session variables getting lost
I have a program written in asp and once in a while a user in middle of using it and the session variables get lost (requiring him to log in again)
How can I debug what is causing this issue so that I can fix it?
Start by putting a check for a know session variable at the start of every page.
So that you can then pop up a message that says when it got lost.
Make sure your session timeout is set to a usable number. I know that some of the inTRAnet code that we use needs a session timeout of HOURS, because people will get called into meetings and they want to be able to come back an hour or two later and still have the session active. Not recommending that you go over an hour, say, for inTERnet usage. But it depends.
if the session doesn't exist it created it
it's not a matter of time -- I was on the phone with someone today who was browsing and suddenly the session variable disappeared and he had to log in again and I checked the system a new session variable was created
but how does a session variable just disappear?
Quite frankly, I've never seen that in 14 years of using ASP.
You must have *something* in your code that is clearing one or all of the session variables.
I don't understand this comment:
I have been known to use stuff like
this is a shopping cart and 98% of the time there is no problem -- but the 2% is a problem - the session variables just clear - i can see they started again but that doesn't help -- I'm not deleting them anywhere or it would happen to all users
Again, if you aren't willing to put some end-of-session detection code into every page, I don't know how you will ever track it down.
Again, I haven't seen this in many many years of using ASP.
We have one site that gets about 250,000 page hits per week and I am not seeing it there.
How do you suggest I debug this - I'm not sure what you mean by end of session code -- the issue is that I don't usually see the pages -- I'm only be alerted of some errors where users get knocked out
How do you suggest debugging an issue like this
My code is as follows (maybe you will notice something)- on any page
on the top of any page that requires the session open I have the code
if session("usession")="" then
if session("customerid")<>"" then
sql="update customers set lastusrsessid=" & tosql(usession,"text") & " where id=" & session("customerid")
On the first page a user sees, presumably a login page, add the session variable.
Maybe something like
You can do this with a file you #include on each page. Maybe:
Quite frankly, I don't understand the point of your EscapedSession code.
Getting the session id from the database only sets that one session value. It has no impact on any other session values.
I hope you don't think that you can regenerate session information just by knowing the Session.SessionID. I don't think you do, as that's not what you are doing there, but...
I'd be sorely tempted to kill off that EscapedSession function. I can't see how it possibly is doing you any good at all.
thanks for your help as I'm really trying to get to the bottom of it
I will try to add the debugging code now
the usrsessid is the critical session variable that I need as everything is saved in the database against it - that's what i use escapedsession for (and I go to the db so I can make sure it's a unique one)
Please let me know if there is anything else you can recommend as i'm baffled by this issue.
I am adding the logging now but it's assuming they are starting from the homepage
I think the session problem might be happening more on iphones - is that possible?
what would you do instead
the important thing is that I have a unique sessionid for each visitor and the visitors can start at any page
Then let ASP do that for you.
That is *EXACTLY* what it does with Session.SessionID !!!
How do you think ASP keeps track of user sessions? Yep, it encodes that Session.SessionID and stores it as a cookie on the user's machine. Each time they come back to a page, it reads the cookie, decodes it to get the Session.SessionID, and thus connects all the other session variables with the correct user.
Now, you do have the problem of "visitors can start on any page." That's a tough one.
Ugh. I don't see any answer to that. Well, maybe I do.
Would you need to allow users to be able to visit page XYZ.asp and then, *WITHOUT* clicking on some link to get to another page, allow them to enter the url ABC.asp and expect the session id to survive that transition??? If so, I don't have an answer. But if users must get from page to page by clicking buttons/links/whatever on your pages, you could do it the way JSP and ASP.NET do it when the user disables cookies.
To wit, you pass along the encoded session id in the URL and/or in the <form> posts.
You'll see that on a lot of JSP sites, especially, where the page extension is ".do" and the url is something like "xxxx.do?sessionid=XYA*13892JjjTb9981" or similar.
why is session.sessionid better then creating a session id myself (my issue is I need it unique in the database)
Hmmm...I do see your point.
Session.SessionID will be unique but only until the server is restarted.
Okay...keep doing what you are doing.
But consider passing your DB-generated session id along via means other than (or in addition to!) session variables.
|All times are GMT +1. The time now is 05:44 AM.|
Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.