Start by putting a check for a know session variable at the start of every page.
So that you can then pop up a message that says when it got lost.
Make sure your session timeout is set to a usable number. I know that some of the inTRAnet code that we use needs a session timeout of HOURS, because people will get called into meetings and they want to be able to come back an hour or two later and still have the session active. Not recommending that you go over an hour, say, for inTERnet usage. But it depends.
__________________
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.
it's not a matter of time -- I was on the phone with someone today who was browsing and suddenly the session variable disappeared and he had to log in again and I checked the system a new session variable was created
but how does a session variable just disappear?
this is a shopping cart and 98% of the time there is no problem -- but the 2% is a problem - the session variables just clear - i can see they started again but that doesn't help -- I'm not deleting them anywhere or it would happen to all users
Again, if you aren't willing to put some end-of-session detection code into every page, I don't know how you will ever track it down.
Again, I haven't seen this in many many years of using ASP.
We have one site that gets about 250,000 page hits per week and I am not seeing it there.
How do you suggest I debug this - I'm not sure what you mean by end of session code -- the issue is that I don't usually see the pages -- I'm only be alerted of some errors where users get knocked out
How do you suggest debugging an issue like this
My code is as follows (maybe you will notice something)- on any page
on the top of any page that requires the session open I have the code
PHP Code:
usrsessid=EscapedSession
and that function is
Function EscapedSession
if session("usession")="" then
sql="exec spgeneratesession"
openrs rsgs,sql
usession= rsgs("usrsessid")
session("usession")=usession
closers rsgs
if session("customerid")<>"" then
sql="update customers set lastusrsessid=" & tosql(usession,"text") & " where id=" & session("customerid")
objconn.execute sql
end if
else
usession=session("usession")
end if
escapedsession=usession
On the first page a user sees, presumably a login page, add the session variable.
Maybe something like
Code:
Session("loginTime") = Now()
Then on every other page add in some code that looks for that session variable and, if not found, send yourself a message. Maybe just log the event in some text file.
You can do this with a file you #include on each page. Maybe:
Code:
If Not IsDate( Session("loginTime") ) Then
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set log = fso.OpenTextFile( Server.MapPath("/writableDirectory/failures.log"), 8, True) ' 8 is append
log.WriteLine "Session lost on page " & Request.ServerVariables("URL")
log.WriteLine "Lost at " & Now()
... whatever else you want to log ...
log.Close
fso = 0
End If
So similar to your EscapedSession, but log what happened.
Quite frankly, I don't understand the point of your EscapedSession code.
Getting the session id from the database only sets that one session value. It has no impact on any other session values.
I hope you don't think that you can regenerate session information just by knowing the Session.SessionID. I don't think you do, as that's not what you are doing there, but...
I'd be sorely tempted to kill off that EscapedSession function. I can't see how it possibly is doing you any good at all.
__________________
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.
thanks for your help as I'm really trying to get to the bottom of it
I will try to add the debugging code now
the usrsessid is the critical session variable that I need as everything is saved in the database against it - that's what i use escapedsession for (and I go to the db so I can make sure it's a unique one)
Please let me know if there is anything else you can recommend as i'm baffled by this issue.
I am adding the logging now but it's assuming they are starting from the homepage
I think the session problem might be happening more on iphones - is that possible?
That is *EXACTLY* what it does with Session.SessionID !!!
How do you think ASP keeps track of user sessions? Yep, it encodes that Session.SessionID and stores it as a cookie on the user's machine. Each time they come back to a page, it reads the cookie, decodes it to get the Session.SessionID, and thus connects all the other session variables with the correct user.
Now, you do have the problem of "visitors can start on any page." That's a tough one.
Ugh. I don't see any answer to that. Well, maybe I do.
Would you need to allow users to be able to visit page XYZ.asp and then, *WITHOUT* clicking on some link to get to another page, allow them to enter the url ABC.asp and expect the session id to survive that transition??? If so, I don't have an answer. But if users must get from page to page by clicking buttons/links/whatever on your pages, you could do it the way JSP and ASP.NET do it when the user disables cookies.
To wit, you pass along the encoded session id in the URL and/or in the <form> posts.
You'll see that on a lot of JSP sites, especially, where the page extension is ".do" and the url is something like "xxxx.do?sessionid=XYA*13892JjjTb9981" or similar.
__________________
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.
Before you post, read our: 
