IIS/IE - Session Variables/Cookies being overwritten..

[CalBrit]

Hi,

We are trying to get to the bottom of the following issue, but not sure if this is an IIS/IE problem or a coding problem.


Environment: IE 4.0/5.0/5.5, Windows NT 4.0, iis 4/5(NT+Win2k), multiple sites with one virtual directory each.
                           
Step-by-step action: 

1.Open an IE window, enter the website and logon (userid & pwd)
2.The userid is kept in the response.cookies & session variables
3. If the user only stays in one window, the sessions & cookies have the correct values.
4. If the user opens another IE window, logs on as a different user, the ASP sessions & cookies of the first window have the values of the sessions & cookies of the second window with the exception of the ASPSessionID - it never gets overwritten. 

        The bottom line is if we open one IE window at a time then we are OK.  But, what causes the cookies & sessions to be overwriten when the second window is opened ?

Any ideas ?

Thanks in advance,

CalBrit&Co

 

 

[hithere]

okay...I'm gonna muse here...

firstly, will the users be in a situation where they will logon with a second user id? (in other words, is this REALLY an issue at the user level?) maybe we're looking at multiple users on the same machine logged in at the same time?

secondly, I would try adding code to the page that would detect whether or not the first cookie exists and if it does, create a second one so that the first is preserved...my guess is that the cookie is named the same in the second instance and since cookies are saved to the hard drive, it's finding one of the same name and just refreshing it with the new info (but why not the session id? dunno, MS thing maybe?)

Is this happening across all browsers or just one version? Something not supported in one that is in the other?

Are you opening the second window from within the first one (file,new,browser)? or are you spawning it from the icon (fresh)?

Just a few thoughts there...don't know if any of them will help but...maybe some things to check/try.
hth
mark

 

[CalBrit]

Thanks for your prompt reply Mark.

I have discussed your suggestions with our programmers, and received the following replies:

There is one user (NT user) logged on. The user will be working with the same site, but logged on to the site under 2 different ID's.

Apparently the second cookie is not overwriting the first, as you would presume, as its the session content getting overwritten, and not the ID.

Its happening in IE 4.0 to 5.5, and IIS 4.0 on NT4.0 and 5.0 on Win2k.

Each window is opened seperatley.

I addition, I have put a sniffer on the network, and I can plainly see the two sessions with the first sessions ASPSessionxxx=<content>, being changed. Unfortunatley, I cant see what is forcing the change.

Thanks for your help anyway, and if you have any more thoughts, let me know - I am getting to my Sherlock Holmes stage: If you eliminate all possibilities, whatever remains, no matter how unlikely, must be the answer ( works for MS most of the time ).

CalBrit

 

[Ovatvvon]

The sessionID is set for a computer, not for a browser (98.278% sure) Your session data is still being written (over-written) because you're requesting it on the site and any variable requesting new data will be over-written with the new data. You might be able to by-pass this by using IE for one user, and Netscape or another browser for the other user, but no guarentees.

Hope this helps. -Ovatvvon :-Q