Session Variables Unreliable?
I am making a website where users must log in. I want to somehow
remember they are logged in regardless of what links they click on the
site. I've read the best way to do this is to use session variables.
Each page will check to see if a certain session variable exists and
if it does, they are logged in.
I thought this is how all websites with log in pages do it. But then
I read that sesion variables place a cookie on the clients computer.
What happens if the client has cookies turned off? It appears that
session variables will not get saved and if a user clicks on a link
they will be told they are no longer logged in.
What am I missing? How do all the websites out there that require you
to be logged in get around people that have cookies turned off?
View Replies
ADVERTISEMENT
Why does Request.ServerVariables("AUTH_USER") suddenly start returning a 0
length string? I've experience this before...it works fine for a while and
suddenly it quits returning values. Other ASP on the same server continues
to return valid values. Any ideas what is causing this?
View Replies
View Related
I have shared hosting at GoDaddy. Every 12 hours they reset IIS in my application pool. This means that anyone logged in when this happens has to log in again. Also, if they submit information after the restart happens they lose all the information.
Are there any alternatives to sessions that won't be affected in case of an IIS reboot? Code:
View Replies
View Related
I want to create an administration page which lists all the current users who are on the site at the moment.
I know coldfusion has this feature built in using the SessionTracker class... does ASP have something similar? If not... is there any way I can just iterate through all the session files on the server...?
View Replies
View Related
I am using Session variables in my ASP application. I have tested the
application on a Win2k professional and it works fine. When the same web
app is installed on a win2k advanced server from the client browser when the
app is accessed the session variable returns null inspite of a value being
already set. I have checked the IIS enable session state settings. When i
use the server machine as client and access the app as localhost then the
session variable has correct value.
How can this be solved? What other settings if any, need to be changed to
get it work.
View Replies
View Related
Do session variables carry over if you've left your site and come back?
My shopping cart uses PayPal/IPN to transact and then enter details of the transaction into my database. All of the data entry takes place after IPN has returned all of the data to my site.
A couple of the fields I need to populate are held in session variables throughout the application. When the customer clicks on the checkout button, and is sent over to PayPal's server to complete the transaction, will the session variables still be available to me upon returning to my site?
View Replies
View Related
Is there a way to close a single session variable, once it's been created? I have an application that requires a several session variables to be created once a person enteres a certian section of my site. When they leave the variables are set to nothing, as they are no longer needed. I'd like to just close them out, but I will still need to keep the session open, so Session.Abandon will not work in this case.
View Replies
View Related
I recently reformatted my PC and reinstalled ISS onto Windows 2000.
Since I have done that, my local sites don't work as they used to.
By that I mean, if I have a login page, such as this: Code:
View Replies
View Related
On my IIS 5.0 i have enable session state set to 20 minutes
ASP SCRIPT TIMEOUT set to 200 seconds.
On my asp pages i even coded in session.timeout = 60
When i check the value of one of my sessions on a page i
am being returned to main page.
i.e If session("basket") = "" then
go to mainpage.asp
When i check the session.timeout on the page this is set
to 60
If i wait around for a few minutes i.e 5 then i am taken
back to mainpage.asp...
The server is not given me the 20 minutes session state.
View Replies
View Related
I cannot seem to get session variables to work on our test server.
The test server is running windows server 2000 with service pack 4, iis 5.0.2195.6620, and sql server 2000.
However, on our main server, NT 4.0 fully updated, they do work.
Could anyone enlighten me as to why session variables don't work on Windows Server 2000?
View Replies
View Related
We have different types of logins for our accounts on our intranet. When a
person logs in, a Session variable is set to determine their level of
access. For sake of argument, say the two LoginTypes are Manager and
Employee.When I log in (as a Manager), I get a certain set of options on the
homepage. Then I return to the login page, after logging in as myself, and
log in as an Employee. For some reason, the page seems "cached" and the
manager options will still display. If I refresh this page, it will appear
the way it should. I *think* this only happens when I copy/paste a URL that
I was at as a Manager. I believe that if I click a link, it displays
properly.Is there a way to prevent this? I do a ton of copying/pasting
URLs.
View Replies
View Related
I would like to declare a session variable.
' Use session variables for the recordsets for the GetSubordinates and IsManager functions
Dim orgStructRS
set orgStructRS = Server.CreateObject("ADODB.Recordset")
Where can I declare this session variables?
Once I use the recordset in both the functions, where do I close these recordsets?
View Replies
View Related
I have read couple of articles warning against the use of storing VB COM
objects (Apartment Threading) in Session Variables due to the fact that
these variables could go bad.My question is what's the workaround this?
I have also read about making ASP Stateless...I'm guessing that means
turning the session and application variables off and if you do that
then how do you pass information for a particular user from one page to
another?I'm confused about how to get an ASP site working without using
Application and Session variables as well as not storing VB COM objects
in Session Variables.
View Replies
View Related
I have a session variable in a login page. Then I go to a form page where I
uses the ProfileID and the UserID. Then I go to a result page where I would
like to use the UserID as a filter, but I can't get the value is stored in it.
View Replies
View Related
I'm loading a variable into the session variables that will be for checking to see if the user can access a certain area of the website. When the user logs out or gives and incorrect login password is it better to kill off all the variables using session.abandon or to set the session access variable to False?
I'm not really concerned about using the servers resources with this one variable, but I would like to keep the server as free as possible.
View Replies
View Related
I've noticed that in my ASP application that session variables are not carried over from
one IE6 open browser window to another.
Can anyone tell me how IE can do this? It seems like it's a useful protection mechanism
that I can add to my application.
BTW, I'm looking for a way to determine if someone is moving cookies between computers.
How IE and/or ASP handles sessions might give me some insights (and I'm open to
suggestions as to how to prevent cookie stealing?)
View Replies
View Related
I have an ASP [Classic] application running under IIS 5 & 6 [on different
servers (obviously)]
I need to implement Session() variables to cache some frequently looked up
data. Because of the nature of the data, it is best held in the Session()
rather than the Application() object.Is there a limit to the how long the parameter name can be?
For example:
Session("HairColour") - the parameter name length her is 10 characters -
what's the max length (is there a max length)?
I ask because my code will generate these parameter names on the fly and I
don't want them to break anything
View Replies
View Related
I have a question regarding ASP session variables.
My assumption was that a session variable has the same lifetime as the
session itself: as a consequence, given that closing the browser doesn't
terminate the session, the session variable is kept alive until the
session expires.But, surprisingly, I've found this to be true for the session variables
whose value is set in the global.asa file, but if the value is set in an
..asp script, it appears to be erased from the session object as soon as
the browser is closed although the session is still alive. Strange. Is
this a bug?What I'd need to know is: how I can make session variables whose value
is set in an .asp script persistent as long as the session is alive.
View Replies
View Related
In my GLOBAL.ASA file I'm trying to create a session variable for reference
in the various webpages of my site....
Sub Session_OnStart
Session("LoggedOn")="Y"
End Sub
When referring to Session("LoggedOn") on my various ASP pages, it is coming
up as "".
I'm obviously misunderstanding how this works... Can anyone point me the
right direction?
Eventually I'll need to access a database and I'm assuming that if I need to
connect to that database, that I'll need to create the connection in the
Session_OnStart event and destroy the connection in the Session_OnEnd event
of the GLOBAL.ASA file.
View Replies
View Related
I need to hold some session variables on an intermediate page for later use . My problem is I dont know Where to store the session command. Do I put it in the head of the page of the form I get the Variable from , do I put it into the response page (I am using The POST method) or Where ?
View Replies
View Related
On the index page of my site the following code creates a unique user id in the form:
{B851C038-989D-4BE9-B280-32F6A97FEDEC}
if session("userid") = "" then
session("userid") = left(createobject("scriptlet.typelib").guid,38)
end if
This is checked in every page to make sure the user has an id with the following code:
if session("userid") = "" then
response.redirect "index.asp"
end if
When the user has finally finished filling their webcart the userid is posted to the database but for some reason, with about 1 in 5 visitors to the site the database saves an empty field for the userid.
Does anyone know of any issues with session variables or any browser / config that could cause this to happen.
View Replies
View Related
In client-side script (<script> codes </script>), how can set / get session
variables' values?
View Replies
View Related
I am having some trouble with seesion variables.
I have just moved hosting companies to Brinkster.com but have been
having problems with my applications holding session.
They say they can't guarantee sessions and recomend another method of
storing persistant data.
I questioned them on why, only on their servers, my sessions are being
reset as often as they are. They said it must be a coding issue.
However, I have not had trouble before, with same applications on
different or local servers.
So my question is this, what can reset session data? Just a reset of
iis?
View Replies
View Related
I'm having problems with carrying variables over from one page to another and then using them in if/then statements. I can carry the variables over fine (because I can print them) but if I try to compare it to a value I pull from a database it acts like the value is null and won't display. I'm not the best at explaining things so here's my code:
View Replies
View Related
I have a website written in asp that uses session variables. On
one workstation the session variable always comes back as an empty
string, like it doesn't exist. What could cause this? Is there a
browser setting or some type of security that can control whether
session variables are created?
View Replies
View Related
I have some pages in an asp site. Page one collects some data through a form and posts it to page two. Page two inserts the data into an access database and sets three of them as session variables. Page three is supposed to display those variables. My problem is that page three does not display any variables. All the variables are declared correctly and when i tried displaying them with page 2, they displayed properly but between page 2 and 3, they get lost.
View Replies
View Related
I have an web application framework that uses sessions to
maintain a userID and some other variables. If a userID
is not present in the session collection, it redirects the
user to a login page, assuming their session expired.
However, this has been happening seemingly at random on
some of our implementations. The configuration is
basically the same... IIS 5.0, Win2k, IE6, etc. Also,
this happens even when a user goes from screen to screen
so it isn't a timeout issue.
Is it client-side? Server-side? Is it due to some additional security features added
in updates to IE? I don't think we ever had this problem
in IE5.5, but I don't have a written history of that.
View Replies
View Related
I’m experiencing a problem regarding Session Variables and/or Cookies.
I have developed a web site, part of which is the member’s area (I guess well known to everyone) using ASP code. The problem is that it is functioning perfect on the ISP who is hosting the site but it doesn’t on my local server in the office. In both the cases a Session Variable is set to true (lets named it “SESSecured” ) when a user is authenticated (programmatically using Access Database) and all the rest ASP pages are querying the variable in order to proceed or not. In my office server this variable is always empty each type a new ASP page is loaded. In fact any variable set in any previous stage is empty which made me to investigate further and to found that each ASP page is getting a new SESSION_ID! On the cookies matter, tried to use cookies instead of Session variables and found that no cookies can be created
View Replies
View Related
I'm doing a a web survey now which can only be done once. I send email to all with a id append to the URL so i can do checking. If he didnt do be4 I will direct him to the survey page.
After he finish and submit, I do an insert statement backend but the problem is I cant seems to retrieve the session which is the guy's id so i can insert into the DB. When I insert the id is always 0.
View Replies
View Related
My asp application needs 2 variables (uid, password) which i need for
running sql statements.
This is not the same uid , password used for the logging by the user, but
are supplied by a Radius server. My problem is i'm supplied with the uid,
password only once by the Radius server(on the first page) , so i need to
store them. The thing is if i store them in the session they are visible to
the user. So that should be avoided... Been thinking about encrypting the
variabels, but cant find default vb code to encrypt the data. Actualy i don't
want to send any info at all...
View Replies
View Related
I need users to login to my site. so now i have a login page. Users enter their username and pasword and then gets redirected to another page.
Now first:
The address bar at the top changes to the new page. Is there a way that this can be prevented? Because after someone logs in once, and get that address, they can use it as a "shortcut" and get into the site without logging in at a later stage.
And then, once a user is logged in, they can fill in all forms and it would automatically add which user completed the form. Instead of re-entering their name / special code. Sort of like a datestamp but with the login details?
View Replies
View Related
Is there any limit on number of session variables or recordset objects that we create in ASP application?
View Replies
View Related
I've been using the same session variable for logging in to sites for a while now and it's been working effortlessly.
Until now on my developement server (windows 2003 same as hosts) it works perfectly but when i load it up to the site it just bombs out instantly. I use frames for the site (admin panel). Code:
View Replies
View Related