I’m experiencing a problem regarding Session Variables and/or Cookies.
I have developed a web site, part of which is the member’s area (I guess well known to everyone) using ASP code. The problem is that it is functioning perfect on the ISP who is hosting the site but it doesn’t on my local server in the office. In both the cases a Session Variable is set to true (lets named it “SESSecured” ) when a user is authenticated (programmatically using Access Database) and all the rest ASP pages are querying the variable in order to proceed or not. In my office server this variable is always empty each type a new ASP page is loaded. In fact any variable set in any previous stage is empty which made me to investigate further and to found that each ASP page is getting a new SESSION_ID! On the cookies matter, tried to use cookies instead of Session variables and found that no cookies can be created
I want to create an administration page which lists all the current users who are on the site at the moment.
I know coldfusion has this feature built in using the SessionTracker class... does ASP have something similar? If not... is there any way I can just iterate through all the session files on the server...?
I am using Session variables in my ASP application. I have tested the application on a Win2k professional and it works fine. When the same web app is installed on a win2k advanced server from the client browser when the app is accessed the session variable returns null inspite of a value being already set. I have checked the IIS enable session state settings. When i use the server machine as client and access the app as localhost then the session variable has correct value.
How can this be solved? What other settings if any, need to be changed to get it work.
Do session variables carry over if you've left your site and come back?
My shopping cart uses PayPal/IPN to transact and then enter details of the transaction into my database. All of the data entry takes place after IPN has returned all of the data to my site.
A couple of the fields I need to populate are held in session variables throughout the application. When the customer clicks on the checkout button, and is sent over to PayPal's server to complete the transaction, will the session variables still be available to me upon returning to my site?
Is there a way to close a single session variable, once it's been created? I have an application that requires a several session variables to be created once a person enteres a certian section of my site. When they leave the variables are set to nothing, as they are no longer needed. I'd like to just close them out, but I will still need to keep the session open, so Session.Abandon will not work in this case.
We have different types of logins for our accounts on our intranet. When a person logs in, a Session variable is set to determine their level of access. For sake of argument, say the two LoginTypes are Manager and Employee.When I log in (as a Manager), I get a certain set of options on the homepage. Then I return to the login page, after logging in as myself, and log in as an Employee. For some reason, the page seems "cached" and the manager options will still display. If I refresh this page, it will appear the way it should. I *think* this only happens when I copy/paste a URL that I was at as a Manager. I believe that if I click a link, it displays properly.Is there a way to prevent this? I do a ton of copying/pasting URLs.
I would like to declare a session variable. ' Use session variables for the recordsets for the GetSubordinates and IsManager functions Dim orgStructRS set orgStructRS = Server.CreateObject("ADODB.Recordset")
Where can I declare this session variables? Once I use the recordset in both the functions, where do I close these recordsets?
I have read couple of articles warning against the use of storing VB COM objects (Apartment Threading) in Session Variables due to the fact that these variables could go bad.My question is what's the workaround this? I have also read about making ASP Stateless...I'm guessing that means turning the session and application variables off and if you do that then how do you pass information for a particular user from one page to another?I'm confused about how to get an ASP site working without using Application and Session variables as well as not storing VB COM objects in Session Variables.
I have a session variable in a login page. Then I go to a form page where I uses the ProfileID and the UserID. Then I go to a result page where I would like to use the UserID as a filter, but I can't get the value is stored in it.
I'm loading a variable into the session variables that will be for checking to see if the user can access a certain area of the website. When the user logs out or gives and incorrect login password is it better to kill off all the variables using session.abandon or to set the session access variable to False? I'm not really concerned about using the servers resources with this one variable, but I would like to keep the server as free as possible.
I've noticed that in my ASP application that session variables are not carried over from one IE6 open browser window to another. Can anyone tell me how IE can do this? It seems like it's a useful protection mechanism that I can add to my application. BTW, I'm looking for a way to determine if someone is moving cookies between computers. How IE and/or ASP handles sessions might give me some insights (and I'm open to suggestions as to how to prevent cookie stealing?)
I have an ASP [Classic] application running under IIS 5 & 6 [on different servers (obviously)] I need to implement Session() variables to cache some frequently looked up data. Because of the nature of the data, it is best held in the Session() rather than the Application() object.Is there a limit to the how long the parameter name can be? For example: Session("HairColour") - the parameter name length her is 10 characters - what's the max length (is there a max length)? I ask because my code will generate these parameter names on the fly and I don't want them to break anything
I have a question regarding ASP session variables. My assumption was that a session variable has the same lifetime as the session itself: as a consequence, given that closing the browser doesn't terminate the session, the session variable is kept alive until the session expires.But, surprisingly, I've found this to be true for the session variables whose value is set in the global.asa file, but if the value is set in an ..asp script, it appears to be erased from the session object as soon as the browser is closed although the session is still alive. Strange. Is this a bug?What I'd need to know is: how I can make session variables whose value is set in an .asp script persistent as long as the session is alive.
In my GLOBAL.ASA file I'm trying to create a session variable for reference in the various webpages of my site....
Sub Session_OnStart Session("LoggedOn")="Y" End Sub
When referring to Session("LoggedOn") on my various ASP pages, it is coming up as "".
I'm obviously misunderstanding how this works... Can anyone point me the right direction?
Eventually I'll need to access a database and I'm assuming that if I need to connect to that database, that I'll need to create the connection in the Session_OnStart event and destroy the connection in the Session_OnEnd event of the GLOBAL.ASA file.
I need to hold some session variables on an intermediate page for later use . My problem is I dont know Where to store the session command. Do I put it in the head of the page of the form I get the Variable from , do I put it into the response page (I am using The POST method) or Where ?
On the index page of my site the following code creates a unique user id in the form: {B851C038-989D-4BE9-B280-32F6A97FEDEC}
if session("userid") = "" then session("userid") = left(createobject("scriptlet.typelib").guid,38) end if
This is checked in every page to make sure the user has an id with the following code:
if session("userid") = "" then response.redirect "index.asp" end if
When the user has finally finished filling their webcart the userid is posted to the database but for some reason, with about 1 in 5 visitors to the site the database saves an empty field for the userid.
Does anyone know of any issues with session variables or any browser / config that could cause this to happen.
I have just moved hosting companies to Brinkster.com but have been having problems with my applications holding session.
They say they can't guarantee sessions and recomend another method of storing persistant data.
I questioned them on why, only on their servers, my sessions are being reset as often as they are. They said it must be a coding issue. However, I have not had trouble before, with same applications on different or local servers.
So my question is this, what can reset session data? Just a reset of iis?
I'm having problems with carrying variables over from one page to another and then using them in if/then statements. I can carry the variables over fine (because I can print them) but if I try to compare it to a value I pull from a database it acts like the value is null and won't display. I'm not the best at explaining things so here's my code:
I have a website written in asp that uses session variables. On one workstation the session variable always comes back as an empty string, like it doesn't exist. What could cause this? Is there a browser setting or some type of security that can control whether session variables are created?
I have some pages in an asp site. Page one collects some data through a form and posts it to page two. Page two inserts the data into an access database and sets three of them as session variables. Page three is supposed to display those variables. My problem is that page three does not display any variables. All the variables are declared correctly and when i tried displaying them with page 2, they displayed properly but between page 2 and 3, they get lost.
I have an web application framework that uses sessions to maintain a userID and some other variables. If a userID is not present in the session collection, it redirects the user to a login page, assuming their session expired. However, this has been happening seemingly at random on some of our implementations. The configuration is basically the same... IIS 5.0, Win2k, IE6, etc. Also, this happens even when a user goes from screen to screen so it isn't a timeout issue. Is it client-side? Server-side? Is it due to some additional security features added in updates to IE? I don't think we ever had this problem in IE5.5, but I don't have a written history of that.
I'm doing a a web survey now which can only be done once. I send email to all with a id append to the URL so i can do checking. If he didnt do be4 I will direct him to the survey page.
After he finish and submit, I do an insert statement backend but the problem is I cant seems to retrieve the session which is the guy's id so i can insert into the DB. When I insert the id is always 0.
My asp application needs 2 variables (uid, password) which i need for running sql statements.
This is not the same uid , password used for the logging by the user, but are supplied by a Radius server. My problem is i'm supplied with the uid, password only once by the Radius server(on the first page) , so i need to store them. The thing is if i store them in the session they are visible to the user. So that should be avoided... Been thinking about encrypting the variabels, but cant find default vb code to encrypt the data. Actualy i don't want to send any info at all...
I need users to login to my site. so now i have a login page. Users enter their username and pasword and then gets redirected to another page.
Now first:
The address bar at the top changes to the new page. Is there a way that this can be prevented? Because after someone logs in once, and get that address, they can use it as a "shortcut" and get into the site without logging in at a later stage.
And then, once a user is logged in, they can fill in all forms and it would automatically add which user completed the form. Instead of re-entering their name / special code. Sort of like a datestamp but with the login details?
I've been using the same session variable for logging in to sites for a while now and it's been working effortlessly.
Until now on my developement server (windows 2003 same as hosts) it works perfectly but when i load it up to the site it just bombs out instantly. I use frames for the site (admin panel). Code:
I am new to asp and am having problems accessing a session variable on a secure page (https) the session varaible was created on a non-secure page and when i go i can see that it is still there, so the session is being abandoned, just it is not viewable. I have also noticed the the opposite also happens, ie a session variable created on a secure page is not viewbale on a non-secure page ....
From a page in the root of a virtual directory I set 2 session variables. I then navigate to a page in a child physical directory and a new session always starts thus I lose my session variables. I tried placing the page in the same location and the same happens. The first page sets the variables and the second reads them but because a new session is started, I have nothing. Is this a known problem? and if so is there a workaround?
do session variable still work if you change environments? for example i have a site on one sever, will the session variable be preserved once they transfer to a different site on a different server?