Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Senior Coder
    Join Date
    May 2004
    Posts
    1,457
    Thanks
    15
    Thanked 0 Times in 0 Posts

    session variables getting lost

    I have a program written in asp and once in a while a user in middle of using it and the session variables get lost (requiring him to log in again)

    How can I debug what is causing this issue so that I can fix it?
    any advice?

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,567
    Thanks
    78
    Thanked 4,384 Times in 4,349 Posts
    Start by putting a check for a know session variable at the start of every page.

    So that you can then pop up a message that says when it got lost.

    Make sure your session timeout is set to a usable number. I know that some of the inTRAnet code that we use needs a session timeout of HOURS, because people will get called into meetings and they want to be able to come back an hour or two later and still have the session active. Not recommending that you go over an hour, say, for inTERnet usage. But it depends.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #3
    Senior Coder
    Join Date
    May 2004
    Posts
    1,457
    Thanks
    15
    Thanked 0 Times in 0 Posts
    if the session doesn't exist it created it

    it's not a matter of time -- I was on the phone with someone today who was browsing and suddenly the session variable disappeared and he had to log in again and I checked the system a new session variable was created
    but how does a session variable just disappear?

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,567
    Thanks
    78
    Thanked 4,384 Times in 4,349 Posts
    Quite frankly, I've never seen that in 14 years of using ASP.

    You must have *something* in your code that is clearing one or all of the session variables.

    I don't understand this comment:
    if the session doesn't exist it created it
    That's always true. You can't just check for the session, you check for a particular session variable.

    I have been known to use stuff like
    Code:
    Session("sessionStarted") = Now()
    And then on each page I can dump out
    Code:
    Started: <%=Session("sessionStarted")%>
    and get a feel for when, for example, I have inadvertently re-started the session.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #5
    Senior Coder
    Join Date
    May 2004
    Posts
    1,457
    Thanks
    15
    Thanked 0 Times in 0 Posts
    this is a shopping cart and 98% of the time there is no problem -- but the 2% is a problem - the session variables just clear - i can see they started again but that doesn't help -- I'm not deleting them anywhere or it would happen to all users

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,567
    Thanks
    78
    Thanked 4,384 Times in 4,349 Posts
    Again, if you aren't willing to put some end-of-session detection code into every page, I don't know how you will ever track it down.

    Again, I haven't seen this in many many years of using ASP.

    We have one site that gets about 250,000 page hits per week and I am not seeing it there.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #7
    Senior Coder
    Join Date
    May 2004
    Posts
    1,457
    Thanks
    15
    Thanked 0 Times in 0 Posts
    Again, if you aren't willing to put some end-of-session detection code into every page, I don't know how you will ever track it down.

    Again, I haven't seen this in many many years of using ASP.

    We have one site that gets about 250,000 page hits per week and I am not seeing it there.


    How do you suggest I debug this - I'm not sure what you mean by end of session code -- the issue is that I don't usually see the pages -- I'm only be alerted of some errors where users get knocked out

    How do you suggest debugging an issue like this

    My code is as follows (maybe you will notice something)- on any page

    on the top of any page that requires the session open I have the code
    PHP Code:
    usrsessid=EscapedSession 
    and that function is


    Function EscapedSession
    if session("usession")="" then
    sql="exec spgeneratesession"
    openrs rsgs,sql
    usession= rsgs("usrsessid")
    session("usession")=usession
    closers rsgs
    if session("customerid")<>"" then
    sql="update customers set lastusrsessid=" & tosql(usession,"text") & " where id=" & session("customerid")
    objconn.execute sql
    end if

    else
    usession=session("usession")
    end if
    escapedsession=usession

    End Function

  • #8
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,567
    Thanks
    78
    Thanked 4,384 Times in 4,349 Posts
    On the first page a user sees, presumably a login page, add the session variable.

    Maybe something like
    Code:
    Session("loginTime") = Now()
    Then on every other page add in some code that looks for that session variable and, if not found, send yourself a message. Maybe just log the event in some text file.

    You can do this with a file you #include on each page. Maybe:
    Code:
    If Not IsDate( Session("loginTime") ) Then
        Set fso = Server.CreateObject("Scripting.FileSystemObject")
        Set log = fso.OpenTextFile( Server.MapPath("/writableDirectory/failures.log"), 8, True) ' 8 is append
        log.WriteLine "Session lost on page " & Request.ServerVariables("URL") 
        log.WriteLine "Lost at " & Now()
        ... whatever else you want to log ...
        log.Close
        fso = 0
    End If
    So similar to your EscapedSession, but log what happened.

    Quite frankly, I don't understand the point of your EscapedSession code.

    Getting the session id from the database only sets that one session value. It has no impact on any other session values.

    I hope you don't think that you can regenerate session information just by knowing the Session.SessionID. I don't think you do, as that's not what you are doing there, but...

    I'd be sorely tempted to kill off that EscapedSession function. I can't see how it possibly is doing you any good at all.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #9
    Senior Coder
    Join Date
    May 2004
    Posts
    1,457
    Thanks
    15
    Thanked 0 Times in 0 Posts
    thanks for your help as I'm really trying to get to the bottom of it


    I will try to add the debugging code now

    the usrsessid is the critical session variable that I need as everything is saved in the database against it - that's what i use escapedsession for (and I go to the db so I can make sure it's a unique one)

    Please let me know if there is anything else you can recommend as i'm baffled by this issue.
    I am adding the logging now but it's assuming they are starting from the homepage

    I think the session problem might be happening more on iphones - is that possible?

  • #10
    Senior Coder
    Join Date
    May 2004
    Posts
    1,457
    Thanks
    15
    Thanked 0 Times in 0 Posts

    I'd be sorely tempted to kill off that EscapedSession function. I can't see how it possibly is doing you any good at all.
    __________________


    what would you do instead

    the important thing is that I have a unique sessionid for each visitor and the visitors can start at any page

  • #11
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,567
    Thanks
    78
    Thanked 4,384 Times in 4,349 Posts
    Then let ASP do that for you.

    That is *EXACTLY* what it does with Session.SessionID !!!

    How do you think ASP keeps track of user sessions? Yep, it encodes that Session.SessionID and stores it as a cookie on the user's machine. Each time they come back to a page, it reads the cookie, decodes it to get the Session.SessionID, and thus connects all the other session variables with the correct user.

    Now, you do have the problem of "visitors can start on any page." That's a tough one.

    Ugh. I don't see any answer to that. Well, maybe I do.

    Would you need to allow users to be able to visit page XYZ.asp and then, *WITHOUT* clicking on some link to get to another page, allow them to enter the url ABC.asp and expect the session id to survive that transition??? If so, I don't have an answer. But if users must get from page to page by clicking buttons/links/whatever on your pages, you could do it the way JSP and ASP.NET do it when the user disables cookies.

    To wit, you pass along the encoded session id in the URL and/or in the <form> posts.

    You'll see that on a lot of JSP sites, especially, where the page extension is ".do" and the url is something like "xxxx.do?sessionid=XYA*13892JjjTb9981" or similar.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #12
    Senior Coder
    Join Date
    May 2004
    Posts
    1,457
    Thanks
    15
    Thanked 0 Times in 0 Posts
    why is session.sessionid better then creating a session id myself (my issue is I need it unique in the database)

  • #13
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,567
    Thanks
    78
    Thanked 4,384 Times in 4,349 Posts
    Hmmm...I do see your point.

    Session.SessionID will be unique but only until the server is restarted.

    Okay...keep doing what you are doing.

    But consider passing your DB-generated session id along via means other than (or in addition to!) session variables.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •