473,671 Members | 2,216 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Sessions & Cookies



Hello,

I posted a simular question in the "IIS Security" group but it think it
is more usefull to post it here.

I want to do something very simpel. Make a part of my website available
only for users with a username and password. The site is mainly ASP
based. The webserver is an IIS6 and I do NOT have access to server
settings (session timeout, security,...).

I use sessions to set the validation for the users. Basically you are
redirected to a form where you can give a username and password, this is
validated with the values in a database. If the password and username
are ok a session value is set <%=Session("Val idated")=True%> *.

At the beginning of each secured page I start with:
<%If Session("Valida ted")=False Then Response.Redire ct("Login.asp" ) End
If%>

So if the session value "validated" is true you can see the secured
pages, else you are redirected to the logon page.

The default timeout value for session is 20 minutes. Because the session
should stay alive during the complete time of the visit I was thinking
of puting the session.timeout to 60 minutes. I set this at the beginning
of every secure page: <%Session.timeo ut=60%>

Now, Users keep on contacting me saying that they have to relogon quiet
often. This also seems to happen when a user is not on the website for
20 minutes already (session expired). I tested it myself and have the
feeling the I am indeed regularly redirected. Sometimes after 10
minutes, other times 30 minutes, ... There seems not to be any logic in
the time that users are redirected to the logon page.

Because the website is used to fill in a lot of long HTML forms, it is
very frustrating for the users when they are completing a form and then
pressing "Submit" being redirected to the logon page and lose all
entered data.

Is there somebody who can give me more info on the strange session
behavior? For me it is not normal that a session times out in that
unlogic way.

The only solution I can think of is passing the post information to the
logon page and then redirect after validation back to the transaction
page.

How can you reset the timeout counter on a session in ASP? What I was
thinking was that I am doing it maybe wrong?

Now the session variable that let a user have access to the site is set
once at logon time: (<%=Session("Va lidated")=True% *>*). Then it is
checked on every page that the user opens (<%If
Session("Valida ted")=False Then Response.Redire ct("Login.asp" ) End If%>)

Would it be a good idea to re-set the variable every time a user
accesses page? Like <%If Session("Valida ted")=False Then
Response.Redire ct("Login.asp" ) Else Session("Valida ted")=True End If%>
Would this reset the timer that times out the session? Or do I have to
add something like <%Session.Aband on%> before setting the variable
again?

What would this do on the server performance?
Is this a good way of working with sessions?

Swicth to cookies i.o. sessions?

I am open for all suggestions, please help! In the future there are also
money transactions going over this website, so it has to be a secure
method! I will use a seperate HTTPS host for this.

Thanks for you help!
*** Sent via Developersdex http://www.developersdex.com ***
Jul 22 '05 #1
2 1685
Ik Ben Het wrote:
The default timeout value for session is 20 minutes...

...Users keep on contacting me saying that they have to relogon
quiet often. This also seems to happen when a user is not on the
website for 20 minutes already (session expired)...


There are any number of possibilities. Here is a good list of things to
consider:
http://aspfaq.com/show.asp?id=2157

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Jul 22 '05 #2
Hello Dave,

Thank you very much. Indeed alot of answers to my questions!

Jul 22 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
2814
cookies and sessions
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am missing the big picture. Is it like this: 1. user comes to site 2. user does something (e.g. a search) that may be useful later => session
PHP
6
6539
Cookieless ASP Sessions
by: JJ | last post by:
Hi, I really need to use cookieless ASP sessions with ASP 3 (IIS5) Can I find out the session ID from the first page, then post it or send it with the url to the next page, then at the start of the next page asp, set the session ID from the value retrieved from the URL? How do you manually set the session ID?
ASP / Active Server Pages
1
2305
WebRequest & Sessions
by: Ron | last post by:
Hi there, I'm trying to 'browse' a website using the HttpWebRequest class by calling the following function (webRequest is declared outside the function): private string GetHtml(string sUrl) { string sResult; WebResponse objResponse; webRequest = (HttpWebRequest)WebRequest.Create(sUrl);
C# / C Sharp
2
2954
Possible to turn on/off cookieless sessions dynamically on a case by case basis at run-time?
by: Steve Franks | last post by:
According to the docs you tell ASP.NET to use cookieless sessions by setting a value in the config.web file. However, what if I wanted to determine at run time whether or not I wanted to use cookieless sessions for a particular user, and if so, I'd instruct ASP.NET to turn on cookieless sessions for a particular user session. Is this possible? For example I want to use cookie based sessions by default for all users. But if a user has...
ASP.NET
2
3682
Sessions not retained in Firefox/Safari
by: Chris Mahoney | last post by:
Hi I'm using several Sessions in my app. When the user has cookies enabled in their browser, everything works fine. But with cookies disabled, only IE seems to remember the sessions. In Firefox and Safari, the session values seem to be "forgotten". I've looked around on Google but can't find any solutions to this problem. Plus I don't know how debug with Firefox (eg. step through the code).
ASP.NET
7
3331
sessions vs cookies
by: Atte André Jensen | last post by:
Hi I'm developing a site where I'd like to store information during a users visit. So far I've been using sessions, but as far as I can tell it's not possible to control for how long a session is valid. It seems that these information are valid until the browser closes. On the other hand it's possible to set expiration time for cookies. Does this mean that I have to abanbon $_SESSION altogether and switch to
PHP
5
5561
Why Do PHP Cookies and Sessions Work Even When Cookies Are Disabled?
by: jheines | last post by:
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet Explorer. I would appreciate any help anyone can offer, please. First, consider the following very simple JavaScript function: function CookiesEnabled() { SetCookie( "testcookie", "testcookie" ) ; var bCookiesEnabled = ( GetCookie(...
PHP
8
2753
sessions - with or without cookies
by: Chuck Anderson | last post by:
I've instituted a sessions based scheme on my web site to combat hot linking to my images. When someone requests a page at my site, I set a session variable. I then use htaccess to redirect *all* image requests to a Php script that checks for that variable before simply delivering the image. Direct links to my images will fail this test and no image is served. I am monitoring my script by sending emails to myself and finding that...
PHP
1
3085
cookies & sessions
by: pedalpete | last post by:
I'm building a facebook app, and have been following the guidelines and posting on the facebook message board, but can't seem to get anywhere. Facebook creates a session and cookie on the users machine for the facebook application. However, logging out of facebook, does not remove this session or cookie. I'm using require_once('../facebook.php'); session_start(); setcookie(session_name(), '', time()-42000, '/');
PHP
0
8473
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8390
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8819
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8597
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
7428
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
6222
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5692
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4402
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
2048
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us