Ask a Question related to ASP, Design and Development.
-
Brad #1
Session Variables
Hi everyone,
I've been using ASP on a few different projects over the past year, either
using Javascript or VBScript. During that time, I've made use of session
variables, but even then, I've tried to keep those variables to a minimum
(which is not always easy).
I've also read on many ASP resource sites (such as fuzzysoftware.com, etc)
that the use of session variables can be a no-no, while others say that it's
perfectly valid to use them extensively. Some articles on these sites state
that if we use session variables on a site that is spanned across a web
farm, those variables will either get corrupt, lost, or even worse, abducted
by UFO's (kidding).
Since I'm sure a lot of you have had more experience in this area than I
have, I was wondering what the "thought of the day" is, pertaining to the
use of session variables.
Thanks guys,
Brad
Brad Guest
-
#39833 [NEW]: Session variables overwritten by local variables (register_globals=off)
From: sup1382 at accedo dot es Operating system: OpenBSD 3.9 PHP version: 5.2.0 PHP Bug Type: Session related Bug... -
#39447 [NEW]: Want to optionally handle apc_upload_progress variables using session variables
From: krudtaa at yahoo dot com Operating system: All PHP version: 5.2.0 PHP Bug Type: Feature/Change Request Bug... -
Session Variables in .NET
Hi, I am starting to develop an ASP.Net application. I will have a logon page which will take a UserName and Password. A Stored Procedure will... -
Session problem when setting session variables in files that are in different directories
I am running PHP 4.3.0 on a WinXPpro machine and I recently got problem with sessions. What I am building is a loginsystem and I need to save... -
variables that change session variables
Hi, I'm currently writing a mulit-page form app that uses a session to retain data from each form element in order for the user to jump between... -
Dave Anderson #2 Re: Session Variables
I avoid them for just about everything. At some point around version 5,
Microsoft tried to give IE the ability to straddle multiple sessions from
within a single Windows user session, and introduced a nightmare that hasn't
resolved itself yet. MS then compounded the problem by taking away from the
user the ability to control whether new windows browse in new sessions.
Look here for a glimpse:
[url]http://aspfaq.com/show.asp?id=2157[/url]
I have noticed a sudden increase in lost sessions with IE6 that began a few
months ago, presumably coinciding with the release of some patch. In my
organization, we have documented many machines that behave better or worse
depending on the number of other applications running. Why on earth this
would affect session persistence is beyond me.
Tack on ever-mutating security policies that (a) affect the sharing of
sessions across frames/popups/iframes/new windows, and (b) keep overwriting
preferences every time Windows Update prompts the user to patch the browser
or leave himself vulnerable to an earth-shattering, "new" (MS speak for
"it's been there all along") vulnerability, and it's a wonder that sessions
work at all.
It's a shame, too -- these problems are unique to IE. No other browser gives
session cookies this unique treatment. And even IE behaves properly with
normal cookies (it shares them among all windows). If you design your own
session architecture (generate unique, pseudorandom IDs, send them to the
browser as plain-old cookies, manage session data in a DB, etc.) IE will
work perfectly and in a manner consistent with other browsers. But you can't
use your own cookie to piggyback onto a session, so you can't solve the
problems with session cookies without dropping session variables altogether
(or at least not using them for anything important).
Do I sound bitter? Remediating a bunch of applications written by someone
else will do that to you. Especially when those apps shouldn't be broken,
except for the shifting landscape that is Microsoft Internet Explorer.
"Brad" wrote:it's>
> I've been using ASP on a few different projects over the past year, either
> using Javascript or VBScript. During that time, I've made use of session
> variables, but even then, I've tried to keep those variables to a minimum
> (which is not always easy).
>
> I've also read on many ASP resource sites (such as fuzzysoftware.com, etc)
> that the use of session variables can be a no-no, while others say thatstate> perfectly valid to use them extensively. Some articles on these sitesabducted> that if we use session variables on a site that is spanned across a web
> farm, those variables will either get corrupt, lost, or even worse,--> by UFO's (kidding).
>
> Since I'm sure a lot of you have had more experience in this area than I
> have, I was wondering what the "thought of the day" is, pertaining to the
> use of session variables.
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Dave Anderson Guest
-
Brad #3 Re: Session Variables
Dave,
Thanks for that FAQ, and thanks also for the insight. It seems that
developing this new [database/user intensive] site is going to be a
nightmare. I'm starting to wonder how so many database/user driven sites are
able to work properly.
*sigh* I'm going to have to try to find some mechanism(s) for this so that I
can *create* a sessionId and store it in a hidden form field, along with
other state variables. The FAQ even states that it's possible for the
normally created sessionId to change from page to page. I'm also going to
have to figure out a mechanism for *properly* storing session data in a
database.
:/
Brad
Brad Guest
-
Nick T #4 Session Variables
Oh where Oh where are my session variables???
From a page in the root of a virtual directory I set 2
session variables. I then navigate to a page in a child
physical directory and a new session always starts thus I
lose my session variables. I tried placing the page in the
same location and the same happens. The first page sets
the variables and the second reads them but because a new
session is started, I have nothing. Is this a known
problem? and if so is there a workaround?
I've never come across this problem before.
Thanks
Nick
Nick T Guest
-
Nicholas Tullett #5 Re: Session Variables
Hi Brad, how do I get to the is Dave Andersons article on session
variables?
Many Thanks for the reply. I fixed the probelm by the way. A new session
is being created where it shouldn't be or should I say never used to be.
I programmed around it.
Regards
Nick
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Nicholas Tullett Guest
-
tmurray0539 #6 Session Variables
Hi all:
Does the use of Session variables create cookies on the client's
computer? I was told that this is the case but I am not in agreement. I
would like to be enlightened on the subject.
Thanks
Terry
tmurray0539 Guest
-
Ray at #7 Re: Session Variables
Yes, IIS creates a session cookie. [url]http://www.asp-help.com/sessions.asp[/url]
ASP.NET has a nice "cookieless session" feature, that'll just use a
querystring tracker, I believe. You could implement this yourself if you
wanted to though. Of course, if someone chops a URL, you'll lose the
"session."
Ray at home
--
Will trade ASP help for SQL Server help
"tmurray0539" <tmurray0539@rogers.com> wrote in message
news:9rGVa.2968$rsJ.2622@news04.bloor.is.net.cable .rogers.com...> Hi all:
> Does the use of Session variables create cookies on the client's
> computer? I was told that this is the case but I am not in agreement. I
> would like to be enlightened on the subject.
>
> Thanks
>
> Terry
>
>
>
Ray at Guest
-
Ken Schaefer #8 Re: Session Variables
Cookies can not reside on the server.
When a session starts, IIS generates a SessionID. This is sent to the client
as part of an in-memory cookie (ie a cookie that is not written to the
client's hard disk - it is merely kept in memory until the browser is
closed). The client returns this cookie with each subsequent request to the
server. The server uses the SessionID that is stored inside to work out
which session variables belong to that user.
You can see this yourself if you use telnet (or similar) to simulate a
request to a server:
c:\>telnet
telnet>open localhost 80
GET / HTTP/1.1
HOST: localhost
[enter]
[enter]
returns (notice the "Set Cookie" HTTP header?)
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.1
Date: Wed, 30 Jul 2003 06:25:47 GMT
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSDQBCAB=DNMPMLKDCHEINBHBJGDNLFBO; path=/
Cache-control: private
<html>
<head></head>
<body>
<p>test page I created</p>
</body>
</html>
Cheers
Ken
"tmurray0539" <tmurray0539@rogers.com> wrote in message
news:uPGVa.5151$rsJ.2880@news04.bloor.is.net.cable .rogers.com...
: Does this session cookie reside on the server or the client's computer?
:
: Terry
:
: "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
: news:uFqpkZkVDHA.2192@TK2MSFTNGP10.phx.gbl...
: > Yes, IIS creates a session cookie. [url]http://www.asp-help.com/sessions.asp[/url]
: > ASP.NET has a nice "cookieless session" feature, that'll just use a
: > querystring tracker, I believe. You could implement this yourself if
you
: > wanted to though. Of course, if someone chops a URL, you'll lose the
: > "session."
: >
: > Ray at home
: >
: > --
: > Will trade ASP help for SQL Server help
: >
: >
: > "tmurray0539" <tmurray0539@rogers.com> wrote in message
: > news:9rGVa.2968$rsJ.2622@news04.bloor.is.net.cable .rogers.com...
: > > Hi all:
: > > Does the use of Session variables create cookies on the client's
: > > computer? I was told that this is the case but I am not in agreement.
: I
: > > would like to be enlightened on the subject.
: > >
: > > Thanks
: > >
: > > Terry
: > >
: > >
: > >
: >
: >
:
:
Ken Schaefer Guest
-
tmurray0539 #9 Re: Session Variables
If I understand correctly, this means that if a client is not allowing
cookies (the kind that accesses his/.her hard disk) that this
"in-memory" cookie would still be created. Am I correct in my assumption?
Terry
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:epRpeOmVDHA.1832@TK2MSFTNGP09.phx.gbl...client> Cookies can not reside on the server.
>
> When a session starts, IIS generates a SessionID. This is sent to thethe> as part of an in-memory cookie (ie a cookie that is not written to the
> client's hard disk - it is merely kept in memory until the browser is
> closed). The client returns this cookie with each subsequent request to[url]http://www.asp-help.com/sessions.asp[/url]> server. The server uses the SessionID that is stored inside to work out
> which session variables belong to that user.
>
> You can see this yourself if you use telnet (or similar) to simulate a
> request to a server:
> c:\>telnet
> telnet>open localhost 80
> GET / HTTP/1.1
> HOST: localhost
> [enter]
> [enter]
>
> returns (notice the "Set Cookie" HTTP header?)
>
>
>
> HTTP/1.1 200 OK
> Server: Microsoft-IIS/5.1
> Date: Wed, 30 Jul 2003 06:25:47 GMT
> X-Powered-By: ASP.NET
> Content-Type: text/html
> Set-Cookie: ASPSESSIONIDQSDQBCAB=DNMPMLKDCHEINBHBJGDNLFBO; path=/
> Cache-control: private
>
> <html>
> <head></head>
> <body>
> <p>test page I created</p>
> </body>
> </html>
>
> Cheers
> Ken
>
> "tmurray0539" <tmurray0539@rogers.com> wrote in message
> news:uPGVa.5151$rsJ.2880@news04.bloor.is.net.cable .rogers.com...
> : Does this session cookie reside on the server or the client's computer?
> :
> : Terry
> :
> : "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
> : news:uFqpkZkVDHA.2192@TK2MSFTNGP10.phx.gbl...
> : > Yes, IIS creates a session cookie.agreement.> : > ASP.NET has a nice "cookieless session" feature, that'll just use a
> : > querystring tracker, I believe. You could implement this yourself if
> you
> : > wanted to though. Of course, if someone chops a URL, you'll lose the
> : > "session."
> : >
> : > Ray at home
> : >
> : > --
> : > Will trade ASP help for SQL Server help
> : >
> : >
> : > "tmurray0539" <tmurray0539@rogers.com> wrote in message
> : > news:9rGVa.2968$rsJ.2622@news04.bloor.is.net.cable .rogers.com...
> : > > Hi all:
> : > > Does the use of Session variables create cookies on the client's
> : > > computer? I was told that this is the case but I am not in> : I
> : > > would like to be enlightened on the subject.
> : > >
> : > > Thanks
> : > >
> : > > Terry
> : > >
> : > >
> : > >
> : >
> : >
> :
> :
>
>
tmurray0539 Guest
-
Bob Barrows #10 Re: Session Variables
tmurray0539 wrote:
:-)> If I understand correctly, this means that if a client is not allowing
> cookies (the kind that accesses his/.her hard disk) that this
> "in-memory" cookie would still be created. Am I correct in my
> assumption?
>
Huh? How did you come to that conclusion? If the browser is set to prevent
cookies, then no cookies will be created. No cookies = no Session
Bob Barrows
Bob Barrows Guest
-
Ray at #11 Re: Session Variables
IIRC, there are some browsers (IE6, I suppose) that let partially paranoid
people block normal cookies but allow session cookies. I could be wrong
about that. People who don't accept cookies are unlikely to submit credit
card information too, so the hell with them. <g>
Ray at work
"Bob Barrows" <reb_01501@yahoo.com> wrote in message
news:%23QkC2HqVDHA.1676@TK2MSFTNGP10.phx.gbl...> tmurray0539 wrote:> :-)> > If I understand correctly, this means that if a client is not allowing
> > cookies (the kind that accesses his/.her hard disk) that this
> > "in-memory" cookie would still be created. Am I correct in my
> > assumption?
> >
> Huh? How did you come to that conclusion? If the browser is set to prevent
> cookies, then no cookies will be created. No cookies = no Session
>
> Bob Barrows
>
>
Ray at Guest
-
Bingo #12 Re: Session Variables
> IIRC, there are some browsers (IE6, I suppose) that let partially paranoid
IE6 beeing a Microsoft product, as well as ASP, that is very likely.> people block normal cookies but allow session cookies.
They must have found this to be the only solution for cokiless visitors to
have a session.
Bingo.
Bingo Guest
-
J. Ptak #13 Session Variables
Hey Tibby.
The proper way to create a session variable is:
Session["VarName"] = value;
Or you can use the Add method as:
Session.Add("VarName", value);
Either way will work.
Next to remove an item from the session state:
Session.Remove("VarName");
To clear all items from the session state use:
Session.Clear();
HTH.
Jeff Ptak
destroying them. I>-----Original Message-----
>What is the proper way to creating Session Variables anddone also for>think this is what my major problem is. And, can that be>ADO.NET objects?
>
>Thanks
>Tibby
>
>
>.
>J. Ptak Guest
-
Kevin Spencer #14 Re: Session Variables
You can add a Session variable by using either
Session["varName] = value;
or
Session.Add("varName");
To remove it, use
Session.Remove("varName");
Any kind of object can be placed in Session. ADO.Net objects are managed,
which makes it fine. However, it is not a good idea to store Connections in
Session. ADO.Net leverages Connection Pooling, so just open and close your
Connections as quickly as possible.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
[url]http://www.takempis.com[/url]
Complex things are made up of
lots of simple things.
"Tibby" <tierscheiss1977@hotmail.com> wrote in message
news:ODB1uh1WDHA.656@tk2msftngp13.phx.gbl...I> What is the proper way to creating Session Variables and destroying them.> think this is what my major problem is. And, can that be done also for
> ADO.NET objects?
>
> Thanks
> Tibby
>
>
Kevin Spencer Guest
-
Tibby #15 Re: Session Variables
Just to make sure I'm playing ball here, so, instead of using Dim myVar as
string, then later using myVar="Kiss Me", I would use Session["myVar"]="Kiss
Me", then to reference it, I would use something like
MsgBox(Session["myVar"])
Just to make sure I'm on the same page.
Thanks
Tibby
"J. Ptak" <ptakja@NOSPAM.corning.com> wrote in message
news:8eb301c35b69$62ce8060$a001280a@phx.gbl...> Hey Tibby.
>
> The proper way to create a session variable is:
>
> Session["VarName"] = value;
>
> Or you can use the Add method as:
>
> Session.Add("VarName", value);
>
> Either way will work.
>
> Next to remove an item from the session state:
>
> Session.Remove("VarName");
>
> To clear all items from the session state use:
>
> Session.Clear();
>
> HTH.
>
> Jeff Ptak
>
>> destroying them. I> >-----Original Message-----
> >What is the proper way to creating Session Variables and> done also for> >think this is what my major problem is. And, can that be> >ADO.NET objects?
> >
> >Thanks
> >Tibby
> >
> >
> >.
> >
Tibby Guest
-
Tibby #16 Re: Session Variables
I apoligize, I'm using VB.Net.
"Kevin Spencer" <kevin@takempis.com> wrote in message
news:OaUHXi3WDHA.1620@TK2MSFTNGP12.phx.gbl...as> Forget about "MsgBox." That function is not for ASP.Net pages. It is only
> used for Windows Forms. Other than that, you are basically corrrect.
> However, it is hard to tell whether you're using VB.Net or C# from your
> example, as the MsgBox function is a VB.Net function, but your syntax for
> the Session variable is C#. Here are 2 examples, using VB.Net and C#:
>
> VB.Net: Session("myVar") = "Kiss Me"
> C#: Session["myVar"] = "Kiss Me";
>
> --
> HTH,
>
> Kevin Spencer
> Microsoft MVP
> .Net Developer
> [url]http://www.takempis.com[/url]
> Complex things are made up of
> lots of simple things.
>
> "Tibby" <tierscheiss1977@hotmail.com> wrote in message
> news:uM5PwY3WDHA.2568@tk2msftngp13.phx.gbl...> > Just to make sure I'm playing ball here, so, instead of using Dim myVar> Session["myVar"]="Kiss> > string, then later using myVar="Kiss Me", I would use>> > Me", then to reference it, I would use something like
> > MsgBox(Session["myVar"])
> > Just to make sure I'm on the same page.
> >
> > Thanks
> > Tibby
> >
> > "J. Ptak" <ptakja@NOSPAM.corning.com> wrote in message
> > news:8eb301c35b69$62ce8060$a001280a@phx.gbl...> >> > > Hey Tibby.
> > >
> > > The proper way to create a session variable is:
> > >
> > > Session["VarName"] = value;
> > >
> > > Or you can use the Add method as:
> > >
> > > Session.Add("VarName", value);
> > >
> > > Either way will work.
> > >
> > > Next to remove an item from the session state:
> > >
> > > Session.Remove("VarName");
> > >
> > > To clear all items from the session state use:
> > >
> > > Session.Clear();
> > >
> > > HTH.
> > >
> > > Jeff Ptak
> > >
> > >
> > > >-----Original Message-----
> > > >What is the proper way to creating Session Variables and
> > > destroying them. I
> > > >think this is what my major problem is. And, can that be
> > > done also for
> > > >ADO.NET objects?
> > > >
> > > >Thanks
> > > >Tibby
> > > >
> > > >
> > > >.
> > > >
> >
>
Tibby Guest
-
Kevin Spencer #17 Re: Session Variables
No apology neccessary! That's what we're here for. :)
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
[url]http://www.takempis.com[/url]
Complex things are made up of
lots of simple things.
"Tibby" <tierscheiss1977@hotmail.com> wrote in message
news:OKRSgL4WDHA.2268@TK2MSFTNGP11.phx.gbl...only> I apoligize, I'm using VB.Net.
>
> "Kevin Spencer" <kevin@takempis.com> wrote in message
> news:OaUHXi3WDHA.1620@TK2MSFTNGP12.phx.gbl...> > Forget about "MsgBox." That function is not for ASP.Net pages. It isfor> > used for Windows Forms. Other than that, you are basically corrrect.
> > However, it is hard to tell whether you're using VB.Net or C# from your
> > example, as the MsgBox function is a VB.Net function, but your syntaxmyVar> > the Session variable is C#. Here are 2 examples, using VB.Net and C#:
> >
> > VB.Net: Session("myVar") = "Kiss Me"
> > C#: Session["myVar"] = "Kiss Me";
> >
> > --
> > HTH,
> >
> > Kevin Spencer
> > Microsoft MVP
> > .Net Developer
> > [url]http://www.takempis.com[/url]
> > Complex things are made up of
> > lots of simple things.
> >
> > "Tibby" <tierscheiss1977@hotmail.com> wrote in message
> > news:uM5PwY3WDHA.2568@tk2msftngp13.phx.gbl...> > > Just to make sure I'm playing ball here, so, instead of using Dim> as>> > Session["myVar"]="Kiss> > > string, then later using myVar="Kiss Me", I would use> >> > > Me", then to reference it, I would use something like
> > > MsgBox(Session["myVar"])
> > > Just to make sure I'm on the same page.
> > >
> > > Thanks
> > > Tibby
> > >
> > > "J. Ptak" <ptakja@NOSPAM.corning.com> wrote in message
> > > news:8eb301c35b69$62ce8060$a001280a@phx.gbl...
> > > > Hey Tibby.
> > > >
> > > > The proper way to create a session variable is:
> > > >
> > > > Session["VarName"] = value;
> > > >
> > > > Or you can use the Add method as:
> > > >
> > > > Session.Add("VarName", value);
> > > >
> > > > Either way will work.
> > > >
> > > > Next to remove an item from the session state:
> > > >
> > > > Session.Remove("VarName");
> > > >
> > > > To clear all items from the session state use:
> > > >
> > > > Session.Clear();
> > > >
> > > > HTH.
> > > >
> > > > Jeff Ptak
> > > >
> > > >
> > > > >-----Original Message-----
> > > > >What is the proper way to creating Session Variables and
> > > > destroying them. I
> > > > >think this is what my major problem is. And, can that be
> > > > done also for
> > > > >ADO.NET objects?
> > > > >
> > > > >Thanks
> > > > >Tibby
> > > > >
> > > > >
> > > > >.
> > > > >
> > >
> > >
> >
>
Kevin Spencer Guest
-
Diana Castillo #18 session variables
I am having a weird problem, when I close all my browser windows and restart
my application, the session variable which I set comes back suddenly, but
only when I call a certain class .
As far as I know the session variables should disappear when I close the
browser. Why would they suddenly come back?
thank you
Diana Castillo Guest
-
TRACEY #19 SESSION VARIABLES
On my IIS 5.0 i have enable session state set to 20 minutes
ASP SCRIPT TIMEOUT set to 200 seconds.
On my asp pages i even coded in session.timeout = 60
When i check the value of one of my sessions on a page i
am being returned to main page.
i.e If session("basket") = "" then
go to mainpage.asp
When i check the session.timeout on the page this is set
to 60
If i wait around for a few minutes i.e 5 then i am taken
back to mainpage.asp...
The server is not given me the 20 minutes session state.
Any ideas ........what to do here.
Thanks
TRACEY Guest
-
henryavl #20 Session Variables
Hello All,
I recently had to reinstall windows 2000 professional due to a harddrive
crash, I downloaded all the newest updates, now I find that session
variables are not being kept from page to page as it had with older
software. If any else had this problem with IIs 5.0, frontpage 2002 server
extentions I would appreciate a tip. What I have found out so far is that
the session variables used with asp 3.0 are going away in favor of dot.net
asp...
Thanks Henry
henryavl Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
