Current user gets overwritten with ria service authentication

I have a SL 4 applicaiton with RIA service for authentication(Forms + IE9). Consider following scenario

• user A logs into the system,
• now user B does the same,
• user A performs some operation and it appears that inside System.Web.HttpContext.Current.User are hidden credentials for user B which is a catastrophy

Here's part of my web.config <authentication mode="Forms" > <forms name="MY_COOKIE_NAME" timeout="180"/> </authentication>

an开发者_开发知识库d code part responsible for login

public AuthenticationUser Login(string userName, string password, bool isPersistent, string customData)
    { 
        var retUser = new DefaultUser();
        if (/*check credentials*/)
        {
            FormsAuthentication.SetAuthCookie(userName, true);
            retUser = CreateAuthenticatedUserData(userName);

        }
        return retUser;
    }

---

It seems that problem lies in the internet browser - never open two instances of your application in two tabs of the same browser - session/cookies/whatever are shared