Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts

    Where'd my session go?

    Hi,

    Got a login page. Does the usual stuff; checks username/pass against the database, sets some session variables and redirects on to the 'forum' section main page.

    In login_do.asp, the last bit of code executed looks like:

    Session("myUserID")=parseInt(rs.Fields("id").value);
    strRedir="forum.asp?uid=";
    strRedir+=Session("myUserID");
    Response.Redirect(strRedir);

    The user ID is always sent correctly in the querystring - the user is redirected to a page like "forum.asp?uid=6". Or something. So the login page is definitely setting the Session variable, and using it correctly.

    In forum.asp, the first bit of code executed looks like:

    var userID="";
    if(parseInt(Session("myUserID"))){
    userID=parseInt(Session("myUserID"));
    }

    And it always fails to set "userID" to the session variable. Indeed, I've tried taking that bit out and just getting forum.asp to write:
    <%=String(Session("myUserID"))%>

    and it always writes "undefined".

    So, where's my session gone? How can I find out? Any help muchos appreciatos.

  • #2
    New Coder
    Join Date
    Jun 2002
    Location
    London & Oxford
    Posts
    97
    Thanks
    0
    Thanked 0 Times in 0 Posts
    First step is to confirm your session variable is being set on login_do.asp. Comment out the response.redirect line and replace it with:

    response.write Session("myUserID")

    if it really is being set correctly and the forum page is on the same server (mandatory for the session to be maintained!) then the problem is on the forum.asp page.

    First thing to check is if you are including any files which might unwittingly be setting it to null.

    Next, I would change your if statement.

    if(parseInt(Session("myUserID")))

    isn't the best way you could be checking it. How about if the session exists AND parseInt value of the variable is greater than zero then...

    Hope this helps
    As easy as 3.1415926535897932384626433832795028841

  • #3
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    Yeah, but...

    I know login_do.asp is setting the session var correctly. It's writing it in that redirect bit, as part of the querystring. If it wasn't being set correctly, it'd redirect to "forum.asp?uid=undefined", or something. But it always puts the correct (integer) user ID in there.

    The files are definitely on the same directory of the same server etc.

    There is an include file (for a DB connection), but it doesn't mention any of the variables I'm using, or anything Session-based.

    And yeah, the if() statement I've got isn't the best, but I've tried changing it so the forum.asp simply does:

    <%
    Response.Write(String(Session("myUserID")));
    Response.End;
    %>

    and it comes up "undefined"

    Something is killing the session. But I don't know what.

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    Zwolle, The Netherlands
    Posts
    1,120
    Thanks
    2
    Thanked 31 Times in 31 Posts
    did you (by accident) disabled session state for the website in IIS ?
    I am the luckiest man in the world

  • #5
    New Coder
    Join Date
    Jun 2002
    Location
    London & Oxford
    Posts
    97
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Add

    <%@ EnableSessionState=True %>

    to the top of pages to see if that makes a difference.

    Does the browser you are testing with have cookie support disabled? Sessions are treated in the same way as cookies. Might be worth reading this:

    http://www.4guysfromrolla.com/webtech/092098-2.shtml
    As easy as 3.1415926535897932384626433832795028841

  • #6
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    Oh, nuts.

    I've just realised what's causing this, and I've no idea what to do about it. This might take some explaining.

    I have one domain name - "mydomain.net" (not really but who's looking?). This domain has a number of sub-domains.

    My client has a number of domain names registered; let's say "domain1.com" and "domain2.com". Their DNS has been updated to point at my hosting company's nameservers.

    My hosting is arranged thus: I have a number of directories; one - called, unsurprisingly, "mydomain.net" - is the root "www" directory for my domain. Others are for subdomains; I've got a directory called "client1.mydomain.net", for example. This is where my client's website files actually live.

    There are also a number of directories relating directly to my client's domain names. I have a directory, for example, called "domain1.com". In each of these there are a couple of simple html frameset pages that do the trick of loading the correct website (in this case, http://client1.mydomain.net) into the browser, while leaving the correct domain name (ie: "www.domain1.com") in the browser address bar.

    I hope you followed all of that because it just confused the hell out of me.

    So; here's the deal. If I go to "http://client1.mydomain.net" - if I type that into the browser - then Sessions work. If, however, I type any of my client's domain names - all of which go, via DNS and the ever-so-simple procedure outlined above, to http://client1.mydomain.net - then Sessions don't work. It thinks it's crossing a domain - which I guess it is.


    Can anyone explain to me either (a) what I'm talking about, or (b) how to fix this increasingly urgent problem asap?

  • #7
    New Coder
    Join Date
    Sep 2002
    Posts
    82
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Question(s),

    1. Are the two "websites" defined in IIS as two separate virtual servers?
    Or, did you define multiple identities for the one website?

    2. Are these Intranet or Internet hosted websites?

    3. Are you creating the session() object in the global.asa or on the fly in the logon script?

    If each domain is accessing a separate virtual server, then each web is creating it's own session. This is part of IIS's cross domain security to prevent hackers from spoofing the server.

    If the sites are in an Intranet environment, using NTFS security would resolve the issue.

    There are a few 3rd party session managers aSMS for example.

    Here is a good high end article on designing website archetectures and
    A Blueprint for Building Web Sites Using the Microsoft Windows Platform
    a credit card for a newbie from Amex: The Amex Blue card would like to start developing a credit history.

  • #8
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    Thanks; all went a bit over my head but there may be a light at the end of the tunnel at least.

    To answer:

    1. I don't know. My hosting company might, I'm hoping they're going to answer my emails soon.

    2. Internet-hosted.

    3. Well, I don't have a global.asa (I know, I know) and I don't explicitly create a session object (didn't think I needed to), so I guess the answer is "on the fly".

    As far as I understand, what's causing this is that frameset thing that loads "client1.mydomain.net" into a browser that says it's at "domain1.com". Or similar. If replace the frameset pages with a simple redirect, it'll work but the browser will say it's at "client1.mydomain.net" - at which my client, being a fairly typical client, will have puppies.

    Ugh. I've no idea what to do about this.

    Good article, btw. Thanks.

  • #9
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Spudhead,

    Important note about frames and session.
    If you have a framepage with .html or .htm extension, then the page woun’t be parsed by the webserver. If this frameset contains 5 asp pages, then all of these five pages will be treated seperatly (since they are all different requests) and they will be parsed and the webserver which will create 5 sessions. When the frame with the login-page in, is not the same as the frame that is used for the display the page, another session object will be read.

    Siplest fix: stay in the same frame, or change the extension of the first page (containing frameset) to .asp (This way the webserver creates a session when the framepage is parsed, and checks every incoming request to see if a session exists) (Found it in a book on debugging asp, so it could be true :-)

  • #10
    Senior Coder
    Join Date
    Jun 2002
    Location
    Zwolle, The Netherlands
    Posts
    1,120
    Thanks
    2
    Thanked 31 Times in 31 Posts
    Originally posted by raf
    Spudhead,

    Important note about frames and session.
    If you have a framepage with .html or .htm extension, then the page woun’t be parsed by the webserver. If this frameset contains 5 asp pages, then all of these five pages will be treated seperatly (since they are all different requests) and they will be parsed and the webserver which will create 5 sessions. When the frame with the login-page in, is not the same as the frame that is used for the display the page, another session object will be read.

    Siplest fix: stay in the same frame, or change the extension of the first page (containing frameset) to .asp (This way the webserver creates a session when the framepage is parsed, and checks every incoming request to see if a session exists) (Found it in a book on debugging asp, so it could be true :-)
    Perhaps this is IIS-version dependent, just did a quick test, all the asp files in a frameset with a html definition display the same session id so they all use the same session. I did this test with IIS 5.0 so it should work there
    I am the luckiest man in the world

  • #11
    Senior Coder
    Join Date
    Jun 2002
    Location
    Zwolle, The Netherlands
    Posts
    1,120
    Thanks
    2
    Thanked 31 Times in 31 Posts
    The server creates more then one session, if the files are in different virtual directories within IIS. Maybe that is the cause of the problem
    I am the luckiest man in the world

  • #12
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Roelf,
    Don’t know about version dependency (don’t have book at hand).
    + the problem only exists if the first page that the client requests is html page with a frameset. (once the session is created, the webserver maintains one session for each browser-server connection)

    This
    login.asp --> frame.htm with page1.asp – page2.asp --> page3.asp
    Where you have a link to page3 wit target=’_parent’ wount cause any problem.

    If the user would start from frame.htm, there could be a problem

    Spudhead,
    Its easy to check if this is the problem.
    Enter following code on each page and compare them (suppose roelf did the same). It should stay the same throughout a complete session. If the different frames display different numbers, then it’s probably the frameuse that causes the problem.
    Code:
    Response.write(“session = “ & session.sessionID)

  • #13
    Senior Coder
    Join Date
    Jun 2002
    Location
    Zwolle, The Netherlands
    Posts
    1,120
    Thanks
    2
    Thanked 31 Times in 31 Posts
    Originally posted by raf
    suppose roelf did the same
    Yep
    I am the luckiest man in the world

  • #14
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    I... think.... umm. I think I know what you're talking about

    I DO have multiple .asp pages within a .htm frameset page, but I don't think that's the problem. (I hope that's not going to BE a problem...)

    I think the problem is one that would be fixed in the following way:

    "I'll move your domains onto the new server whereby I can setup proper domain aliases which are in the host headers. Therefore the user will go to the site not in a frameset and will also not see the sub-domain URL."

    - so says tech bloke at hosting company.


    God, I wish I knew something about the basics of internet mechanics

  • #15
    Senior Coder
    Join Date
    Jun 2002
    Location
    Zwolle, The Netherlands
    Posts
    1,120
    Thanks
    2
    Thanked 31 Times in 31 Posts
    In the first post, you explain that you pass the userID in the url, that works.

    Then you store it in a session. You try to retrieve it from the session object in another page, it fails.

    Who cares, get it from the url and you've got it, or is that too simple
    I am the luckiest man in the world


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •