473,898 Members | 2,344 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Session Issue

Hi,

I created a html page from which I give a link to another web site. The new
site is opened in a new window. When I opened multiple windows, they all have
the same SessionID. I want ot know how to open the windows with different
sessionID.

Thanks
Jan 11 '06
10 2199
I think I am beginning to understand.
I may be wrong, but I don't think it is possible for multiple sessions to be
spawned for the same application from a single web server on a single client
machine. This would probably be a security breach, enabling sessions to be
hijacked.

You should check with the experts over at .inetserver.iis , but I think you
will need to find another way to maintain your session state for your
applications.

Li Pang wrote:
Bob,

In reality, I don't want to kill any sessions. My concern is to keep
every set of session within its own window. There is an issue of
session shared within multiple windows. My filling is that the server
checks the IE instance or id of client, as long as the same parameter
found, it uses the same set of session. I can't find the reason that
IE does that.

"Bob Barrows [MVP]" wrote:
The page in which you issue Session.Abandon must immediately
redirect to another page. The Session is not destroyed until the
page in which the statement is issued finishes processing.
Li Pang wrote:
Bob,

I give you my testing codes as below.
To reproduce the problem, do the following:
1. start test.asp, and click on Development
2. it pops up a new window. In the Login field, it shows "lpang"
then click "Submit"
3. Apphome.asp page shows the user id
4. click on Development link on test.asp page again
5. it pops up another window. In Login field replace "lpang" by
"Bob" and click on "Submit"
6. the page shows Bob as user id, now click on "refresh"
7. The page shows "Bob" as user id
8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
is overwritten)

test.asp
<html>
<head>
<meta NAME="GENERATOR " Content="Micros oft Visual Studio 6.0">
</head>

<BODY>
<TABLE WIDTH="100%" HEIGHT="100%">
<TR>
<TD><a target="_blank" href="../TestApp/app.asp">Develo pment</a>
</TD>
</TR>
</TABLE>
</BODY>
</html>

App.asp
<%
Session.Abandon
%>
<html>
<head>
<meta NAME="GENERATOR " Content="Micros oft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome. asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2" >
<tr>
<th style='color=bl ack' colspan="3">Log in</th>

</tr>
<tr>
<td align="right">L ogin:</td>
<td><input type="text" name="login" class="ipText" size="20"
value="lpang"></td>
</tr>
<tr>
<td></td>
<td align="center"> <a
href="javascrip t:form1.submit( );">Submit</a></td> </tr>
</table>
</form>
</BODY>
</html>

Apphome.asp
<%
'Session.Abando n
session("uid") = request.form("l ogin")
%>
<html>
<head>
<meta NAME="GENERATOR " Content="Micros oft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome. asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2" >
<tr>
<th style='color=bl ack' colspan="3">Hom e</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=sessi on("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"> <INPUT name=showinfo type=button value="Show
User"style="HEI GHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert( '<%=session("ui d")%>');"></td>
</tr>
<TR>
<TD align="center"> <a href="App2.asp" >refresh</a></TD>
</TR>
</table>
</form>
</BODY>
</html>

App2.asp
<%
'Session.Abando n
'session("uid") = "XXX"
%>
<html>
<head>
<meta NAME="GENERATOR " Content="Micros oft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=App2.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2" >
<tr>
<th style='color=bl ack' colspan="3">Hom e</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=sessi on("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"> <INPUT name=showinfo type=button value="Show
User" style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert( '<%=session("ui d")%>');"></td>
</tr>
</table>
</form>
</BODY>
</html>

"Bob Barrows [MVP]" wrote:

Li Pang wrote:
> Hi Bob,
>
> You said that "The session has already started". Is it still true
> if the calling page and the called page are located at the
> different servers?

If they are on different servers, then, by definition, they cannot
have the same session.
There is no point in abandoning a session in Session_OnStart
because that event only fires when a session is starting.

>
> How the session really works?
> If the calling page A calls the called page B then the session of
> page B started (from the server B).

Correct. A new session starts on server B

> If the calling page A calls second time the page B, how the asp or
> iis knows that the session has been already started?

Because the server B session cookie still exists on the user's
machine.

>
> Is the session of page B depends on the parent page A?

No. the session depends on a session cookie written to the user's
machine by server B.
The session cookies remain until all browser windows are closed

> Is that possible to use the javascript function "window.ope n"
> enforcing to open a new sessions?
>

Only by issuing a Session.Abandon call in the server-side code of
the page being called.

You could have a SessionAbandon. asp page to which you pass a
querystring argument to control a Response.Redire ct statement which
is executed after the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will
get a quicker response by posting to the newsgroup.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jan 12 '06 #11

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
7149
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate a user from information you got from the session. Each secure app on a site must challenge the user for name and password, each and every time the user accesses it (not just once and then store it in the session). If a secure app is multi-page,...
3
2862
by: headware | last post by:
I have an issue that I've been encountering in an ASP application I'm working on. Most of the application is written in ASP, but there is one page written in ASP.NET. The ASP.NET page needs to have access to the ASP Session data to run correctly. In order to achieve this I create my own HTTP request for a certain ASP page with the name of Session variable that I want is stored in the query string of the request. The requested ASP page...
5
2619
by: Mark Rodrigues | last post by:
Hi Everyone, I have been fighting a problem for a while and I wonder if someone out there can help. This problem has been presented in a number of news postings previously but I am yet to see a response with a suitable resolution. So here goes ... We have a web site which stores an instance of a class into a Session, which is used in a number of pages. The code looks something like:
5
2206
by: ASP.Confused | last post by:
As you can tell from my previous posts on this issue...I'm really confused :-/ I have a few ASP.NET web applications on my web host's "https" server. Our web host has a single "bin" folder for me to toss my assemblies into. We keep loosing session state every few months. People have told me that my app could be running out of memory, causing the sessions to get reset. Well, if this is the case, then when I go to the page again,...
5
5306
by: fbwhite | last post by:
I know this issue has been brought up many times, but I have tried many of the solutions to no avail. I wanted to give my specific case to see if someone could be of any help. We are using the sessionstate inproc mode and users are randomly losing their session. I do not believe it is happening across all users at one time. It seems to happen to different users at different times, but I am only going off heresay. The aspnet worker...
9
2229
by: cashdeskmac | last post by:
I have put a string into Session and tried to retrieve it on the next page I visit but the Session appears empty. I have exactly the same spelling for both adding and retrieving the value: Session = "john"; On the next page: txtName.Text = Session;
18
3453
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that File-New-Window creates an instance of IE in the same process with the same SessionID as the parent window is in big trouble. This fundamentally restricts the usefullness of using session state management. I probably missed it somewhere - can...
11
7932
by: Joseph Geretz | last post by:
I've been looking at two approaches for the maintenance of Session state for a Web Service application. One approach uses the old familiar Session object which I've used in the past for Web applications. As far as I can see, the Session approach is non-standard since Web Services are supposed to be agnostic with respect to their clients. It seems that cookies are outside the Web Service standard; therefore, such a Web Service application...
7
7866
by: Microsoft Newsserver | last post by:
Hi Folks. I have an issue I need some help with if thats OK. I am running Framework 2.0 using Windows Integrated Security. For most of the application we manage session timeouts without the user knowing anything about it by ensuring all the essential objects ( only a few ) are in place during session start. For performance, there are some parts of the application which use static
0
9993
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
10857
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10946
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9658
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7187
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5877
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4705
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4295
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3303
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.