469,275 Members | 1,594 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,275 developers. It's quick & easy.

Handle Session Timeout And Lost MemberID

I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:

<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #1
12 3195
"Edward Rothwell" <ed*************@hale-it.co.uk> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:
If IsEmpty(lgMemberId) Then
.... timeout
Else

Increasing the timeout might fix this but if you deal with lots of users,
you should avoid to waste lots of resources.
<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!


Jul 22 '05 #2
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.


Impossible.

Global.asa only runs on the first contact after server reset or power up.

Global.asa is done after that and all the variables die with it.

When a user logs in, Global.asa does not run again.

But when a user starts a new session, the session-onstart sub runs, and
even there, there are no persistent variables in a sub.

Perhaps you mean a application variable or a session variable?
These do not need Global.asa to run.

Evertjan.
Jul 22 '05 #3
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Impossible.

Global.asa only runs on the first contact after server reset or power up.


I think he, of course, uses Session_onStart which is the solution, but
you -never- get this event, indeed, after a login.asp page for instance.
Global.asa is done after that and all the variables die with it.

When a user logs in, Global.asa does not run again.

But when a user starts a new session, the session-onstart sub runs, and
even there, there are no persistent variables in a sub.

Perhaps you mean a application variable or a session variable?
These do not need Global.asa to run.

Evertjan.


Jul 22 '05 #4
I don't see how you could do this in global.asa ?

IMO it could be rather done in the login page. Then when the timeout
happens, the session is no more available and the user is redirected to the
login page allowing to repopulate its member id once logged again...

Patrice

--

"Edward Rothwell" <ed*************@hale-it.co.uk> a écrit dans le message de
news:%2****************@tk2msftngp13.phx.gbl...
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:

<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 22 '05 #5
Yes sorry for confusing people.
I meant a Session variable.
(I initiate it/declare it in the Session_OnStart which happens to be
declared in my global.asa)

Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub

MemberID only gets a value when the user actually logs in.

I think Egbert perhaps has an answer.

Just wondered how others did it...

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #6
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub


What is the difference with:

Sub Session_OnStart
Session("MemberID") = 0
End Sub

?

===========================

This Session_OnStart use is not needed anyway.

All nonexisting seeion variables return an empty string.
Just use before you first need to read that variable:

If Session("MemberID") = "" Then Session("MemberID") = 0
Jul 22 '05 #7
You might want to create a temporary cookie on the users machine, with some
userCode, and check the cookie on every page user access. With this, you can
even have a track of the user moving around your site.
Yes it involves som coding, but in the long run it pays off.

Sven

"Edward Rothwell" <ed*************@hale-it.co.uk> skrev i meddelandet
news:%2****************@tk2msftngp13.phx.gbl...
I have a web site where once a user has logged on I store
their MemberID in a global variable in the global.asa file.

Then in other pages I find out which member I am dealing
with by looking at this variable, ie:

<%
Private lgMemberID

lgMemberID = Session.Contents("MemberID")

%>

I then use this variable to query a database...

Sub WriteMessages()
Dim strFirstName
Dim strSurname
Dim bPhone
Dim bCard
Dim bEMail
Dim strSQL
Dim rs

strSQL = "{CALL qGetMessages (" & lgMemberID & ")}"

Set rs = Server.CreateObject("ADODB.Recordset")
rs.Open strSQL, conn, 3, 3

Do Until rs.EOF
strFirstName = rs("ContactFirstName")
strSurname = rs("ContactSurname")
bPhone = rs("Phone")
bCard = rs("Card")
bEMail = rs("EMail")

With Response
.Write "<TR>" & vbcr
.Write "<TD width=160>" & strFirstName & " " & strSurname &
"</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bPhone Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bCard Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD align='center' width=100>"
If bEMail Then .Write "<IMG SRC='images/yes.gif' ALT='' BORDER=0>"
.Write "</TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Edit</A></TD>" & vbcr
.Write "<TD width=23><A HREF='http://?'>Delete</A></TD>" & vbcr
.Write "</TR>" & vbcr
End With
rs.MoveNext
Loop

rs.Close
Set rs = Nothing

End Sub
I want to know how to professionally handle the 'time-out' of the
session.
At the moment when the app. times out Session.Contents("MemberID")
equals 0.
Which means I get an error:

"ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record."

I don't really want to handle the BOF/EOF error directly as this is just
a symptom of a different problem (the time out).

Would I have to force the user to log in again?
Increase the time out?
How do other people do this??

I also don't see how appropriate it would be to increase the timeout to,
say 2 hours. When the site generates large amounts of traffic then
keeping 100s of sessions live for so long is going to eat too many
resources.

Do other people use cookies to store the memberID instead of a session
variable?
If so - what do they do about people who have cookies blocked?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 22 '05 #8
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub

What is the difference with:


Session.Contents("MemberID") or Session("Contents") is the same... but
that's not the point.
He was setting the variable in global.asa and not in the login.asp page.
Sub Session_OnStart
Session("MemberID") = 0

End Sub

?

===========================

This Session_OnStart use is not needed anyway.

All nonexisting seeion variables return an empty string.
Just use before you first need to read that variable:

If Session("MemberID") = "" Then Session("MemberID") = 0


Jul 22 '05 #9
Egbert Nierop (MVP for IIS) wrote on 08 dec 2004 in
microsoft.public.inetserver.asp.general:
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Edward Rothwell wrote on 06 dec 2004 in
microsoft.public.inetserver.asp.general:
Sub Session_OnStart
With Session
.Contents("MemberID") = 0
End With
End Sub

What is the difference with:
Sub Session_OnStart
Session("MemberID") = 0
End Sub


Session.Contents("MemberID") or Session("Contents") is the same... but
that's not the point.


Nuts, Egbert, that was my point, perhaps not yours. Why use 5 lines of
code instead of three.
He was setting the variable in global.asa
No, Global.asa does only run with the first session after server(re)set.
So his Global.asa does not set the session variable.
and not in the login.asp page.


True, Session_OnStart runs at the first page of a new session, which
could be another page than login.asp

That is why I wrote:
This Session_OnStart use is not needed anyway.

All nonexisting seeion variables return an empty string.
Just use before you first need to read that variable:

If Session("MemberID") = "" Then Session("MemberID") = 0


So in login.asp:

If Session("MemberID") = "" Then Session("MemberID") = 0
If request.form("MiD") <> "" Then
' validate numeric MiD and password here, else MiD=0
Session("MemberID") = MiD
end If
If Session("MemberID") <> 0 Then response.redirect "loggedin.asp"

%><form .... action='login.asp' ...
--
Evertjan.
The Netherlands.
(Replace all crosses with dots in my emailaddress)

Jul 22 '05 #10
OK Evertjan.

So I don't need to use Session_OnStart to initiate my session variables?

(BTW I had other variables between the With statement...just showed the
MemberID one for brevity!!)

So couldn't I just say:

Private lgMemberID

lgMemberID = ValidateUser(strUserName, stUserPassword)
If lgMemberID <> 0 Then
Session("MemberID") = lgMemberID
End If

Can I do this?
Do I not have to explicitly declare the Session variable?
If Session(MemberID) doesn't already exist (if never refered to before)
will the above code just create it and use it?
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #11
Edward Rothwell wrote:
OK Evertjan.

So I don't need to use Session_OnStart to initiate my session
variables?

(BTW I had other variables between the With statement...just showed
the MemberID one for brevity!!)

So couldn't I just say:

Private lgMemberID

lgMemberID = ValidateUser(strUserName, stUserPassword)
If lgMemberID <> 0 Then
Session("MemberID") = lgMemberID
End If

Can I do this? Yes
Do I not have to explicitly declare the Session variable? No
If Session(MemberID) doesn't already exist (if never refered to
before) will the above code just create it and use it?

Yes

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 22 '05 #12
Edward Rothwell wrote on 08 dec 2004 in
microsoft.public.inetserver.asp.general:
Can I do this?
Better tried than asked.
Do I not have to explicitly declare the Session variable?
No, all nonexisting session variables return an empty string on reading

All session variables can be set or value changed by the same code
If Session(MemberID) doesn't already exist (if never refered to before)
will the above code just create it and use it?


Yes, but don't take my word for it, try!

--
Evertjan.
The Netherlands.
(Replace all crosses with dots in my emailaddress)

Jul 22 '05 #13

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Roman | last post: by
7 posts views Thread by Billy Jacobs | last post: by
2 posts views Thread by francois | last post: by
1 post views Thread by Oliver Jentsch | last post: by
25 posts views Thread by =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post: by
9 posts views Thread by gnewsgroup | last post: by
1 post views Thread by CARIGAR | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.