Return to page causes session var to disappear

[TheInsider]

Hello,
I have a login page in which the user enters a user ID and password, if they match I store the user ID in a session variable, as follows:

Session("UserID&quot = Request.Form("UserID&quot

All of my pages check to see if the user is logged in before displaying them. I place the following at the very top of these pages:

If Session("UserID&quot = "" Then
Response.Redirect "

http://localhost/mysite/default.asp"

Response.End
End If

This works fine the first time the page is called, however, if the page is called again, the test returns true -- Session("UserID&quot = "" -- even though the user is still logged in and the session has not timed out.

For example:
1) User logs in on Page A

2) User then goes to Page B, at this point Session("UserID&quot is not = ""

3) Page B submits to Page C

4) Page C processes the data from Page B, then redirects the user back to Page B

5) Session("UserID&quot = "" in Page B, because of this; user is unexpectedly redirected to default.asp

I have tried appending the date as a querystring to the end of the redirect link, to avoid caching problems, but this doesn't correct the problem. i.e.

in Page C:
Response.Redirect "

http://localhost/mysite/PageB.asp?z="

& Server.URLEncode(Now)

Has anyone encountered this, and if so, how do I resolve this?
Thanks

 

[SashiRaveendran]

this may info may help

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q199805

 

[FesterSXS]

Are you always setting the Session("UserID&quot at the top of Page B??? If so then you should check to see if there is anything stored in Request.Form("UserID&quot before you assign anything to Session("UserID&quot

ie - PageB.asp

<%
If Request.Form(&quot;UserID&quot;) <> &quot;&quot; Then
  Session(&quot;UserID&quot;) = Request.Form(&quot;UserID&quot;)
End If
%>
...rest of page

Tony

http://www.phoenix-paints.co.uk/portfolio

 

[GabeC]

Make sure you don't have session state turned off in IIS. We very rarely use session state in our apps so by default we always turn this off for performance reasons. Make sure this has not happened on your web server.

 

[TheInsider]

Thanks for the suggestions, however, I still can't get it to work. If it helps, I am using Windows XP Pro with IIS 5, however this used to happen on my NT4 IIS 4 machine. I am currently testing the pages on IE 6 and Netscape 4.5. Both browsers are acting in the same manor. I don't believe this is to do with the browser. I set a breakpoint and a watch and it will show that the value disappears the second time the page is called by the same user. To answer FesterSXS, I don't set the value of the session variable in Page B or Page C, only in the login page: Page A. Page B only checks for the value of the session variable and, if empty, boots them back to the default/login page. This is supposed to ensure that people who are not logged in don't have access to those pages. I'll check that the session state property is on, however, I don't think it is off because the session variable is always populated the first time a page is called.
Thanks

 

[exodus300]

You should put your checking script in a separate file, then include it on the top of each page with an <!--#include...-->. Then if you want to change it you only have to change one file, and all files will be 'updated'.

eg.

<%
' checklogin.asp
If Session(&quot;UserID&quot;) = &quot;&quot; Then
 Response.Redirect &quot;[URL unfurl="true"]http://localhost/mysite/default.asp&quot;;[/URL]
 Response.End
End If
%>

<!-- a_page.asp -->
<!--#include file=&quot;checklogin.asp&quot;-->