When users close a current session and start another with another user name (ID) then sometimes my application remember the old login and sometimes the new one. I think that it's something about client's browser memory or cookies from global.asa. Can you give me a reason or a solution? Thanks
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Sessions??? 1
- Thread starter zakd
- Start date
-
1
- #2
The session will be destroyed if one of two things happens:
(1) you call session.abandon via the user clicking a "logout" button (or any other event, for that matter)
(2) all instances of the clients' browsers have been turned off.
#2 is the tricky one. If the user closes their browser, and has another instance open, but then opens yet another instance and comes back to your site, then your server will remember them, because the session cookie is still persisted on their browser.
How to solve this? Call session.abandon on the main page, and then start them up a new one. This can cause problems, too, though. Like if they just go "home", then I'm assuming that's where you'd call it, so that would wipe their session, which would be bad in this case.
So, maybe just have a "login" page or something that isn't the same page as "home", which is where you would call the session.abandon method, and give them no link to get back to that login page. In this case, it would take a concious effort on their part to end their session, and I think you'd be ok in that situation.
good luck!
paul
(1) you call session.abandon via the user clicking a "logout" button (or any other event, for that matter)
(2) all instances of the clients' browsers have been turned off.
#2 is the tricky one. If the user closes their browser, and has another instance open, but then opens yet another instance and comes back to your site, then your server will remember them, because the session cookie is still persisted on their browser.
How to solve this? Call session.abandon on the main page, and then start them up a new one. This can cause problems, too, though. Like if they just go "home", then I'm assuming that's where you'd call it, so that would wipe their session, which would be bad in this case.
So, maybe just have a "login" page or something that isn't the same page as "home", which is where you would call the session.abandon method, and give them no link to get back to that login page. In this case, it would take a concious effort on their part to end their session, and I think you'd be ok in that situation.
good luck!
paul
One thing I would add to that is that while when the user closes ALL of their browsers to destroy the session link between them and the server, the actual session is still active on the server. The server is still trying to find the user until the session times-out from inactivity. I found this out while designing the current site I'm working on. One part I have a page that'll tell the users how many members are logged onto the site at that time, along with the list of members that are logged on. When I close the broser and log back in, it shows two users logged in and if I used the same account, it lists the name twice, otherwise it lists the current account I'm logged in as, and the old one I just closed the browser on. I have the global.asa session_onEnd to take the user off the list when the sesion times out, and I've also created another work-around so the user wouldn't be listed twice within the list if they closed the browser and logged back in without ever actually logging out (session.abandon).
In any case, the point is, is that even though all the browsers are closed, the session does still exist on the server and is tying up system resources...but the user cannot reattach to that particular session as their re-connection will have a new session ID.
But as Link9 said, if any of the browsers are still open, even if not the particular one that was connected to your site, then it'll still hold that session ID and let them reconnect as the old account.
-Ovatvvon :-Q
In any case, the point is, is that even though all the browsers are closed, the session does still exist on the server and is tying up system resources...but the user cannot reattach to that particular session as their re-connection will have a new session ID.
But as Link9 said, if any of the browsers are still open, even if not the particular one that was connected to your site, then it'll still hold that session ID and let them reconnect as the old account.
-Ovatvvon :-Q
- Thread starter
- #4
I have allready put Session.Abandon at the first line of login.asp, so if server or client remember a session,all sessions are closing and when a user doing loggin start new session, but the problem exist!!!I think that the solution is to find a way to delete the cookie which global.asa automatically sends to client, or clear server's chase memory.
notice: i have not put time limit of session.
What can i say!! Thanks anyway for your replies.
notice: i have not put time limit of session.
What can i say!! Thanks anyway for your replies.
Zakd,
I have found problems with putting the session.abandon on the top of the same page as declaring more session variables. What I would try if I were you is haveing the session.abandon on a different page and routing the user through that page and redirecting them to this page you are working on. One thing you could even do it test to see if the session variable is in use (If session("someVariable" <> "" Then), then if so, redirect them to the session.abandon page, and then back to this page.
Whenever I had the session.abandon on another page, it usually would work then!
Also, the session time limit by default in IIS (if you have not changed it) is 20 minutes. You can always change it, but if you haven't messed with it at all, it is set for 20 minutes.
Hope this helps. -Ovatvvon :-Q
I have found problems with putting the session.abandon on the top of the same page as declaring more session variables. What I would try if I were you is haveing the session.abandon on a different page and routing the user through that page and redirecting them to this page you are working on. One thing you could even do it test to see if the session variable is in use (If session("someVariable"
<> "" Then), then if so, redirect them to the session.abandon page, and then back to this page. Whenever I had the session.abandon on another page, it usually would work then!
Also, the session time limit by default in IIS (if you have not changed it) is 20 minutes. You can always change it, but if you haven't messed with it at all, it is set for 20 minutes.
Hope this helps. -Ovatvvon :-Q
Well, the server.transfer method actually transfers the current execution of the ASP page to another ASP page.
It will execute whatever's on that page, and then return the control back to the current page. It was just a thought, really.
Here's some more info.
paul
It will execute whatever's on that page, and then return the control back to the current page. It was just a thought, really.
Here's some more info.
paul
ok, I checked it out...
I see what you're saying, one could server.execute("endSession.asp" which would execute the session.abandon on that page and return to the original one with a new session ID. Is definately somthing to try...will look into that in the future.
Thanks again for shining the light on a subject for me. -Ovatvvon :-Q
I see what you're saying, one could server.execute("endSession.asp"
which would execute the session.abandon on that page and return to the original one with a new session ID. Is definately somthing to try...will look into that in the future.Thanks again for shining the light on a subject for me.
-Ovatvvon :-Q- Thread starter
- #12
Sessions works fine! Finally the problem is that sometimes internet explorer does not request an execution of asp code from server, but restores the previous executions results (html) from clien's machine. When i clear internet explorer history, everything works fine.Aslo Netscape Navigator works ok with my application.
I used this code and everything is ok now :
1) <%@ LANGUAGE=VBSCRIPT %>
2) <%
3) Response.Flush
4) Response.Clear
5) %>
6)....
7)......
...
..
Thanks for your responses!
I used this code and everything is ok now :
1) <%@ LANGUAGE=VBSCRIPT %>
2) <%
3) Response.Flush
4) Response.Clear
5) %>
6)....
7)......
...
..
Thanks for your responses!
The FAQ listed works 99% of the time and is great...you should try that first. Everyone in a while though it didn't work...I've run into that problem...if that's the case you can try somthign that TodWW suggested which is attach a date/time as a query statement to your URL...somthing like this...
<%
dim dateTime
dateTime = Server.URLEncode(now())
Response.redirect("nextPage.asp?tID=" & dateTime)
%>
What Link9 has told you about the FAQ should work...try that first. This is just incase it doesn't...it'll always load a new page because it'll always think it's going to a new page.
-Ovatvvon :-Q
<%
dim dateTime
dateTime = Server.URLEncode(now())
Response.redirect("nextPage.asp?tID=" & dateTime)
%>
What Link9 has told you about the FAQ should work...try that first. This is just incase it doesn't...it'll always load a new page because it'll always think it's going to a new page.
-Ovatvvon :-Q
- Status
Similar threads
- Locked
- Question