I am having a problem tracking down what I believe to be a problem with
the way cookies are being used on our website application.
When user log onto the application, an in-memory (per-session) cookie
is created to hold the session key for the user. This unique key is
assigned as part of the business layer logon process, and never changes
while the user is logged on. The call to the business component returns
this unique key if the logon was successful, and the cookie is set up
as follows:
Response.Cookie s("SessionKey") .Path = "/"
Response.Cookie s("SessionKey ") = strSessionKey
Nowhere is the cookie assigned an .expires value.
Once a user has completed this logon process, they must then click past
an intermediate agreement page before actually having access to the main
application. When this intermediate page is submitted, it accesses the
cookie, extracts the session identifier and writes the value to a
database table.
The code to achieve this looks something like:
strSessionKey = Request.Cookies ("SessionKey ")
Dim objInstance
Set objInstance = Server.CreateOb ject("SomeCompo nent.SomeClass" )
objInstance.Sto reIdentifier strSessionKey
Set objInstance= nothing
The whole process works fine until I try to do the second stage (the
intermediate agreement) with two separate IE sessions (there are 2
separate IEXPLORER.EXE entries in task manager) very quickly.
I can go through the whole process fine, and then while leaving the
application open, I can start again with a new IE window and complete
the process again. In each case the correct identifier is stored in the
database for each separate session.
If I get to the second stage of the logon process with 2 separate IE
sessions, and submit both agreement pages at the same time (or as close
together as I can), then they both write the same unique session
identifier to the database, as if they are accessing the same cookie!
The session identifier used is the one from the first agreement page I
submit. This definitely only happens if I do this at the same time.
Wait a few seconds between the submissions and all is well.
Has anyone come across something like this before and can advise on a
possible reason?
Thanks In Advance.
--
AnthonyC
------------------------------------------------------------------------
Posted via
http://www.codecomments.com
------------------------------------------------------------------------