All right, ladies and gentlemen.  I'm your host with the most, BuggyFixius.  *cheer and clappings*

Today we have an exciting web bug for you.  Let's see if you can... *altogether now* SPOT THE BUG!!

We have with us today, an ASP.NET website project *clappings*.  The project contain a helper class like so:

using System.Web;

public class WebHelper
    const string PARAM_USER_ID = "u";

    static HttpRequest request;

    static WebHelper()
        request = HttpContext.Current.Request;

    public static string GetUserId()
        return getRequest(PARAM_USER_ID);

    static string getRequest(string key)
        string value = request[key];
        return string.IsNullOrEmpty(value) ? string.Empty : value;

*Ooo, Aaaa and some gasps*

It also has a Default.aspx file containing a plain Label control

  <%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>   
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">   
  <html xmlns="http://www.w3.org/1999/xhtml" >   
  <head runat="server">   
      <title>Untitled Page</title>   
      <form id="form1" runat="server">  
          <asp:Label ID="Label1" runat="server" />  

and the following Page Load event handler:

using System;   
using System.Web.UI.WebControls;   
public partial class _Default : System.Web.UI.Page    
    protected void Page_Load(object sender, EventArgs e)   
        Label1.Text = WebHelper.GetUserId();   

*Some more Ooo, Aaaa and some more gasps*

Contestants... it's time to *altogether now* SPOT THE BUG!!

Hints: open Default.aspx in the browser 2 or more times given a different u querystring.  For example: http://localhost:34939/Default.aspx?u=3959 and then replace the url with http://localhost:34939/Default.aspx?u=4000.