Ending Session

[Darrin J Olson]

I am trying to end a session for a site without having to completely close
the browser to end it.

When I access the site and log in it works fine. If I log out and in with a
different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6), and
have the same problems if I make multiple instances of the browser control
inside the app, but I CAN have different session inside the .NET windows app
than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached page?
I open a new browser and log in from the beginning, so the session can't be
in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin

[Chris Barber]

In an ASP page call:

Session.Abandon

The cookie is probably not where you thought it was or is hidden from you
since cookies *are* how ASP handles sessions.

Chris.

"Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
news:vp59llkg3eolc1@corp.supernews.com...
I am trying to end a session for a site without having to completely close
the browser to end it.

When I access the site and log in it works fine. If I log out and in with a
different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6), and
have the same problems if I make multiple instances of the browser control
inside the app, but I CAN have different session inside the .NET windows app
than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached page?
I open a new browser and log in from the beginning, so the session can't be
in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin

[Darrin J Olson]

Chris,

Thank you very much for your response.

Unfortunately, it's not my page that I'm accessing. I'm writing an app for a
company that wants to 'scrape' the data off of the page from some other web
site to cut down on their data entry. Everything works fine, but I need to
close the browser (or whatever process holds the browser) to get rid of the
session. If I use IE Tools->Internet Options to delete cookies and temporary
files, or delete them myself the session persists??




"Chris Barber" <chris@blue-canoe.co.uk.NOSPAM> wrote in message
news:OyaPcPllDHA.3320@tk2msftngp13.phx.gbl...

> In an ASP page call:
>
> Session.Abandon
>
> The cookie is probably not where you thought it was or is hidden from you
> since cookies *are* how ASP handles sessions.
>
> Chris.
>
> "Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
> news:vp59llkg3eolc1@corp.supernews.com...
> I am trying to end a session for a site without having to completely close
> the browser to end it.
>
> When I access the site and log in it works fine. If I log out and in with

a

> different account without closing the browser, I get the first session's
> information. Also, if a open another browser and log in with a different
> account I get the session from the first browser. I've tried deleting all
> cookies and any cached pages, but still get the same first session.
>
> I created a windows app in .NET and added a browser (control from VB6),

and

> have the same problems if I make multiple instances of the browser control
> inside the app, but I CAN have different session inside the .NET windows

app

> than what I have in the IE browsers. They don't seem to cross.
>
> How is the session being held if it is not in a cookie or in a cached

page?

> I open a new browser and log in from the beginning, so the session can't

be

> in the URL, or in a hidden text field??
>
> I think I must be missing something on how the sessions are stored??
>
> Any help would be greatly appreciated, and I apologize if this is an
> inappropriate group to post to.
>
> -Darrin
>
>
>

[Chris Barber]

Ahh, you mean you want to end the session for the remote webserver from the
client side?

[url]http://www.asp101.com/articles/john/sessionsend/default.asp[/url]

As far as I know, it's not possible unless you can inform the remote
webserver that you want to end the session.

Chris.

"Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
news:vp5chqtbt4tg11@corp.supernews.com...
Chris,

Thank you very much for your response.

Unfortunately, it's not my page that I'm accessing. I'm writing an app for a
company that wants to 'scrape' the data off of the page from some other web
site to cut down on their data entry. Everything works fine, but I need to
close the browser (or whatever process holds the browser) to get rid of the
session. If I use IE Tools->Internet Options to delete cookies and temporary
files, or delete them myself the session persists??




"Chris Barber" <chris@blue-canoe.co.uk.NOSPAM> wrote in message
news:OyaPcPllDHA.3320@tk2msftngp13.phx.gbl...

> In an ASP page call:
>
> Session.Abandon
>
> The cookie is probably not where you thought it was or is hidden from you
> since cookies *are* how ASP handles sessions.
>
> Chris.
>
> "Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
> news:vp59llkg3eolc1@corp.supernews.com...
> I am trying to end a session for a site without having to completely close
> the browser to end it.
>
> When I access the site and log in it works fine. If I log out and in with

a

> different account without closing the browser, I get the first session's
> information. Also, if a open another browser and log in with a different
> account I get the session from the first browser. I've tried deleting all
> cookies and any cached pages, but still get the same first session.
>
> I created a windows app in .NET and added a browser (control from VB6),

and

> have the same problems if I make multiple instances of the browser control
> inside the app, but I CAN have different session inside the .NET windows

app

> than what I have in the IE browsers. They don't seem to cross.
>
> How is the session being held if it is not in a cookie or in a cached

page?

> I open a new browser and log in from the beginning, so the session can't

be

> in the URL, or in a hidden text field??
>
> I think I must be missing something on how the sessions are stored??
>
> Any help would be greatly appreciated, and I apologize if this is an
> inappropriate group to post to.
>
> -Darrin
>
>
>

[Darrin J Olson]

That stinks. I still want to think that there must a way since the remote
server really isn't holding any type of static connection with the client. I
can't figure out how it is keeping it's session? It has got to be storing it
somewhere client side.

Thank you again for your response and the link. It looks like it has quite a
bit of info.

I'll see what I can figure out...

-Darrin


"Chris Barber" <chris@blue-canoe.co.uk.NOSPAM> wrote in message
news:e4d3HNmlDHA.3612@TK2MSFTNGP11.phx.gbl...

> Ahh, you mean you want to end the session for the remote webserver from

the

> client side?
>
> [url]http://www.asp101.com/articles/john/sessionsend/default.asp[/url]
>
> As far as I know, it's not possible unless you can inform the remote
> webserver that you want to end the session.
>
> Chris.
>
> "Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
> news:vp5chqtbt4tg11@corp.supernews.com...
> Chris,
>
> Thank you very much for your response.
>
> Unfortunately, it's not my page that I'm accessing. I'm writing an app for

a

> company that wants to 'scrape' the data off of the page from some other

web

> site to cut down on their data entry. Everything works fine, but I need to
> close the browser (or whatever process holds the browser) to get rid of

the

> session. If I use IE Tools->Internet Options to delete cookies and

temporary

> files, or delete them myself the session persists??
>
>
>
>
> "Chris Barber" <chris@blue-canoe.co.uk.NOSPAM> wrote in message
> news:OyaPcPllDHA.3320@tk2msftngp13.phx.gbl...

> > In an ASP page call:
> >
> > Session.Abandon
> >
> > The cookie is probably not where you thought it was or is hidden from

you

> > since cookies *are* how ASP handles sessions.
> >
> > Chris.
> >
> > "Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
> > news:vp59llkg3eolc1@corp.supernews.com...
> > I am trying to end a session for a site without having to completely

close

> > the browser to end it.
> >
> > When I access the site and log in it works fine. If I log out and in

with

> a

> > different account without closing the browser, I get the first session's
> > information. Also, if a open another browser and log in with a different
> > account I get the session from the first browser. I've tried deleting

all

> > cookies and any cached pages, but still get the same first session.
> >
> > I created a windows app in .NET and added a browser (control from VB6),

> and

> > have the same problems if I make multiple instances of the browser

control

> > inside the app, but I CAN have different session inside the .NET windows

> app

> > than what I have in the IE browsers. They don't seem to cross.
> >
> > How is the session being held if it is not in a cookie or in a cached

> page?

> > I open a new browser and log in from the beginning, so the session can't

> be

> > in the URL, or in a hidden text field??
> >
> > I think I must be missing something on how the sessions are stored??
> >
> > Any help would be greatly appreciated, and I apologize if this is an
> > inappropriate group to post to.
> >
> > -Darrin
> >
> >
> >

>
>
>

[Bob Barrows]

Darrin J Olson wrote:

> That stinks. I still want to think that there must a way since the
> remote server really isn't holding any type of static connection with
> the client. I can't figure out how it is keeping it's session? It has
> got to be storing it somewhere client side.
>

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his
browser, or navigates to another page, or whatever. It only knows whether or
not it receives http requests containing the appropriate session id or not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

[Chris Barber]

But .. the question was whether or not the session can be reset from the
client side (eg. delete the relevant cookie so that the http headers will
not contains the relevant session id).
I can't find any information about how to do it although I presume it would
only be possible from outside of IE itself [the cookie delete thing] without
setting off lots of security warnings. The basic mechanisms for how sessions
are created, timeout and die are well known and certainly from an ASP point
of view it's easy to achieve.

Chris.


"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
news:uycLx8mlDHA.1672@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:

> That stinks. I still want to think that there must a way since the
> remote server really isn't holding any type of static connection with
> the client. I can't figure out how it is keeping it's session? It has
> got to be storing it somewhere client side.
>

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his
browser, or navigates to another page, or whatever. It only knows whether or
not it receives http requests containing the appropriate session id or not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

[Darrin J Olson]

This I understand.

Here are the facts, and any help you can give would be greatly appreciated!

1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login page
and login with a new account without closing my browser, I get data from the
first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I
used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any subsequent
logins return data from the initial session login, regardless of wether or
not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the browsers
using IE and the browser controls in my application, they don't appear to
communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET C#),
so I have some familiarity, but I don't feel this has anything to do with
ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete any
cookies and don't see any in the index.dat file? The session always persists
unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a
new browser that was opened, which makes me think either cached pages or a
cookie. I delete the cached pages and the cookies, but the session remains.

Again, any help would be greatly appreciated.

Thanks,
-Darrin




"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
news:uycLx8mlDHA.1672@TK2MSFTNGP09.phx.gbl...

> Darrin J Olson wrote:

> > That stinks. I still want to think that there must a way since the
> > remote server really isn't holding any type of static connection with
> > the client. I can't figure out how it is keeping it's session? It has
> > got to be storing it somewhere client side.
> >

>
> A session ends when the session timeout period expires, or when
> session.abandon is called. The server does not know when a user closes his
> browser, or navigates to another page, or whatever. It only knows whether

or

> not it receives http requests containing the appropriate session id or

not.

>
> HTH,
> Bob Barrows
> --
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so I
> don't check it very often. If you must reply off-line, then remove the
> "NO SPAM"
>
>

[Bob Lehmann]

It must have something to with ASP, or you wouldn't be posting here - right?
:>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
news:vp5pkqh44elnaf@corp.supernews.com...

> This I understand.
>
> Here are the facts, and any help you can give would be greatly

appreciated!

>
> 1. I am only the client, I do not have access to the server or it's code.
> 2. I am not sure what the host is using for session management.
> 3. When I close my browser and open a new one, I am given a new session.
> 4. When I am authenticated (however it is handled) and go to the login

page

> and login with a new account without closing my browser, I get data from

the

> first login.
> 5. When I open another browser and login with a different account, I get
> data from the first login if the first browser is still open.
> 6. If I delete all the cookies and Temporary Internet Files using
> Tools->Internet Options, or manually, I still get data from whatever login

I

> used initially with any subsequent logins.
> 7. If I add browser controls into a .NET windows application, any

subsequent

> logins return data from the initial session login, regardless of wether or
> not I remove/close the first browser control that logged in.
> 8. I CAN login and return data from different sessions between the

browsers

> using IE and the browser controls in my application, they don't appear to
> communicate the session.
>
> I've been doing web development for over 6 years, and am a MCP (ASP.NET

C#),

> so I have some familiarity, but I don't feel this has anything to do with
> ASP necessarily. I thought that maybe IE was caching the pages on the
> client, but that should reload if I delete any temp files? I also delete

any

> cookies and don't see any in the index.dat file? The session always

persists

> unless I close my browser???
>
> If it was URL rewriting or in a hidden field, it should not go across to a
> new browser that was opened, which makes me think either cached pages or a
> cookie. I delete the cached pages and the cookies, but the session

remains.

>
> Again, any help would be greatly appreciated.
>
> Thanks,
> -Darrin
>
>
>
>
> "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> news:uycLx8mlDHA.1672@TK2MSFTNGP09.phx.gbl...

> > Darrin J Olson wrote:

> > > That stinks. I still want to think that there must a way since the
> > > remote server really isn't holding any type of static connection with
> > > the client. I can't figure out how it is keeping it's session? It has
> > > got to be storing it somewhere client side.
> > >

> >
> > A session ends when the session timeout period expires, or when
> > session.abandon is called. The server does not know when a user closes

his

> > browser, or navigates to another page, or whatever. It only knows

whether

> or

> > not it receives http requests containing the appropriate session id or

> not.

> >
> > HTH,
> > Bob Barrows
> > --
> > Microsoft MVP - ASP/ASP.NET
> > Please reply to the newsgroup. This email account is my spam trap so I
> > don't check it very often. If you must reply off-line, then remove the
> > "NO SPAM"
> >
> >

>
>

[Darrin J Olson]

Thanks Bob, that would explain a lot.

As far as the newsgroup, I wasn't sure where to post it since it involved a
few different things, and I may not have had the potential of querying such
intelligent and knowledgeable folks if I used a different one. ;-)

Thanks again to both you and Chris for your help.
-Darrin




"Bob Lehmann" <nospam@dontbotherme.zzz> wrote in message
news:%23e$XgwnlDHA.976@tk2msftngp13.phx.gbl...

> It must have something to with ASP, or you wouldn't be posting here -

right?

> :>)
>
> Session cookies are stored in the client memory. AFAIK, they can't be
> altered or deleted from the client - they expire on timeout or when the
> browser closes.
>
> Bob Lehmann
>
> "Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
> news:vp5pkqh44elnaf@corp.supernews.com...

> > This I understand.
> >
> > Here are the facts, and any help you can give would be greatly

> appreciated!

> >
> > 1. I am only the client, I do not have access to the server or it's

code.

> > 2. I am not sure what the host is using for session management.
> > 3. When I close my browser and open a new one, I am given a new session.
> > 4. When I am authenticated (however it is handled) and go to the login

> page

> > and login with a new account without closing my browser, I get data from

> the

> > first login.
> > 5. When I open another browser and login with a different account, I get
> > data from the first login if the first browser is still open.
> > 6. If I delete all the cookies and Temporary Internet Files using
> > Tools->Internet Options, or manually, I still get data from whatever

login

> I

> > used initially with any subsequent logins.
> > 7. If I add browser controls into a .NET windows application, any

> subsequent

> > logins return data from the initial session login, regardless of wether

or

> > not I remove/close the first browser control that logged in.
> > 8. I CAN login and return data from different sessions between the

> browsers

> > using IE and the browser controls in my application, they don't appear

to

> > communicate the session.
> >
> > I've been doing web development for over 6 years, and am a MCP (ASP.NET

> C#),

> > so I have some familiarity, but I don't feel this has anything to do

with

> > ASP necessarily. I thought that maybe IE was caching the pages on the
> > client, but that should reload if I delete any temp files? I also delete

> any

> > cookies and don't see any in the index.dat file? The session always

> persists

> > unless I close my browser???
> >
> > If it was URL rewriting or in a hidden field, it should not go across to

a

> > new browser that was opened, which makes me think either cached pages or

a

> > cookie. I delete the cached pages and the cookies, but the session

> remains.

> >
> > Again, any help would be greatly appreciated.
> >
> > Thanks,
> > -Darrin
> >
> >
> >
> >
> > "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> > news:uycLx8mlDHA.1672@TK2MSFTNGP09.phx.gbl...

> > > Darrin J Olson wrote:
> > > > That stinks. I still want to think that there must a way since the
> > > > remote server really isn't holding any type of static connection

with

> > > > the client. I can't figure out how it is keeping it's session? It

has

> > > > got to be storing it somewhere client side.
> > > >
> > >
> > > A session ends when the session timeout period expires, or when
> > > session.abandon is called. The server does not know when a user closes

> his

> > > browser, or navigates to another page, or whatever. It only knows

> whether

> > or

> > > not it receives http requests containing the appropriate session id or

> > not.

> > >
> > > HTH,
> > > Bob Barrows
> > > --
> > > Microsoft MVP - ASP/ASP.NET
> > > Please reply to the newsgroup. This email account is my spam trap so I
> > > don't check it very often. If you must reply off-line, then remove the
> > > "NO SPAM"
> > >
> > >

> >
> >

>
>

[Chris Barber]

Thanks for the info Bob.

I was beginning to suspect the same although all information I've ever seen
seems to indicate (indirectly) that session persistence was to do with
cookies. However, on thinking about it, I now see that the information I
have read says that 'ASP sessions require that cookies be enabled', *not*
that IE stores the session id *as* a cookie.

So, that would explain the majority of stuff but perhaps not the multiple
browsers getting the same session data scenario which I have no idea why
that could be happening unless both (or more) instances of IE are in fact
instances of a class from an ActiveX EXE (thus all instances could be
getting access to the same common 'session' information dependant on the
settings for the class). NB: MS Word work like this in that Word.exe is in
fact an ActiveXEXE Server.

Chris.

"Bob Lehmann" <nospam@dontbotherme.zzz> wrote in message
news:%23e$XgwnlDHA.976@tk2msftngp13.phx.gbl...
It must have something to with ASP, or you wouldn't be posting here - right?
:>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
news:vp5pkqh44elnaf@corp.supernews.com...

> This I understand.
>
> Here are the facts, and any help you can give would be greatly

appreciated!

>
> 1. I am only the client, I do not have access to the server or it's code.
> 2. I am not sure what the host is using for session management.
> 3. When I close my browser and open a new one, I am given a new session.
> 4. When I am authenticated (however it is handled) and go to the login

page

> and login with a new account without closing my browser, I get data from

the

> first login.
> 5. When I open another browser and login with a different account, I get
> data from the first login if the first browser is still open.
> 6. If I delete all the cookies and Temporary Internet Files using
> Tools->Internet Options, or manually, I still get data from whatever login

I

> used initially with any subsequent logins.
> 7. If I add browser controls into a .NET windows application, any

subsequent

> logins return data from the initial session login, regardless of wether or
> not I remove/close the first browser control that logged in.
> 8. I CAN login and return data from different sessions between the

browsers

> using IE and the browser controls in my application, they don't appear to
> communicate the session.
>
> I've been doing web development for over 6 years, and am a MCP (ASP.NET

C#),

> so I have some familiarity, but I don't feel this has anything to do with
> ASP necessarily. I thought that maybe IE was caching the pages on the
> client, but that should reload if I delete any temp files? I also delete

any

> cookies and don't see any in the index.dat file? The session always

persists

> unless I close my browser???
>
> If it was URL rewriting or in a hidden field, it should not go across to a
> new browser that was opened, which makes me think either cached pages or a
> cookie. I delete the cached pages and the cookies, but the session

remains.

>
> Again, any help would be greatly appreciated.
>
> Thanks,
> -Darrin
>
>
>
>
> "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> news:uycLx8mlDHA.1672@TK2MSFTNGP09.phx.gbl...

> > Darrin J Olson wrote:

> > > That stinks. I still want to think that there must a way since the
> > > remote server really isn't holding any type of static connection with
> > > the client. I can't figure out how it is keeping it's session? It has
> > > got to be storing it somewhere client side.
> > >

> >
> > A session ends when the session timeout period expires, or when
> > session.abandon is called. The server does not know when a user closes

his

> > browser, or navigates to another page, or whatever. It only knows

whether

> or

> > not it receives http requests containing the appropriate session id or

> not.

> >
> > HTH,
> > Bob Barrows
> > --
> > Microsoft MVP - ASP/ASP.NET
> > Please reply to the newsgroup. This email account is my spam trap so I
> > don't check it very often. If you must reply off-line, then remove the
> > "NO SPAM"
> >
> >

>
>

[Chris Barber]

I'd say that the implementation of the sessions *is* - predominantly for
this discussion - ASP but the surrounding technologies may not be ... I
still reckon ASP was the right choice.

LoL, and I still managed to learn something.

Chris.

"Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
news:vp5s0vli88hd60@corp.supernews.com...
Thanks Bob, that would explain a lot.

As far as the newsgroup, I wasn't sure where to post it since it involved a
few different things, and I may not have had the potential of querying such
intelligent and knowledgeable folks if I used a different one. ;-)

Thanks again to both you and Chris for your help.
-Darrin




"Bob Lehmann" <nospam@dontbotherme.zzz> wrote in message
news:%23e$XgwnlDHA.976@tk2msftngp13.phx.gbl...

> It must have something to with ASP, or you wouldn't be posting here -

right?

> :>)
>
> Session cookies are stored in the client memory. AFAIK, they can't be
> altered or deleted from the client - they expire on timeout or when the
> browser closes.
>
> Bob Lehmann
>
> "Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
> news:vp5pkqh44elnaf@corp.supernews.com...

> > This I understand.
> >
> > Here are the facts, and any help you can give would be greatly

> appreciated!

> >
> > 1. I am only the client, I do not have access to the server or it's

code.

> > 2. I am not sure what the host is using for session management.
> > 3. When I close my browser and open a new one, I am given a new session.
> > 4. When I am authenticated (however it is handled) and go to the login

> page

> > and login with a new account without closing my browser, I get data from

> the

> > first login.
> > 5. When I open another browser and login with a different account, I get
> > data from the first login if the first browser is still open.
> > 6. If I delete all the cookies and Temporary Internet Files using
> > Tools->Internet Options, or manually, I still get data from whatever

login

> I

> > used initially with any subsequent logins.
> > 7. If I add browser controls into a .NET windows application, any

> subsequent

> > logins return data from the initial session login, regardless of wether

or

> > not I remove/close the first browser control that logged in.
> > 8. I CAN login and return data from different sessions between the

> browsers

> > using IE and the browser controls in my application, they don't appear

to

> > communicate the session.
> >
> > I've been doing web development for over 6 years, and am a MCP (ASP.NET

> C#),

> > so I have some familiarity, but I don't feel this has anything to do

with

> > ASP necessarily. I thought that maybe IE was caching the pages on the
> > client, but that should reload if I delete any temp files? I also delete

> any

> > cookies and don't see any in the index.dat file? The session always

> persists

> > unless I close my browser???
> >
> > If it was URL rewriting or in a hidden field, it should not go across to

a

> > new browser that was opened, which makes me think either cached pages or

a

> > cookie. I delete the cached pages and the cookies, but the session

> remains.

> >
> > Again, any help would be greatly appreciated.
> >
> > Thanks,
> > -Darrin
> >
> >
> >
> >
> > "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> > news:uycLx8mlDHA.1672@TK2MSFTNGP09.phx.gbl...

> > > Darrin J Olson wrote:
> > > > That stinks. I still want to think that there must a way since the
> > > > remote server really isn't holding any type of static connection

with

> > > > the client. I can't figure out how it is keeping it's session? It

has

> > > > got to be storing it somewhere client side.
> > > >
> > >
> > > A session ends when the session timeout period expires, or when
> > > session.abandon is called. The server does not know when a user closes

> his

> > > browser, or navigates to another page, or whatever. It only knows

> whether

> > or

> > > not it receives http requests containing the appropriate session id or

> > not.

> > >
> > > HTH,
> > > Bob Barrows
> > > --
> > > Microsoft MVP - ASP/ASP.NET
> > > Please reply to the newsgroup. This email account is my spam trap so I
> > > don't check it very often. If you must reply off-line, then remove the
> > > "NO SPAM"
> > >
> > >

> >
> >

>
>

[Darrin J Olson]

Chris,

I think you are on the right track. That would also explain why when I add
the activeX browser controls to my .NET app it holds a different session and
must use a different cookie in memory than what the browsers out of the OS
do. It must kind of hold a common cookie per process per domain.

Thanks!

-Darrin




"Chris Barber" <chris@blue-canoe.co.uk.NOSPAM> wrote in message
news:OrF%239eolDHA.1960@TK2MSFTNGP12.phx.gbl...

> Thanks for the info Bob.
>
> I was beginning to suspect the same although all information I've ever

seen

> seems to indicate (indirectly) that session persistence was to do with
> cookies. However, on thinking about it, I now see that the information I
> have read says that 'ASP sessions require that cookies be enabled', *not*
> that IE stores the session id *as* a cookie.
>
> So, that would explain the majority of stuff but perhaps not the multiple
> browsers getting the same session data scenario which I have no idea why
> that could be happening unless both (or more) instances of IE are in fact
> instances of a class from an ActiveX EXE (thus all instances could be
> getting access to the same common 'session' information dependant on the
> settings for the class). NB: MS Word work like this in that Word.exe is in
> fact an ActiveXEXE Server.
>
> Chris.
>
> "Bob Lehmann" <nospam@dontbotherme.zzz> wrote in message
> news:%23e$XgwnlDHA.976@tk2msftngp13.phx.gbl...
> It must have something to with ASP, or you wouldn't be posting here -

right?

> :>)
>
> Session cookies are stored in the client memory. AFAIK, they can't be
> altered or deleted from the client - they expire on timeout or when the
> browser closes.
>
> Bob Lehmann
>
> "Darrin J Olson" <darrin.j.olson@sio.midco.net> wrote in message
> news:vp5pkqh44elnaf@corp.supernews.com...

> > This I understand.
> >
> > Here are the facts, and any help you can give would be greatly

> appreciated!

> >
> > 1. I am only the client, I do not have access to the server or it's

code.

> > 2. I am not sure what the host is using for session management.
> > 3. When I close my browser and open a new one, I am given a new session.
> > 4. When I am authenticated (however it is handled) and go to the login

> page

> > and login with a new account without closing my browser, I get data from

> the

> > first login.
> > 5. When I open another browser and login with a different account, I get
> > data from the first login if the first browser is still open.
> > 6. If I delete all the cookies and Temporary Internet Files using
> > Tools->Internet Options, or manually, I still get data from whatever

login

> I

> > used initially with any subsequent logins.
> > 7. If I add browser controls into a .NET windows application, any

> subsequent

> > logins return data from the initial session login, regardless of wether

or

> > not I remove/close the first browser control that logged in.
> > 8. I CAN login and return data from different sessions between the

> browsers

> > using IE and the browser controls in my application, they don't appear

to

> > communicate the session.
> >
> > I've been doing web development for over 6 years, and am a MCP (ASP.NET

> C#),

> > so I have some familiarity, but I don't feel this has anything to do

with

> > ASP necessarily. I thought that maybe IE was caching the pages on the
> > client, but that should reload if I delete any temp files? I also delete

> any

> > cookies and don't see any in the index.dat file? The session always

> persists

> > unless I close my browser???
> >
> > If it was URL rewriting or in a hidden field, it should not go across to

a

> > new browser that was opened, which makes me think either cached pages or

a

> > cookie. I delete the cached pages and the cookies, but the session

> remains.

> >
> > Again, any help would be greatly appreciated.
> >
> > Thanks,
> > -Darrin
> >
> >
> >
> >
> > "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> > news:uycLx8mlDHA.1672@TK2MSFTNGP09.phx.gbl...

> > > Darrin J Olson wrote:
> > > > That stinks. I still want to think that there must a way since the
> > > > remote server really isn't holding any type of static connection

with

> > > > the client. I can't figure out how it is keeping it's session? It

has

> > > > got to be storing it somewhere client side.
> > > >
> > >
> > > A session ends when the session timeout period expires, or when
> > > session.abandon is called. The server does not know when a user closes

> his

> > > browser, or navigates to another page, or whatever. It only knows

> whether

> > or

> > > not it receives http requests containing the appropriate session id or

> > not.

> > >
> > > HTH,
> > > Bob Barrows
> > > --
> > > Microsoft MVP - ASP/ASP.NET
> > > Please reply to the newsgroup. This email account is my spam trap so I
> > > don't check it very often. If you must reply off-line, then remove the
> > > "NO SPAM"
> > >
> > >

> >
> >

>
>
>

[Phillip Windell]

"Chris Barber" <chris@blue-canoe.co.uk.NOSPAM> wrote in message
news:OrF#9eolDHA.1960@TK2MSFTNGP12.phx.gbl...

> have read says that 'ASP sessions require that cookies be enabled',

*not*

> that IE stores the session id *as* a cookie.

It is specifically a "Session Cookie", they are special and only exist
in memory (aka Temporary Cookies). They are not the same thing as
other Cookies. It is two different animals.

> So, that would explain the majority of stuff but perhaps not the

multiple

> browsers getting the same session data scenario which I have no idea

why

Multiple Browser *Windows* get the same session, multiple Browser
*instances* do not. Hitting "CTRL-N" pops up a new Window not a new
"Browser". To get a new browse you must re-execute the excutable
(iexplorer.exe).

--

Phillip Windell [CCNA, MVP, MCP]
[email]pwindell@wandtv.com[/email]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Chris Barber]

I've never really tried that hard to find the exact circumstances so thanks
for the info, it's much appreciated.

Chris.

"Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
news:%23J6waKzlDHA.2436@TK2MSFTNGP09.phx.gbl...
"Chris Barber" <chris@blue-canoe.co.uk.NOSPAM> wrote in message
news:OrF#9eolDHA.1960@TK2MSFTNGP12.phx.gbl...

> have read says that 'ASP sessions require that cookies be enabled',

*not*

> that IE stores the session id *as* a cookie.

It is specifically a "Session Cookie", they are special and only exist
in memory (aka Temporary Cookies). They are not the same thing as
other Cookies. It is two different animals.

> So, that would explain the majority of stuff but perhaps not the

multiple

> browsers getting the same session data scenario which I have no idea

why

Multiple Browser *Windows* get the same session, multiple Browser
*instances* do not. Hitting "CTRL-N" pops up a new Window not a new
"Browser". To get a new browse you must re-execute the excutable
(iexplorer.exe).

--

Phillip Windell [CCNA, MVP, MCP]
[email]pwindell@wandtv.com[/email]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]