ASP Classic Session Bug, Related To Cookie Expiry
We are working on an old asp project and we noticed that some users get
kicked out of the session right after they log in.
I investigated the issue and I found the cause:
1- The user login successfuly.
2- He gets redirected to the menu screen. that's when I set some
cookies to cookie("cookie name").expires = Now. that when the session
starts to disapear, once the user tries to access other pages (or even
refresh), the ASPSESSIONID cookie disapears.
I did some debugging on the http_cookie collection and looks like the
ASPSESSION disapears once I set the cookie expiration, although I set
the expiration for cookies unrelated to the ASPSESSIONID.
Here is the tricky thing, it works on 90% of the machines, and it
doesn't on other machines, it's also random, so some users who had the
problem, are now able to work on the system and the problem disapeard.
Have you guys ever had this problem, or do you know if it is related to
IE batches or service packs?
View Replies
ADVERTISEMENT
I'm trying to set a cookie expiry date but my script is JS (JavaScript). I've
tried
Response.Cookies("Test").Expires = Date();
Response.Cookies("Test").Expires = Date().toLocaleString();
Response.Cookies("Test").Expires = Date().toString();
Response.Cookies("Test").Expires = Date().toUTCString();
none works. I've seen what bothers IIS is the day name when assigning the expiry
date: "7 février 2004 11:57:57" is ok while "samedi 7 février 2004 11:57:57"
produces an error "Invalid type".
Ok, I could switch to VB Script (which I think I'll do because of the ease of
doing it in that language). But I'd like to know if there are well-known tricks
on using IIS/ASP and cookies expiry date in JavaScript. It seems IIS object
model is unable to recognize (or handle) JavaScript dates...
Might sound a stupid question but I'd like my script to be as platform
independent as possible. Why? I'm running a French version of Windows 2000/IIS5.
I might have to host my web on an English version. Or whatsoever. I wouldn't
like to triturate the date string for it depends on the current locale. If
JavaScript cannot be used without modifying the string I'll switch to VB script.
View Replies
View Related
How does one read and write the cookie expiration date. At the moment my code is returning a value BUT a garbled value:
'//Write cookie...
Response.Cookies("Propsect").Expires = Date() + 1
'//Read cookie...
ExpDate = Request.cookies("Propsect")
Response.write "Prospect expiry date: " & expDate & "<br>"
Result: u%5Fname=k
Any ideas?
View Replies
View Related
I have 2 web sites hosted on 2 different machies (pages are in classic asp). when the user accesses http://Machine1/testapp then a cookie is written say
Response.Cookies("user")="Alex"
Whe the user acceses http://Machine2/testapp then a cookie is written as
Response.Cookies("user")="Alex"
before machine2 writes a cookie I need to check if the browser already hase Machine1 cookie, if yes then dont write if no then only write. I know the different hostnames generate different cookies....but is there any way for machine2 code to check client browser cookie for machine1.
View Replies
View Related
Im using classic ASP (3.0) and I have a web farm with 2 webservers
(webserver A and webserver B, both windows server 2003). I do not want
to store any client specific information on the webserver (therefore do
not intend to use the session object- as you cannot gaurantee which
server the user will go to). I want to store a small value (e.g. a Y/N
value or an Id) on the client machine for the duration of their
browsing session, hence I want to use a non persistent cookie (in
client memory) not a persistent cookie that will be written to disk as
a file.
Q. Therefore if I create a non persistent cookie (i.e. it resides in
the client browsers memory) and set this when the user was on webserver
A, can I read the value server side on subsequent requests even if the
user is redirected back to webserver B? As the webservers are part of
the same domain name Im assuming I can..?
Q. Using non persistent cookies (in client in memory) im assuming the
session Id that gets created by IIS has no use, as I am using client
side storage, hence it is worth disabling this on the webserver for
performance reasons?
Q. Is there a way, when using non persistent cookies that the client
user can see the values of this cookie client side, are their any
downloadable tools for example they can run?
Im aware of the issues with size of using cookies and users can disable
them, my question is more related to using them in a web farm. Im also
not intended in the short term to upgrade to asp.net as Im aware there
are alternatives for state storage in this. I hope someone can clarify
these points for me. Note: I see many articles talking about cookies
but none relating to web farms and cookies, those that do talk solely
about the session object (Server side), none really go further to talk
about (non persistent / persistent cookie usage with web farms client
side.
View Replies
View Related
I want to know what's the differences between session cookie and regular cookie.
In ASP, when we create cookie, we do the following to identify an user:
Response.Cookies("name") = value
Is this regular cookie? How about session cookie? and when to use which?
View Replies
View Related
I'm working on an ASP classic application. I wish to set my session.timeout to 1 minute for testing purposes. I placed session.timeout = 1 in the global.asa but it seems not to be working because the session is still I alive. I0 can still browse through the application. How do I do it and where should I place the session.timeout? Do I still have to configure something in the server?
View Replies
View Related
I have a site that I'm trying to migrate to ASP.NET from ASP, and the
foremost stumbling block I'm hitting is session state between the ASP
and ASP.NET applications. In order to access this information, I'm
doing a HttpWebRequest from the ASP.NET side into an .asp page,
passing the session name on the get in order to request it from the
ASP side and write it back to the response stream, giving ASP.NET
access to it. Of course I change sessions each time I make the call
from the ASP.NET side.
Soooooo, I'm thinking to myself, "Self, shouldn't you be able to fake
out the server by getting the session cookie from the initial usage of
the asp, pass that data to the ASP.NET, and use that to send a request
back the ASP side under the appropriate session?"
From a real high level, I enter the site via a .asp page. This page
in turn calls .aspx page from within a frame ......
View Replies
View Related
Can anyone tell me the difference between Session and Cookie? Does Application Object and Session works the same way?
How do we know when to use Session and cookie?
View Replies
View Related
I am not asp specialist and i was wondering what to choose - session or a cookie.
the idea is to make something like a shop but without the function "remember me" ... more like "in memory" cookies. so apparently i will have to use a session or a "in memory" cookie but which one is better. as to my knowledge the session does not differ dramaticaly from the cookie because it uses because as u know it is based on cookies. however why should i use session instead of cookies if the result will be exact the same i.e. if browser does not support cookies the whole thing won't work out?
View Replies
View Related
How would the server know the user has viewed a new post in a discussion forum? All the posts that started today will display in bold. Once I view the post, and the post will display in regular text?
View Replies
View Related
Does anybody knows how to change it?
Instead of ASPSESSIONIDQARCQQSC I want to change to "ASPSERVER1" for example...
View Replies
View Related
I'm seeing a problem with IE running on OS-X. When the user logs in to the
website (ASP/IIS5), a Session is established properly, but somewhere along
the line, a new Session is created and abandoned. At that point, the user
must log in again due to the code logic (their Session is "gone" and they're
then invalid). The original Session's On_End event never fires (or perhaps
it doesn't until the timeout which is 40 minutes).
I am monitoring the Session_OnStart and Session_OnEnd events with debug
code.
This problem only exists for this one user and the only difference between
her and the other users is that she's running IE on OS-X. IE on OS-9 works
fine as does IE on Windows.
IE version 5.2.1 (4717)
OS-X version 10.2.4
View Replies
View Related
First, I like to know if I can specify how long a session variable could expire?
I am having problem with user logged in period when using session variable.
When I logged in and go away from keyboard for like 10mins. By then I have to login again in order to post or any website features that requires login.
I have not yet create a cookie for the user when they are login.
What is the proper way of doing it?
View Replies
View Related
The session_onstart event will fire for every pull BECAUSE no SESSIONID cookie is ever created and the server has to assume that every HTTP REQUEST frame is a new session. The response object is actually just setting a header, of course.
Every redirect is sending a header to the browser equivalent to a "meta refresh" and that once again triggers the session_onstart.
View Replies
View Related
There are two cookie types:
1) session cookie.
2) persistent cookie is the same as tracking cookie?
Is that correct?
For windows machine, the files in C:Documents and SettingsAdministratorCookies
are all persistent cookie, it doesn't have session cookie?
How session cookies are stored? Session cookie should expire once the browser is closed.
View Replies
View Related
If I start a session on our web app then close all browsers, I expect that
the session cookie would be deleted and that the session itself would exist
until it expired. I then start a new instance of the browser expecting to
get a new session id and a new session, but instead I reconnect to the
unexpired session. Does anyone know why the session cookie is persisting
despite the closure of all the IE windows?
View Replies
View Related
I'm not exactly hot on asp, but I have managed to create a members area / pages on a site that requires the usual login etc through username and passwords.
The problem that I'm having is that people are being logged out and forced to log back in etc.
Here's the code for the log-in form on the site: ....
View Replies
View Related
how I could store the referrer id in this URL http://www.widget.co.uk?referrer=1234 into a session cookie. I've been given this code by someone else but my knowledge of ASP is virutally non-existent and they need this feature in the site as soon as possible.
<%dim vntRef
if request.querystring("referrer") <> "" then
vntRef = request.querystring("referrer")
session("svRef") = vntRef
end if
if session("svRef") = "" then
session("svRef") = vntRef
end if
%>
where this code goes and how I reference it(if I need to) that would be fantastic. Basically I wasn't told about this until after the site went live and they're now telling me to get it done quick smart so the quicker the better.
View Replies
View Related
I need to set a session cookie with an array(100+) and ad values to the array every time the user choses to ad something (to the array while she/he is navigating the site) and write the content of the array on the page after each addition to the array! So, basically:
1- Set session cookie with array. 2- ad values to the array and write out the whole array after each addition automatically, otherwise just write "no choices" or smth. Can anyone show how to do this codes in ASP briefly?
View Replies
View Related
I'm writing an application to authenticate a user using a challenge
response mechanism. The client and server components of the
application talk over HTTP.
I would like to use an ASP session object to hold a random number on
the server. The code to store the number is written as part of a VB
web class.
When I read the http header returned from my server, I can't see the
session cookie. Why is this? If I create a normal cookie as part of
my web class, it is returned correctly within the header.
I am using HttpQueryInfo the read the header as follows:
blnReturn = CBool(HttpQueryInfo(hOpenRequest, HTTP_QUERY_RAW_HEADERS,
ByVal strBuffer, Len(strBuffer), 0))
View Replies
View Related
I want to know if user disable cookie, will the session still working? Actually I remember we could disable cookie in IE before (not sure what version, but I couldn't see
the option anymore. Now I am using IE6.
View Replies
View Related
I am having a problem tracking down what I believe to be a problem with
the way cookies are being used on our website application.
When user log onto the application, an in-memory (per-session) cookie
is created to hold the session key for the user. This unique key is
assigned as part of the business layer logon process, and never changes
while the user is logged on. The call to the business component returns
this unique key if the logon was successful, and the cookie is set up
as follows:
Response.Cookies("SessionKey").Path = "/"
Response.Cookies("SessionKey") = strSessionKey
Nowhere is the cookie assigned an .expires value.
Once a user has completed this logon process, they must then click past
an intermediate agreement page before actually having access to the main
application. When this intermediate page is submitted, it accesses the
cookie, extracts the session identifier and writes the value to a
database table.
The code to achieve this looks something like:
strSessionKey = Request.Cookies("SessionKey")
Dim objInstance
Set objInstance = Server.CreateObject("SomeComponent.SomeClass")
objInstance.StoreIdentifier strSessionKey
Set objInstance= nothing
The whole process works fine until I try to do the second stage (the
intermediate agreement) with two separate IE sessions (there are 2
separate IEXPLORER.EXE entries in task manager) very quickly.
I can go through the whole process fine, and then while leaving the
application open, I can start again with a new IE window and complete
the process again. In each case the correct identifier is stored in the
database for each separate session.
If I get to the second stage of the logon process with 2 separate IE
sessions, and submit both agreement pages at the same time (or as close
together as I can), then they both write the same unique session
identifier to the database, as if they are accessing the same cookie!
The session identifier used is the one from the first agreement page I
submit. This definitely only happens if I do this at the same time.
Wait a few seconds between the submissions and all is well.
Has anyone come across something like this before and can advise on a
possible reason?
View Replies
View Related
is it possible to delete a cookie? without ending the session?
View Replies
View Related
hi im trying to make a cookie behave like a session so every time i load or reload the page it gives him this line:
Response.Cookies("name").Expires = Now() + 0.015
but its not working..
if i load the page at 10:00 the cookie expires at 10:20
even though i reload the page at 10:10
what can i do? or those a cookie expires can only be set once?
View Replies
View Related
I want to set the asp session id path property. How can I do that?
I mean, asp session id is stored in a cookie and like any other cookie it should have properties (or attributes), how can I control it?
View Replies
View Related
When I use a host file entry to point to the host header of the site
that I have created on a Win2k server running IIS5, a cookie is not
created to hold the session id. The result is that Session_OnStart is
run every time a page is requested.
If I set up a DNS entry on the DNS server it all works fine.
I never noticed this problem before we put in Active Directory so it
may have something to do with that.
I have set "allow per session cookies" to promt(under Custom Secrity
settings in IE) to see if this is being attempted and it is not. So
the browser is not even trying to create the session cookie when using
the host file.
View Replies
View Related
I am making a news letter application for my company. The idea is that if the cookie (fictional name Frankie ) don't exist a newsletter is being sent to all subscribers.
View Replies
View Related
I got stuck with some cookies expiry date. I wanted my cookies to expired every 4 hours. I'm writing with ASP. Currently I'm using the below code:
Response.Cookies("announcement").Expires = date + 1
for the expiry of everyday. How can I write if I want the cookies to expire every 4 hours?
View Replies
View Related
I have developed a portal wherein a user is allowed to access certain areas only through an id and password. But what happens is that once the user logs in, accesses his areas etc and forgets about it,the back button of the browser enables him to view the last accessed pages,which are restricted through the id/password.
Can someone please tell me how such a situation may be avoided so as to restrict unauthorised access?
View Replies
View Related
I have a form that submits values on fields to an add to database asp page that works fine. However I do not want duplicate values submitted. How can I make the submitting page expire once the results have been successfully passed on to the page that adds the results to the database, so that the user may not submit the same thing again and again. I would like the receiving page make the sending page expire.
View Replies
View Related
I want to create a cookie that remembers the member's log in password and username. But i do not know how to set an expiry for the cookie. I understand that if I set to the one below, when the user closes and reopens the browser, he will still be logged in. But i wish to let the cookie expire once the browser is closed. How can i specify that?
Response.Cookies( theName ).Expires = "July 31, 2008"
View Replies
View Related
I have a mysql database and i want to make the records have an expiry time. i'm thinking have a field with the time the record was added and then add another field which is that time + 7 days for example. then on my search results page have some code that only displays records before or on the expiry date.
I've looked for other similar things on the internet but can't find anything relevant. does this sound ok, or does anyone know of a better way to do it?
View Replies
View Related
