access that same field. But if you - like mentioned in your example - only access services that differentiate between users with a specific mechanism (like HttpContext.Current.Session) you will note be tempted to run into this mistake. But again, this risk is not specific to the use of shared functions, so my answer is "no".