Serious Problem - Lost Session Variables

> The serious problem is that once you have logged into the site, the next[color=blue]
> page you try to open it fails the above check and logs you out! Obviously
> Session("isLoggedIn") is not equal to "True" so it assumes you aren't[/color]
logged[color=blue]
> in. So basically the session variables are getting lost/cleared.[/color]

www.aspfaq.com/2157

(microsoft.public.inetserver.asp.db removed from x-post list)

welcome to the wonderful world of sessions thanks to IE and various security
features



"frank" <frankie@frankie.com> wrote in message
news:e6YNZDyRDHA.2196@TK2MSFTNGP11.phx.gbl...[color=blue]
> "Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
> news:eVQIR6xRDHA.1720@TK2MSFTNGP12.phx.gbl...[color=green][color=darkred]
> > > The serious problem is that once you have logged into the site, the[/color][/color][/color]
next[color=blue][color=green][color=darkred]
> > > page you try to open it fails the above check and logs you out![/color][/color]
> Obviously[color=green][color=darkred]
> > > Session("isLoggedIn") is not equal to "True" so it assumes you aren't[/color]
> > logged[color=darkred]
> > > in. So basically the session variables are getting lost/cleared.[/color]
> >
> > www.aspfaq.com/2157[/color]
>
> That page has a few interesting suggestions, but the weird thing for me is
> that I *never* had this problem when it ran on my test server... only my[/color]
new[color=blue]
> remote host (DiscountASP.NET). It's the same code that has been copied
> over - it also works when viewed on some client browsers, but not others.
>
> It's a nightmare.....
>
>[/color]

> remote host (DiscountASP.NET). It's the same code that has been copied[color=blue]
> over - it also works when viewed on some client browsers, but not others.[/color]

I don't think this has anything to do with code, for what it's worth.

"joe" <contact_by_Newsgroup_only.please> wrote in message
news:eBH1mQyRDHA.1924@TK2MSFTNGP12.phx.gbl...[color=blue]
> "frank" <frankie@frankie.com> wrote in message
> news:e6YNZDyRDHA.2196@TK2MSFTNGP11.phx.gbl...[color=green]
> > "Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
> > news:eVQIR6xRDHA.1720@TK2MSFTNGP12.phx.gbl...[color=darkred]
> > > > The serious problem is that once you have logged into the site, the[/color][/color]
> next[color=green][color=darkred]
> > > > page you try to open it fails the above check and logs you out![/color]
> > Obviously[color=darkred]
> > > > Session("isLoggedIn") is not equal to "True" so it assumes you[/color][/color][/color]
aren't[color=blue][color=green][color=darkred]
> > > logged
> > > > in. So basically the session variables are getting lost/cleared.
> > >
> > > www.aspfaq.com/2157[/color]
> >
> > That page has a few interesting suggestions, but the weird thing for me[/color][/color]
is[color=blue][color=green]
> > that I *never* had this problem when it ran on my test server... only my[/color]
> new[color=green]
> > remote host (DiscountASP.NET). It's the same code that has been copied
> > over - it also works when viewed on some client browsers, but not[/color][/color]
others.[color=blue][color=green]
> >
> > It's a nightmare.....
> >
> >[/color]
> welcome to the wonderful world of sessions thanks to IE and various[/color]
security[color=blue]
> features[/color]

Is this a known problem that is sometimes unfixable?

"Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
news:OQE$oTyRDHA.1552@TK2MSFTNGP12.phx.gbl...[color=blue][color=green]
> > remote host (DiscountASP.NET). It's the same code that has been copied
> > over - it also works when viewed on some client browsers, but not[/color][/color]
others.[color=blue]
>
> I don't think this has anything to do with code, for what it's worth.[/color]

Any idea why it works fine when running on one test server, but not when
running on one of the most popular ASP hosts?

Should I forget about using session variables? What is the alternative for
security issues such as logging users in?

> Any idea why it works fine when running on one test server, but not when[color=blue]
> running on one of the most popular ASP hosts?[/color]

Which of the items in that last have you eliminated?

"Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
news:OlBNM0yRDHA.1924@TK2MSFTNGP12.phx.gbl...[color=blue][color=green]
> > Any idea why it works fine when running on one test server, but not when
> > running on one of the most popular ASP hosts?[/color]
>
> Which of the items in that last have you eliminated?[/color]

I knew it was only affecting some browsers on some machines (very
inconsistent), but the last half-hour has really confused me.

I was composing an email to DiscountASP.NET and when I just started it I
went into my application and the session variable(s) were lost, as expected.
Half-way through the email I went back into the site and it worked fine
(each page opened fine). I've just now went back into the site and it's no
longer working. Exact same webserver, url, code & client browser. I even
logged into the site with the same test user.

With regards the list of problems;

Due to the fact it sometimes works I've eliminated 1, 2, 3 & 4.

I can probably eliminate 5 & 8 as the application works fine on my test
server.

6 & 7 I couldn't guarantee as I'm not hosting the server but I'd imagine a
respected host such as DiscountASP.NET would make sure these things work.

"frank" wrote:[color=blue]
>
> Is this a known problem that is sometimes unfixable?[/color]

Yes. If your site requires Internet Explorer, then it may be unfixable. Do
you experience the same problems with Gecko-based browsers?


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

"frank" wrote:[color=blue]
>
> I was composing an email to DiscountASP.NET and when I just started it I
> went into my application and the session variable(s) were lost, as[/color]
expected.[color=blue]
> Half-way through the email I went back into the site and it worked fine
> (each page opened fine). I've just now went back into the site and it's no
> longer working. Exact same webserver, url, code & client browser. I even
> logged into the site with the same test user.[/color]

Any chance DiscountASP.NET uses server farms?


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

"Dave Anderson" <GTSPXOESSGOQ@spammotel.com> wrote in message
news:OqTmO47RDHA.1688@TK2MSFTNGP11.phx.gbl...[color=blue]
> "frank" wrote:[color=green]
> >
> > Is this a known problem that is sometimes unfixable?[/color]
>
> Yes. If your site requires Internet Explorer, then it may be unfixable.[/color]

I don't think it *requires* IE, but obviously since most web users use it I
need it to work with IE. If it's a known issue with IE, WTF are Microsoft
doing releasing a web browser that doesn't always fully support another of
it's own technologies?
[color=blue]
> Do
> you experience the same problems with Gecko-based browsers?[/color]

I'll look into it.....

BTW I'm using IE 6 at home and at work, yet the site *always* works fine
when I run it from my desk at work, yet it didn't work from home last night.

"Dave Anderson" <GTSPXOESSGOQ@spammotel.com> wrote in message
news:e9v7$77RDHA.1552@TK2MSFTNGP10.phx.gbl...[color=blue]
> "frank" wrote:[color=green]
> >
> > I was composing an email to DiscountASP.NET and when I just started it I
> > went into my application and the session variable(s) were lost, as[/color]
> expected.[color=green]
> > Half-way through the email I went back into the site and it worked fine
> > (each page opened fine). I've just now went back into the site and it's[/color][/color]
no[color=blue][color=green]
> > longer working. Exact same webserver, url, code & client browser. I even
> > logged into the site with the same test user.[/color]
>
> Any chance DiscountASP.NET uses server farms?[/color]

Hmmm... good point - I'll ask them about that.

"Don Verhagen" <news@southeast-florida.com> wrote in message
news:bemvf3$6rtie$1@ID-181477.news.uni-berlin.de...[color=blue]
> In news:e6YNZDyRDHA.2196@TK2MSFTNGP11.phx.gbl,
> frank <frankie@frankie.com> typed:
> : "Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
> : news:eVQIR6xRDHA.1720@TK2MSFTNGP12.phx.gbl...
> ::: The serious problem is that once you have logged into the site, the
> ::: next page you try to open it fails the above check and logs you
> ::: out! Obviously Session("isLoggedIn") is not equal to "True" so it
> ::: assumes you aren't logged in. So basically the session variables
> ::: are getting lost/cleared.
> ::
> :: www.aspfaq.com/2157
> :
> : That page has a few interesting suggestions, but the weird thing for
> : me is that I *never* had this problem when it ran on my test
> : server... only my new remote host (DiscountASP.NET). It's the same
> : code that has been copied
> : over - it also works when viewed on some client browsers, but not
> : others.
> :
> : It's a nightmare.....
>
> I had a problem with IE6 when I didn't have a P3P policy setup in the
> headers.
>
> Add Header:
> Header Name: P3P
> Header Content: CP='NOI DSP COR NID CUR PSDa OUR NOR STA'
>
> Its a short generic Compact Policy
>
> For a little more info:
> http://chxo.com/be2/news/document-p...der_a_2590.html[/color]

I assume I have to go the full hog and create a compact P3P policy for my
site (Xml documents etc.)?

What is the best method of doing this?