Hey everyone,
We began talking about this here:
I want to start a new discussion since I have created some extra information to describe what I am doing and I have also collected data from the live site to show what is happening.
NOTE: this may take a while to look through all the info and decipher what is happening, so anyone who actually looks at it all and offers any help it is IMMENSELY appreciated, I am grateful that anyone would take their time to help me.
Ok first off let me point you to a test page I created that emulates how our site is designed. I cannot point you to the actual site due to NDA. Here's the test site:
Just click the "Test Login as Greg" button. This will login you in with an actual login from the site and it will grab data and store it in session vars as well as set one cookie. Once in the site you will see our setup. You will be in test_a.asp which contains a single IFRAME and a footer at the bottom. In the IFRAME it will load test_c.asp which has some navigation links and a couple more IFRAMES. Pages C and M are pretty much the same. Pages Y and K are similar but with only one IFRAME.
There is a security function on each page after you login. It looks for the session("iUserID") to see if you have logged in. If it cannot find it, then it looks for the hash cookie. If it finds a hash cookie it will use that value to go to the database and reset the session. This basically keeps the user logged in if they browse away from the site or if they sit on a certain page long enough for the server session to timeout.
I have run through this little emulator a ton of times clicking on all kinds of combinations of links and I can NEVER get it to lose a session or the cookie.
However, our actual site - which uses the exact same security function - has an issue where I can consistently get the session and/or cookie to be lost and thus get kicked to the login screen. To show this I created a little function to add values to a database at certain points in the code. I ran 3 different tests and then made a summary page with the data here:
You will see that each test follows a different combo of link clicking but each results in lost sessions and cookies. If you look at the data, here's some things to know:
- I enter 0 for the userID value if that session var is empty
- The a_security_frame.asp file is the file with the security check function, so it runs at the beginning of each page
- The 1 and 2 prefixes indicate if that record was entered at the beginning or end of the file in question
- Where you see it loading the a_security_frame page more than once, it has lost the session and is trying to recreate it.
So here's the big diliemma I have - at first thought, this does not appear to be a code issue. I say this because sometimes a page will run fine but other times it will not. I cannot find any consistent thing that causes the session to be lost EXCEPT that it doesn't seem to happen on the first or second links clicked. If anyone has ANY ideas as to what may be going on here, I will be glad to try them out. I am desparate to get this figured out, been working on it for a few weeks now.
Thanks to anyone who actually plunges into all of this.
-Greg
We began talking about this here:
I want to start a new discussion since I have created some extra information to describe what I am doing and I have also collected data from the live site to show what is happening.
NOTE: this may take a while to look through all the info and decipher what is happening, so anyone who actually looks at it all and offers any help it is IMMENSELY appreciated, I am grateful that anyone would take their time to help me.
Ok first off let me point you to a test page I created that emulates how our site is designed. I cannot point you to the actual site due to NDA. Here's the test site:
Just click the "Test Login as Greg" button. This will login you in with an actual login from the site and it will grab data and store it in session vars as well as set one cookie. Once in the site you will see our setup. You will be in test_a.asp which contains a single IFRAME and a footer at the bottom. In the IFRAME it will load test_c.asp which has some navigation links and a couple more IFRAMES. Pages C and M are pretty much the same. Pages Y and K are similar but with only one IFRAME.
There is a security function on each page after you login. It looks for the session("iUserID") to see if you have logged in. If it cannot find it, then it looks for the hash cookie. If it finds a hash cookie it will use that value to go to the database and reset the session. This basically keeps the user logged in if they browse away from the site or if they sit on a certain page long enough for the server session to timeout.
I have run through this little emulator a ton of times clicking on all kinds of combinations of links and I can NEVER get it to lose a session or the cookie.
However, our actual site - which uses the exact same security function - has an issue where I can consistently get the session and/or cookie to be lost and thus get kicked to the login screen. To show this I created a little function to add values to a database at certain points in the code. I ran 3 different tests and then made a summary page with the data here:
You will see that each test follows a different combo of link clicking but each results in lost sessions and cookies. If you look at the data, here's some things to know:
- I enter 0 for the userID value if that session var is empty
- The a_security_frame.asp file is the file with the security check function, so it runs at the beginning of each page
- The 1 and 2 prefixes indicate if that record was entered at the beginning or end of the file in question
- Where you see it loading the a_security_frame page more than once, it has lost the session and is trying to recreate it.
So here's the big diliemma I have - at first thought, this does not appear to be a code issue. I say this because sometimes a page will run fine but other times it will not. I cannot find any consistent thing that causes the session to be lost EXCEPT that it doesn't seem to happen on the first or second links clicked. If anyone has ANY ideas as to what may be going on here, I will be glad to try them out. I am desparate to get this figured out, been working on it for a few weeks now.
Thanks to anyone who actually plunges into all of this.
-Greg