473,791 Members | 3,015 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

session variable inconsistency

Hi,
I am experiencing a problem with recalling a session variable which stores
whether a person is logged in to a "members only" section of a website. This
area of the site has been working flawlessly for a couple of years under
Windows 2000 server but now is very inconsistent following a recent upgrade
to Windows server 2003. Following a login, the login info is passed to this
asp page that checks an Access database for the user name and password:

SET DbObject = Server.CreateOb ject ("ADODB.Connect ion")
DbObject.Open "DSN=pseudoCAP1 ;UID=;PWD="
set rs = server.createob ject("adodb.rec ordset")
SET Rs = DbObject.Execut e (SQL)

If Rs.EOF Then
Session("Authen ticated") = 0
Response.Redire ct ("unsuccessfulL ogin.htm")
Else
Session("Authen ticated") = 1
Session("user") = Request.Form("u sername")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redire ct "main.asp"

If a correct password and username is provided, the user is always forwarded
to the main.asp member start page. I included a snippet of code while
troubleshooting to print the value of the authentication session variable
in the browser window to see if it was set (1=logged in, 0= not logged in).
However about 50% of the time, the following error occurs with our access
database and Authentication session variable is output as = 0:
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record has been deleted. Requested
operation requires a current record.

C:\INETPUB\WWWR OOT\SUBMISSIONS \../include/functions.inc, line 4

The way that this page is written though, even if the record was not present
(although it is when I open the database), the authentication should still
be set to 1. Refreshing the main.asp page will often eliminate the ADODB
error above and the session variable value of 1 will be returned.

The rest of the time, authentication is OK and a value of 1 is output.
However when the user goes to another page requiring authentication, they
are redirected back to the login.html page because the authentication
variable is once again set as zero!

Could this be an IIS 6.0 specific problem (I do have session state enabled
at default value of 20 min) ??

Or could there be some permissions problem related to a specific file (I
have checked the database as well as the related files and they all seem
OK)?

Thanks,
Geoff

Jul 19 '05 #1
3 2919
Could you post your code?
"Geoff Winsor" <ge***@brinkman .mbb.sfu.ca> wrote in message
news:cb******** **@morgoth.sfu. ca...
Hi,
I am experiencing a problem with recalling a session variable which stores
whether a person is logged in to a "members only" section of a website. This area of the site has been working flawlessly for a couple of years under
Windows 2000 server but now is very inconsistent following a recent upgrade to Windows server 2003. Following a login, the login info is passed to this asp page that checks an Access database for the user name and password:

SET DbObject = Server.CreateOb ject ("ADODB.Connect ion")
DbObject.Open "DSN=pseudoCAP1 ;UID=;PWD="
set rs = server.createob ject("adodb.rec ordset")
SET Rs = DbObject.Execut e (SQL)

If Rs.EOF Then
Session("Authen ticated") = 0
Response.Redire ct ("unsuccessfulL ogin.htm")
Else
Session("Authen ticated") = 1
Session("user") = Request.Form("u sername")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redire ct "main.asp"

If a correct password and username is provided, the user is always forwarded to the main.asp member start page. I included a snippet of code while
troubleshooting to print the value of the authentication session variable
in the browser window to see if it was set (1=logged in, 0= not logged in). However about 50% of the time, the following error occurs with our access
database and Authentication session variable is output as = 0:
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

C:\INETPUB\WWWR OOT\SUBMISSIONS \../include/functions.inc, line 4

The way that this page is written though, even if the record was not present (although it is when I open the database), the authentication should still
be set to 1. Refreshing the main.asp page will often eliminate the ADODB
error above and the session variable value of 1 will be returned.

The rest of the time, authentication is OK and a value of 1 is output.
However when the user goes to another page requiring authentication, they
are redirected back to the login.html page because the authentication
variable is once again set as zero!

Could this be an IIS 6.0 specific problem (I do have session state enabled at default value of 20 min) ??

Or could there be some permissions problem related to a specific file (I
have checked the database as well as the related files and they all seem
OK)?

Thanks,
Geoff

Jul 19 '05 #2
Hi James,
Here is the code for login.html, verify.asp (sets the session variable),
main.asp, a method in the functions.inc file (which contains a line referred
to in the previous error message) and a snippet of code from options.asp
that checks to see if the authentication variable is set. I hope it is not
too messy too read.

The important code for the login page:

<form action=verify.a sp method=Post
enctype="applic ation/x-www-form-urlencoded" name=start
Onsubmit="retur n validateForm(th is);">
<table border=0 cellpadding=0 width="22%"
style='width:22 .0%;mso-cellspacing:
1.5pt;mso-padding-alt:2.25pt 2.25pt 2.25pt 2.25pt'>
<tr><td width="47%" style='width:47 .0%;padding:2.2 5pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal >Username:&nbsp ;</p>
</td> <td width="53%" style='width:53 .0%;padding:2.2 5pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal ><INPUT TYPE="text" SIZE="15" NAME="username" ></p>
</td></tr><tr>
<td width="47%" style='width:47 .0%;padding:2.2 5pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal >Password:</p></td>
<td width="53%" style='width:53 .0%;padding:2.2 5pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal ><INPUT TYPE="password" SIZE="15" NAME="password" ></p>
</td></tr><tr>
<td colspan=2 style='padding: 2.25pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal ><INPUT TYPE="submit" ACTION="verify. asp"
METHOD="Post" NAME="submit"
ACTION=verify.a sp METHOD=Post></p>
</td></tr></table>
</form>

The asp code for the verify.asp page:

<%
SQL ="SELECT * FROM Researcher WHERE StrComp('" & Request.Form("u sername")
& "', ResearcherID, 0)=0 AND StrComp(UserPas sword, '" &
Request.Form("p assword") & "', 0)=0"
SET DbObject = Server.CreateOb ject ("ADODB.Connect ion")
DbObject.Open "DSN=pseudoCAP1 ;UID=;PWD="
set rs = server.createob ject("adodb.rec ordset")
SET Rs = DbObject.Execut e (SQL)
If Rs.EOF Then
Session("Authen ticated") = 0
Response.Redire ct ("unsuccessfulL ogin.htm")
Else
Session("Authen ticated") = 1
Session("user") = Request.Form("u sername")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redire ct "main.asp"
%>

The main.asp page (does not check for a login but provides links to pages
that do need an authentication) :

<%@ Language=VBScri pt %>
<SCRIPT LANGUAGE="JavaS cript" src="include/help_windows.js "></SCRIPT>
<!--#INCLUDE FILE="../include/functions.inc"-->
<%
'Declare ADOVBS constants
Const adOpenStatic = 3
Const adLockOptimisti c = 3
Const adCmdText = &H0001
SQL = "SELECT * FROM Researcher R LEFT OUTER JOIN Institution I ON I.iName
= R.Institution AND I.Street = R.Street AND I.City = R.City WHERE
ResearcherID = '" & Session("user") &"'"
SET DbObject = Server.CreateOb ject ("ADODB.Connect ion")
DbObject.Open "DSN=pseudoCAP1 "
set RS = server.createob ject("adodb.rec ordset")
RS.Open SQL, DbObject, adOpenStatic, adLockOptimisti c, adCMDText
%>
<p align="center"> <form METHOD="post" NAME="query"
ACTION="../UpdatesSearchRe sultsU.asp" target=_blank
onMouseOut="MM_ swapImgRestore( )"
onMouseOver="MM _swapImage('his tory','','/images/viewHistory2.gi f',1)"
onSubmit="retur n validRange(this );">
<input id="SearchStr1a " type="hidden" name="SearchStr 1a" value="">
<input id="SearchStr1b " type="hidden" name="SearchStr 1b" value="">
<input id="SearchStr1a _m" type="hidden" name="SearchStr 1a_m" value="">
<input id="SearchStr1a _d" type="hidden" name="SearchStr 1a_d" value="">
<input id="SearchStr1a _y" type="hidden" name="SearchStr 1a_y" value="">
<input type="hidden" name="ord1" value="date_upd ated">
<input id="SearchStr1b _m" type="hidden" name="SearchStr 1b_m" value="">
<input id="SearchStr2a _d" type="hidden" name="SearchStr 1b_d" value="">
<input id="SearchStr2a _y" type="hidden" name="SearchStr 1b_y" value="">
<input id="SearchStr4 " type="hidden" name="SearchStr 4"
maxlength="255" >
<input id="viewRecent " type="hidden" name="viewRecen t" value="false">
<input id="Field2" type="hidden" name="Field2" value="Particip ant">
<input id="SearchStr2 " type="hidden" name="SearchStr 2"
value="<%=getFi eld(RS, "rLastName")%>" >
<input name="history" type="image" border="0"
src="/images/viewHistory.gif " width="224" height="26" alt="View Submission
History">
</form></p><p>&nbsp;</p><p>If you have not already logged in, you will
have to do so <a href="login.htm l">here</a>.</p></td></tr></table>
<%
rs.Close
Set rs = Nothing
DbObject.close
Set DbObject = Nothing
%>
<p>&nbsp;</p>
</center>
</BODY>
</HTML>

A functions.inc file contains this function that is called in the form above
and is sometimes returned:

function getField(oRs, fieldIndex)
Strtemp = oRs(fieldIndex) ### this is the line referred to in
the error returned in my browser###
if isnull(strtemp) then
getField = ""
else
getField = Strtemp
end if
end function
Finally each page linked to from the main.asp page checks for the value of
the "Authentication " session variable:

<%
' Verify that the user has logged in
If Session("Authen ticated") = 0 Then
Response.Redire ct ("login.html ")
End If
%>

I guess that is it. Thanks.
Geoff
Jul 19 '05 #3
I think I found the source of the problem:

Last week I was experimenting with assigning more than one worker process to
the web garden under the application pool properties in IIS 6.0 (because I
had an incident where IIS stopped serving ASP pages, possibly due to a bug
in the jet database engine when using ODBC). From my limited understanding
of IIS it seems that during one session, multiple worker processes may be
assigned and that they don't have access to the session variable assigned to
another process; hence the reason for being forwarded to the login.html
page. I guess the occassional error on the main.asp page is a separate
matter.
Anyway, I switched back to allowing only one worker process and the problem
seems resolved.
Geoff
"Geoff Winsor" <ge***@brinkman .mbb.sfu.ca> wrote in message
news:cb******** **@morgoth.sfu. ca...
Hi James,
Here is the code for login.html, verify.asp (sets the session variable),
main.asp, a method in the functions.inc file (which contains a line referred to in the previous error message) and a snippet of code from options.asp
that checks to see if the authentication variable is set. I hope it is not
too messy too read.

The important code for the login page:

<form action=verify.a sp method=Post
enctype="applic ation/x-www-form-urlencoded" name=start
Onsubmit="retur n validateForm(th is);">
<table border=0 cellpadding=0 width="22%"
style='width:22 .0%;mso-cellspacing:
1.5pt;mso-padding-alt:2.25pt 2.25pt 2.25pt 2.25pt'>
<tr><td width="47%" style='width:47 .0%;padding:2.2 5pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal >Username:&nbsp ;</p>
</td> <td width="53%" style='width:53 .0%;padding:2.2 5pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal ><INPUT TYPE="text" SIZE="15" NAME="username" ></p>
</td></tr><tr>
<td width="47%" style='width:47 .0%;padding:2.2 5pt 2.25pt 2.25pt 2.25pt'> <p class=MsoNormal >Password:</p></td>
<td width="53%" style='width:53 .0%;padding:2.2 5pt 2.25pt 2.25pt 2.25pt'> <p class=MsoNormal ><INPUT TYPE="password" SIZE="15" NAME="password" ></p> </td></tr><tr>
<td colspan=2 style='padding: 2.25pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal ><INPUT TYPE="submit" ACTION="verify. asp"
METHOD="Post" NAME="submit"
ACTION=verify.a sp METHOD=Post></p>
</td></tr></table>
</form>

The asp code for the verify.asp page:

<%
SQL ="SELECT * FROM Researcher WHERE StrComp('" & Request.Form("u sername") & "', ResearcherID, 0)=0 AND StrComp(UserPas sword, '" &
Request.Form("p assword") & "', 0)=0"
SET DbObject = Server.CreateOb ject ("ADODB.Connect ion")
DbObject.Open "DSN=pseudoCAP1 ;UID=;PWD="
set rs = server.createob ject("adodb.rec ordset")
SET Rs = DbObject.Execut e (SQL)
If Rs.EOF Then
Session("Authen ticated") = 0
Response.Redire ct ("unsuccessfulL ogin.htm")
Else
Session("Authen ticated") = 1
Session("user") = Request.Form("u sername")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redire ct "main.asp"
%>

The main.asp page (does not check for a login but provides links to pages
that do need an authentication) :

<%@ Language=VBScri pt %>
<SCRIPT LANGUAGE="JavaS cript" src="include/help_windows.js "></SCRIPT>
<!--#INCLUDE FILE="../include/functions.inc"-->
<%
'Declare ADOVBS constants
Const adOpenStatic = 3
Const adLockOptimisti c = 3
Const adCmdText = &H0001
SQL = "SELECT * FROM Researcher R LEFT OUTER JOIN Institution I ON I.iName = R.Institution AND I.Street = R.Street AND I.City = R.City WHERE
ResearcherID = '" & Session("user") &"'"
SET DbObject = Server.CreateOb ject ("ADODB.Connect ion")
DbObject.Open "DSN=pseudoCAP1 "
set RS = server.createob ject("adodb.rec ordset")
RS.Open SQL, DbObject, adOpenStatic, adLockOptimisti c, adCMDText
%>
<p align="center"> <form METHOD="post" NAME="query"
ACTION="../UpdatesSearchRe sultsU.asp" target=_blank
onMouseOut="MM_ swapImgRestore( )"
onMouseOver="MM _swapImage('his tory','','/images/viewHistory2.gi f',1)"
onSubmit="retur n validRange(this );">
<input id="SearchStr1a " type="hidden" name="SearchStr 1a" value="">
<input id="SearchStr1b " type="hidden" name="SearchStr 1b" value="">
<input id="SearchStr1a _m" type="hidden" name="SearchStr 1a_m" value=""> <input id="SearchStr1a _d" type="hidden" name="SearchStr 1a_d" value=""> <input id="SearchStr1a _y" type="hidden" name="SearchStr 1a_y" value=""> <input type="hidden" name="ord1" value="date_upd ated">
<input id="SearchStr1b _m" type="hidden" name="SearchStr 1b_m" value=""> <input id="SearchStr2a _d" type="hidden" name="SearchStr 1b_d" value=""> <input id="SearchStr2a _y" type="hidden" name="SearchStr 1b_y" value=""> <input id="SearchStr4 " type="hidden" name="SearchStr 4"
maxlength="255" >
<input id="viewRecent " type="hidden" name="viewRecen t" value="false"> <input id="Field2" type="hidden" name="Field2" value="Particip ant">
<input id="SearchStr2 " type="hidden" name="SearchStr 2"
value="<%=getFi eld(RS, "rLastName")%>" >
<input name="history" type="image" border="0"
src="/images/viewHistory.gif " width="224" height="26" alt="View Submission
History">
</form></p><p>&nbsp;</p><p>If you have not already logged in, you will have to do so <a href="login.htm l">here</a>.</p></td></tr></table>
<%
rs.Close
Set rs = Nothing
DbObject.close
Set DbObject = Nothing
%>
<p>&nbsp;</p>
</center>
</BODY>
</HTML>

A functions.inc file contains this function that is called in the form above and is sometimes returned:

function getField(oRs, fieldIndex)
Strtemp = oRs(fieldIndex) ### this is the line referred to in
the error returned in my browser###
if isnull(strtemp) then
getField = ""
else
getField = Strtemp
end if
end function
Finally each page linked to from the main.asp page checks for the value of
the "Authentication " session variable:

<%
' Verify that the user has logged in
If Session("Authen ticated") = 0 Then
Response.Redire ct ("login.html ")
End If
%>

I guess that is it. Thanks.
Geoff

Jul 19 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
11
3352
Session Variable gets truncated and drives me crazy
by: doltharz | last post by:
Please Help me i'm doing something i though was to be REALLY EASY but it drives me crazy The complete code is at the end of the email (i mean newsgroup article), i always use Option Explicit and Response.Expires=-1,
ASP / Active Server Pages
1
3113
New session on ASP page inside a frameset all of a sudden
by: Ann Leland | last post by:
I have been using session variables to pass a user name from one ASP page to another inside framesets for 9 months and it stopped working this week. I have made no code changes but there was a "security update" installed on the server a few days ago but I can't find out exactly what it was. In the research I have done I found many articles on the subject of session variables in ASP pages inside framesets. From what I read a new...
ASP / Active Server Pages
3
2672
HELP! Variable looses value in loop within trigger
by: Gustavo Randich | last post by:
The following seems to be a bug. The execution returns rows 1,2. It should return 1,1. In fact, if I run the code within a stored procedure alone (not in a trigger), the loop doesn't overwrite the value of y (works well). create table test (a integer) @ create table debug1 (a integer) @ create trigger test_1 after insert on test referencing new as ins for
DB2 Database
4
1661
Question: Difference between strMyVar and Session("strMyVar")
by: VB Programmer | last post by:
If I have a variable I want to share in my application what is the difference between just declaring a variable (Dim strMyVar as String) and using a session variable (Session("strMyVar"))? When should I use a session variable and when should I just declare it like normal? Thanks in advance!
ASP.NET
9
2386
Trouble with using Session state
by: Greg Linwood | last post by:
I'm having difficulty understanding Session state in ASP.Net. It's almost embarrassing asking this as I've been using ASP since it was first released & it really shouldn't be this hard to use - perhaps I'm just not very smart or perhaps MS is making this too hard for us sql bunnies to understand - I dunno, but I'd really appreciate someone explaining what I'm doing wrong here & perhaps suggest a better approach.. I'm familiar with use of...
ASP.NET
4
1954
Session behavior
by: T Ralya | last post by:
I am told that ASP.NET controls the session ID and session variables, but that does not fit my symptoms. I am posting here as directed. I'm hoping that someone can at least recommend something to try to isolate the problem. I have a simple application that demonstrates my problem. Page 1, step1: SaveSessionVariableButton will create a string value, show it on screen, save it in a session variable and show the session ID on screen....
ASP.NET
3
2912
Keep track of Session value
by: Alan Wang | last post by:
Hi there, Once my application gets complicated and complicated. I found it's really hard to keep track of Session value I am using in my asp.net application. I am just wondering if anyone have any experience on how to keep track of session value. Any help it's appreciated. Thanks Alan
ASP.NET
6
2189
Variable/parameter declaration inconsistency
by: August Karlstrom | last post by:
Hi What's the cause of the inconsistency between variable and parameter declarations in C? What's wrong with e.g. void f(int a, b; char c); August
C / C++
4
3447
Transferring Object from Session Variable to New Class Object???
by: Don Miller | last post by:
I am using a Session variable to hold a class object between ASP.NET pages (in VB). In my constructor I check to see if the Session variable exists, and if it doesn't, I create one and populate it with "Me". But if the Session variable already exists, I would like the new object be populated with everything from the object stored in the Session variable. Ideally, I'd like to retrieve the object from the Session variable and assign it to...
ASP.NET
0
9669
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
1
10155
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9995
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9029
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7537
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6776
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5559
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4110
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
3
2916
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us