To better manage our secure site we just separated the registration and
checkout sections of our web into separate virtual directories. These new
virtual directories are on the same server as the primary eCommerce website.
This is an ASP site (not asp.net). When this version goes into production it
will be on a 2003 server (IIS 6) with a SQL Server backend (located on a
different server).
Now when the main server passes control to one of the new virtual webs the
session information is lost. I'm having problems finding information on the
web as to how to maintain this information between the web and virtual
directories. It's imperative that this information remain secure so query
strings or anything that would pass visible data is not an option.
I have a website that has a asp secured members only aria that keeps session variables to check if someone is logged in or not (if session variables are not there then redirect to logon screen) but I also have non members aria and I need a way of asking the user if they want to move away from the members only area or go back to it. I have used an asp to find out if the page is a non member page and if there is a session variable there.
If there is a session variable and is a non member page then I use JavaScript to bring up a confirm box that if the cancel button is pressed then it goes back a page. The problem is that when you go back a page the session variable gets lost. Dose anyone know how to solve this problem or a better way of doing this?
I've made a form that works almost correctly. Problem is that When You fill in a form and push on preview, you see the information you've filled in. Now in this page (preview page) I made a few hidden fields with all information to send it further. Now in the result page I don't see all the information I've typed before on the form. Especcially the text or number after a (non breaking space.) It is just lost. Why???
my site apears to be loosing its session variable because it uses dynamically created absolute links. but because the user could have entered the site using any of 4 domains the links might change the domain.
So the user sees no difference but the cart has lost its session. firstly, is this possible? Secondly can I determin the url used to find the site and use that in the dynamic links?
I allways loose the Sessionvariables in my asp-pages (I'm using IIS5.0 with Visual Interdev 6.0).
For Example: when i create a startpage.asp, and type > Session("PersonalNr") = 456 < he cant remember this value on another page.
when i query this value (for example in endpage.asp):
Response.Write(Session(("PersonalNr")), i get the value 0, because the session will be restarted (The function "Session_OnStart" will be called again in the global.asa file)
I have a problem with my asp code on an iis 6.0 server on windows 2003 web. When I redirect between to asp pages on my web-site, where pageA is in a different virtual directory from pageB the session variables value a lost. I know that it is the session ID there increases. (New session).
If I make the same call in the same virtual directory the session variables is not lost. Is it some thing about different application pools? If sow, how can I join two or more application pools regarding to session variables? If not is there a none coding work around.
I have a project in which I'm trying to embed one site, that uses session stored variables, inside an IFRAME in another site (which for that matter doesn't even use sessions).
Problem is, that it doesn't always save the session. When I try to access it from some computers, I have no problem, the session variable is stored and I can browse the site in the IFRAME and everything's ok, but on other computers, the session variable value simply disappears.
To simulate the situation, assume that the two following html trees are the site that goes into the IFRAME: Code:
currently i working on project in asp, i done everything in my own company server and eveyrthing works fine, when i migrate to customer place server, eveyrthing also working fine, but the only thing doesnt work is session variable, i totally cant get my session variable in the customer place's server. Server in my company and my client is the same, window 2003 server, iis 6.
Is there any way in ASP to catch a destroyed session when the user closes their window.
Example.
When a user enters a page, I create a session - Session("blah")="blah" . However when the window is closed, the session is destroyed, but before it's being destroyed, I want to some things.
I have an mypage.asp page with a button, one can access this page only
if Session("smth") = 1. There is also an empty iframe in this page (src is not specified). When I click the button I will fill the iframe with a page (src = 'another.asp').
For security reasons I check the login session in another.asp and Session("smth") is empty no matter I have logged before.
In mypage.asp Session("smth") is still on and its value is 1 but it looks like it gets lost in the iframe.
It seems that I am assigning to the session rather than comparing against. I want to compare it in the first peice of code but it seems that I am assigning to it. When the user first requests the page they are not a member.Heres my code:
If(Session("IsMember") = "True") then 'Do Nothing End if
'should still not be True
If(Session("IsMember") = "True") then Response.write("IS TRUE") End If
'Response.write is working telling me that the first part of the code assigned to the session
I hav developed web application using ASP.net 2.0 there are just 2 pages only. Both are works fine in visual studio. But same when i run on IIS 5.1 ....the page without session variable works fine.
But the page with...even the Sub() with session variable won't works.....even it automatically reaches the last sub of the program.
What are the changes i hav to do in IIS / application or web.config file.
we've just set up a subdomain,'demos' for one of our projects that normally works fine. on the login page, if the user enters the correct username/pw, we write session info and then response.redirect to the home page. this works for on the normal site, but session state info is dying on the demo subdomain.
i'm sure the session info is being written since i can see it when i response.write the value. also, the response.redirect uses a relative path, so it's not that we're accidentally changing domains.
I have a normal login page that (upon clicking submit) checks whether you are part of a particular office and then redirects the user to their particular office's webserver.
The problem i am having is that when i redirect a user, to a securewelcome page, they lose their session variables causing them to have to login again. What am i doing wrong to make these variables get lost in the redirect? Is it because i am redirecting to a different webserver?
I have built a site that works/worked absolutely fine on my test server. When I transferred it to a remote web host (the intended permanent home of the site) something very worrying keeps happening to my site.
I use, as is the norm, session variables to store login information. At the top of each page I do a check that Session("isLoggedIn") = "True", and if not then the system logs them back out.
The serious problem is that once you have logged into the site, the next page you try to open it fails the above check and logs you out! Obviously Session("isLoggedIn") is not equal to "True" so it assumes you aren't logged in. So basically the session variables are getting lost/cleared. This makes my site unusable, and is a disaster for it unless I can get a solution.
clients are redirected to http://www.mysite.com/mypage.asp
This works fine for all but 1 client. He looses a session during the redirect. Apparently his browser interprets https:// and http:// as different domains.
We have an ASP site that uses a MySQL db backend. Usename/Password authentication is stored in db tables. We are currently using session variables as a means for validation when the user navigates to new pages. Generally speaking, all this does and has worked fine
The issue is with abandoned sessions. For instance..
Joe user clicks the [X] in the upper right hand container, closing out IE or firefox. IIS will not terminate the session for ~ 20minutes(default), leaving these resources unavaliable.
In our situation, (and possibly a different issue) unless the user clicks the [EXIT] button we've provided, not only does the session persist for 20 minutes, the login state saved in the MySQL table stays locked. Before the User can log back in, they need to call us to reset their state.
I'm looking for some kind of solution to address a user exiting the application abnormally. I am not sure of the correct procedural methodology, but I would think that some kind of process or event trigger would run in the background looking to cleanup stale sessions. Code:
I have a problem where the session state will not be enabled on the server. We are using Framework 1.1, a non-Sql Server database, and will be moving the application to a web farm in the future. Is there any way to keep the session state on a relational database that is not Sql Server? If so, how?
I was thinking about disabling session state on some of my pages by doing this: <% @ EnableSessionState = False %>
My question is if I disable the session state will the page still reset the session timeout (eg. back to 20min. default) when that page is loaded? I need it to reset the session timeout.
I'm looking for a working example on how to share session state between ASP and ASP.NET.The solution of Y Yeung of Microsoft seemed to be a good solution but I did not get the asp part working.Anybody tips, tricks, links ?
I have been storing an object as session variable, such as
set session("oRS") = Server.CreateObject("ADODB.Recordset")
The page then redirects to another page. i need to use this object on the called page, but i encounter an error saying 'User session has expired.' On checking with the code, it was found that the sesion variable has not maintained its state for object 'oRS'. Although, session for string type variable are maintained.
i have a form having hyperlink calling the same page.on click on hyperlink i am
submitting form "Onclick=dosubmit(form1);" dosubmit{ document.form1.submit(); } but i am not able to retain session data.how can i retain session data.
I will soon be undergoing a project where I will be migrating four to five web applications, developed in classic ASP, from a single Windows Server 2000 to a web farm that will utilize two, Windows 2003 Servers.
All of the applications utilize user/session management and I know that ASP's built-in session management cannot be carried across multiple servers.
I've been researching products available for purchase out there on the web, which allows you to include new code, which overrides ASP's built-in session management, by using a database to store sessions.
They all advertise that their solutions simply require just one line of code to be added to each ASP pages that uses Sessions, without any other changes to the existing ASP code.
Can someone who has done something similar advise on their experience? Is this really as easy as they are advertising, or are there other issues to take into consideration? Code:
We are running windows 2000 with dot.net framework 1.1 on IIS 5.1. This is an NLB architecture with the session being stored in an SQL DB. We have been coding and deploying using ASP.NET with no problems however the 'powers that be' have recently bought an online booking application which has been coded using classic asp.
We have set the session location in the machin config of the framework stating
mode="SQLServer". Will this ASP use this or continue to store the code InProc?
I am having trouble maintaining Session state between pages within my website. I had someone test the pages on their website and sessions state was maintained between pages, but for some reason, the same pages on my server do not. what might be happening?
I'm wanting to know how I can plug in a session state provider into ASP.NET. Currently you can use either the in-process, stateServer or SQL stores. Is the provider interface open and where is it documented? I've seen that Mono does provide their own state servers but I'm not sure if this is using standard provider interfaces.
Is it possible to store session state for each separate user in a separate process? We have a COM component that we want to use that is not thread safe and has to be isolated. We would like to store this in a separate process for each user.
Windows 2000 Server SP3 IIS 5.0 NET FRAMEWORK 1.1 SP1
SessionState="InProc"
Antivirus deactivate
No changes on main files (web.config, machine.config, in)
No exist Active Directory (changes in ACL are not exist)
In machine.config LogLevel="All"
No events registered in Event Viewer.
aspnet_wp.exe not recycled never.
Scenario: Web site accessed by multiple users at the same time. Some user data are stored in a session variables. Randomly one user view data of another user.
I used KB 308150 as a guide to create a virtual directory shared by a few webstores that my company hosts. The virtual folder and websites reside on the same box. The shared directory includes code files used by all the webstores.
The problem - when a user adds items to the shopping cart, ***sometimes*** the session variables get reset and all cart information is lost. I can't consistently make the error occur - it seems to be random.
Also, if you have any different ideas on how to share code between many websites...I'm all ears.
wat i need to know urgently is whether Load Balancing will affect my session state for logging in. If it does affect, what should i do?
Currently, the Session("login") is set to false for not logged in and true for log in... pls help i need to know it urgently... in Global.asa its default is "false" Code:
At risk of being flamed for mentioning the N-word here ...
Has anybody yet cracked the knotty problem of sharing Session state between ASP and ASP.Net sites (within the same domain)?
Last time I looked, the two Session() mechanisms were totally divorced and separate, making step-by-step conversion of Session -dependent web sites from ASP to ASP.Net all but impossible.