The application is an ASP app using a Sql Server 2000 back end, w/ IIS 5.5. It uses NT authentication. We use BigIP for load balancing across 4 servers, and have enabled active cookies for state maintenance w/in BigIP. An employee_ID and some other basic identifying info is stored in the cookie.
After significant log file and SQL Server Trace review, I've determined that the application is reusing existing sessions and their stored information when it
shouldn't. What happens is that a user logs in and works for a while under a session id. At some point, a second, new, session ID is created for them. At this point, if another user logs in, they (may) be using the original users first session ID, with all of the original users identifying info. I haven't been able to isolate exactly what causes the new ID to be created in the first place, it isn't consistent. Obviously, this causes all sorts of problems, "turning one person into another" as the users say.
I'm at a loss. With the session ID tracing back to a different user, all the normal ways to ID the logged in user -- like the Logon_User server variable -- trace to the wrong person. I have determined that IIS logs the cs_Username for the user that's really sitting at the computer, the "correct" user. If I could find a way within the ASP code to pick up that cs_Username, I could circumvent the problem by modifying the session state check include file, but I've had no luck.
Is there any method to check existing session objects for a session object containing user say for eg "XYZ"
The requirement is to reuse the session object if a user failed to logout and is trying to login again from a different machine or a new browser window.
I donot wish to store this info in db. if the session exists i wd just use it rather than create a new one.
I have a sql statement that pulls up a certain amount of records according to a requirement. Let's say that 20 records show up. I want to get to the 5th one. Well now I know that I can use the move() function to enable that, but it is the same page.
The page executes the sql statement and by default shows the last record in the query. Now when I ask for the 5th record the page is reloaded, the sql statement exectures AGAIN and the 5th record shows up. Is there way to ask for the 5th record without having to re-executing the SQL statement?
If I have a complex SQL statement that I want to use on several pages, what's the best way of going about it? Do I put it in an include or should it go in a sub or function or something else?
I have a site that I'm trying to migrate to ASP.NET from ASP, and the foremost stumbling block I'm hitting is session state between the ASP and ASP.NET applications. In order to access this information, I'm doing a HttpWebRequest from the ASP.NET side into an .asp page, passing the session name on the get in order to request it from the ASP side and write it back to the response stream, giving ASP.NET access to it. Of course I change sessions each time I make the call from the ASP.NET side.
Soooooo, I'm thinking to myself, "Self, shouldn't you be able to fake out the server by getting the session cookie from the initial usage of the asp, pass that data to the ASP.NET, and use that to send a request back the ASP side under the appropriate session?"
From a real high level, I enter the site via a .asp page. This page in turn calls .aspx page from within a frame ......
I want to create an administration page which lists all the current users who are on the site at the moment.
I know coldfusion has this feature built in using the SessionTracker class... does ASP have something similar? If not... is there any way I can just iterate through all the session files on the server...?
I have a site developed using ASP, but each page I enter has a different session id when accessing the site using the domain name of the site. When accessing the site from my network and using the internal IP address, it is OK. Any ideas?
I wrote a website, which uses the session to store and track some vars.
Now I am gonna to covert it to desktop application by Activesite compiler 5, however, it doesnot support session , cookie , application() . SO ,I have no idea to find something can instead of session.
My orignal processing: Session -> modify Session var -> store to Database.
There is a problem about ASP session ID. ASP session is implemented by storing session id in a session cookie, but I read this cookie in ISAPI Filter, get a string as following: ASPSESSIONIDQADCQQTS = IAOFCBBCGDGMDGCNJIKPNBAN
But the real session ID is 554851848. (Real sessionID is sessionID property the ASP session object)
Problem is what is relation between them? And how to get real session ID from cookie session ID.
I did a session("adminlogin")=1, if I post it to the same page, it returns true. But if I response.redirect to another page. This value doesn't exist anymore. This is on the actual server where all the ms security is updated.
The same script worked okay on my test server (the security patch not patched yet.)
Has anyone encountered this? How do you overcome it?
I tried searching the net it says the problem lies with a ms security patch. How I wish I can unintall that patch.
I have asp and asp.net web application. When I run it in IE7 in first tab it starts a new session. When I open second tab and browse to the same site the new session is not started (infact I need to have new session there).
Whereas, 2 IE instances generate 2 unique sessions. Only issue is with IE tabs. Firefox also has similar things but lets not talk about firefox here. I am more concerned with IE only.
In my login script I set session("User") = rs("User") the session timeout is set to 20 min
Do I need to setup some kind of update session variable on each page so that the timeout does run out or does iis update the variable aslong as I'm browsing the website ?
And another thing, <% application("something") %> works fine on my test server but once I implement it onto the main webserver I dont get any text out, is there some kind of switch that enables this function ?
My buttons default as you can see in the code. But I now want to take what is already choosen in database and chose apropriate button. Can I use a session to choose a radio button? Code:
I am using the session(loggedin) to see if a user is logged into that section of the site. The problem is that it is timing out on them, is there a way to define the length of the session (I think it times out at 10 or 20 mins currently), but to extend it to an hour or so. Any thoughts.
I've developed a shopping cart app in ASP, to secure transaction by SSL, it 've put only the checkout page in SSL but all other pages i.e. product, cart etc remains on non SSL connection. How can I track user session from non SSL to SSL checkout page as the SessionID changes when shifting to SSL (to prevent session stealing/ hijacking). I'm tracking user session by putting SessionID in cart DB with products. Given below the preview of cart table ....
I have a page that a user is logged in via a session that displays a thumbnail of a picture. The picture is a link to the full size image. When there is no target="_blank" in the code, it works fine.... except it needs to open in a new window. When I add target="_blank" the new open browser window seems to act as a whole new session (even though no session.abandon or anything had been called). I need it to keep the session, but in a new window. What do I need to do, and why is it doing this? Is a JavaScript window opener the (only) way to go?
I'm building a Shopping Cart, but then right away i've stumbled on a little problem. I need to Hold things a costomer is buying in a session. However I can't declare Session as an Aray.
Session("item_id")(2) doesn't work- right? So i was thinking maybe I can create an aray, and then somehow hold it's reference in a session("item_id"). I will apreciate if someone can show me how to save aray into the session, and how to extract it from there later on.
I'm setting up 2 websites for a friend of mine, en I'm have problems with one of the sites.The situation: I have 2 different domains (both in the .NL domain). Both domains provides the possibility for users to log in. The loginscript and the databases are hosted at server 1. The site at server 2 contains a link to the loginpage at server 1. That works well... so far. The problem is that when I log in at server 2, he doesn't accept it. I found out that the Session variable I use isn't recognised. I use Session("protected") to keep track of the users who are logged in. When there credentials are right according to the database, Session("protected")=True and the loginpage gives a redirection to partner.asp by doing Response.Redirect "partner.asp". Trying to log in from server 1 works fine, trying to log in from server 2 doesn't. My questions therefore are: 1. Is the Session variable rememberd by server 2 (although server 1 contains the loginpage en gives a redirection to a page on server 1) 2. What can I do to correct this problem? Your answers are appreciated, and sorry for the possible worse language in this message (English is not my native language ;))
Once a user logs in, I created a session.After he logs out and if he clicks the back he should not see the previous pages and only should be redirected to the main.asp
I am trying to create a login for my webpage so that certain sections are protected. Now, I have the basic login script up and working.the problem comes in recognizing when a user has logged on and when they have not.How would I approach this?
I have read some documentation and it seems that I have to create an application and start my session for each user in there once they successfully log on, but I can't find out HOW to do this.
Does any one known any good websites or links that explain how sessions are used and modified?Had a look already but they all seem pretty complicated and dont explain whats going on?
how I check whether a session is dead based soley on the Session.SessionID. At present the timeout is set to 20 minutes in IIS, I am aware that I can reset this on the page. However after 22 minutes, or some interval longer than the session timeout, the Session.SessionID values is still availible.
What I want to achieve is this. There is a small section of my site that must have an active session. When a user enteres this part of the site I must check if the session is still active because I am going to want to create variable in the sesion object. If the session is dead, I have to figure out how I am going to handle this.
I am thinking I could either bring the session back to life, is this possible?? or use some sort of client side script to open a new window.