473,375 Members | 1,318 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,375 software developers and data experts.

Handle Session Timeout And Lost MemberID

I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:

<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #1
12 3407
"Edward Rothwell" <ed*************@hale-it.co.uk> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:
If IsEmpty(lgMemberId) Then
.... timeout
Else

Increasing the timeout might fix this but if you deal with lots of users,
you should avoid to waste lots of resources.
<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!


Jul 22 '05 #2
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.


Impossible.

Global.asa only runs on the first contact after server reset or power up.

Global.asa is done after that and all the variables die with it.

When a user logs in, Global.asa does not run again.

But when a user starts a new session, the session-onstart sub runs, and
even there, there are no persistent variables in a sub.

Perhaps you mean a application variable or a session variable?
These do not need Global.asa to run.

Evertjan.
Jul 22 '05 #3
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Impossible.

Global.asa only runs on the first contact after server reset or power up.


I think he, of course, uses Session_onStart which is the solution, but
you -never- get this event, indeed, after a login.asp page for instance.
Global.asa is done after that and all the variables die with it.

When a user logs in, Global.asa does not run again.

But when a user starts a new session, the session-onstart sub runs, and
even there, there are no persistent variables in a sub.

Perhaps you mean a application variable or a session variable?
These do not need Global.asa to run.

Evertjan.


Jul 22 '05 #4
I don't see how you could do this in global.asa ?

IMO it could be rather done in the login page. Then when the timeout
happens, the session is no more available and the user is redirected to the
login page allowing to repopulate its member id once logged again...

Patrice

--

"Edward Rothwell" <ed*************@hale-it.co.uk> a écrit dans le message de
news:%2****************@tk2msftngp13.phx.gbl...
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:

<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 22 '05 #5
Yes sorry for confusing people.
I meant a Session variable.
(I initiate it/declare it in the Session_OnStart which happens to be
declared in my global.asa)

Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub

MemberID only gets a value when the user actually logs in.

I think Egbert perhaps has an answer.

Just wondered how others did it...

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #6
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub


What is the difference with:

Sub Session_OnStart
Session("MemberID") = 0
End Sub

?

===========================

This Session_OnStart use is not needed anyway.

All nonexisting seeion variables return an empty string.
Just use before you first need to read that variable:

If Session("MemberID") = "" Then Session("MemberID") = 0
Jul 22 '05 #7
You might want to create a temporary cookie on the users machine, with some
userCode, and check the cookie on every page user access. With this, you can
even have a track of the user moving around your site.
Yes it involves som coding, but in the long run it pays off.

Sven

"Edward Rothwell" <ed*************@hale-it.co.uk> skrev i meddelandet
news:%2****************@tk2msftngp13.phx.gbl...
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:

<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 22 '05 #8
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub

What is the difference with:


Session.Contents("MemberID") or Session("Contents") is the same... but
that's not the point.
He was setting the variable in global.asa and not in the login.asp page.
Sub Session_OnStart
Session("MemberID") = 0

End Sub

?

===========================

This Session_OnStart use is not needed anyway.

All nonexisting seeion variables return an empty string.
Just use before you first need to read that variable:

If Session("MemberID") = "" Then Session("MemberID") = 0


Jul 22 '05 #9
Egbert Nierop (MVP for IIS) wrote on 08 dec 2004 in
microsoft.public.inetserver.asp.general:
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub

What is the difference with:
Sub Session_OnStart
Session("MemberID") = 0
End Sub


Session.Contents("MemberID") or Session("Contents") is the same... but
that's not the point.


Nuts, Egbert, that was my point, perhaps not yours. Why use 5 lines of
code instead of three.
He was setting the variable in global.asa
No, Global.asa does only run with the first session after server(re)set.
So his Global.asa does not set the session variable.
and not in the login.asp page.


True, Session_OnStart runs at the first page of a new session, which
could be another page than login.asp

That is why I wrote:
This Session_OnStart use is not needed anyway.

All nonexisting seeion variables return an empty string.
Just use before you first need to read that variable:

If Session("MemberID") = "" Then Session("MemberID") = 0


So in login.asp:

If Session("MemberID") = "" Then Session("MemberID") = 0
If request.form("MiD") <> "" Then
' validate numeric MiD and password here, else MiD=0
Session("MemberID") = MiD
end If
If Session("MemberID") <> 0 Then response.redirect "loggedin.asp"

%><form .... action='login.asp' ...
--
Evertjan.
The Netherlands.
(Replace all crosses with dots in my emailaddress)

Jul 22 '05 #10
OK Evertjan.

So I don't need to use Session_OnStart to initiate my session variables?

(BTW I had other variables between the With statement...just showed the
MemberID one for brevity!!)

So couldn't I just say:

Private lgMemberID

lgMemberID = ValidateUser(strUserName, stUserPassword)
If lgMemberID <> 0 Then
Session("MemberID") = lgMemberID
End If

Can I do this?
Do I not have to explicitly declare the Session variable?
If Session(MemberID) doesn't already exist (if never refered to before)
will the above code just create it and use it?
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #11
Edward Rothwell wrote:
OK Evertjan.

So I don't need to use Session_OnStart to initiate my session
variables?

(BTW I had other variables between the With statement...just showed
the MemberID one for brevity!!)

So couldn't I just say:

Private lgMemberID

lgMemberID = ValidateUser(strUserName, stUserPassword)
If lgMemberID <> 0 Then
Session("MemberID") = lgMemberID
End If

Can I do this? Yes
Do I not have to explicitly declare the Session variable? No
If Session(MemberID) doesn't already exist (if never refered to
before) will the above code just create it and use it?

Yes

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 22 '05 #12
Edward Rothwell wrote on 08 dec 2004 in
microsoft.public.inetserver.asp.general:
Can I do this?
Better tried than asked.
Do I not have to explicitly declare the Session variable?
No, all nonexisting session variables return an empty string on reading

All session variables can be set or value changed by the same code
If Session(MemberID) doesn't already exist (if never refered to before)
will the above code just create it and use it?


Yes, but don't take my word for it, try!

--
Evertjan.
The Netherlands.
(Replace all crosses with dots in my emailaddress)

Jul 22 '05 #13

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
by: P. Glassel | last post by:
I'm having problems getting session timeouts to change programmaticlaly under IIS6.0. This is unchanged code that ran as expected under IIS5.0. Anyone else run into this problem? Thx.
5
by: Roman | last post by:
Hi, I've installed .net on my server and since then I'm loosing my sessions from my (old) asp. e.g.: Session("test") works on the same page, but if the page is changed the whole session is...
7
by: Billy Jacobs | last post by:
I am having a problem with my session variable being set to Null for no apparent reason. I am declaring it like the following when the user logs in. dim objUserInfo as new clsUserInfo 'Set...
2
by: francois | last post by:
Hi, I would like to redirect the user to the login page after the session time out. I tried to do a trick in the global.aspx.cs protected void Application_BeginRequest(Object sender,...
5
by: fbwhite | last post by:
I know this issue has been brought up many times, but I have tried many of the solutions to no avail. I wanted to give my specific case to see if someone could be of any help. We are using the...
2
by: Tomas Martinez | last post by:
Hi, Well, my problem is so simple as it says in the subjet but very frustrating also. I have a project and it is losing the session variables with each postback, so I downloaded from the web a...
1
by: Oliver Jentsch | last post by:
My session is always 20 minutes. I tried to change it in the Web.Config, but the session remains to 20 minutes. My Web.Config ist <sessionState mode="InProc" cookieless="false"...
25
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post by:
I tried: <sessionState timeout="1"> </sessionState> bounced IIS, and after 1 minute still had a session. ??? -- thanks - dave
9
by: gnewsgroup | last post by:
I am using forms authentication for my web application. In web.config, I have this: <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="120"...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.