473,322 Members | 1,259 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Sessions & Cookies



Hello,

I posted a simular question in the "IIS Security" group but it think it
is more usefull to post it here.

I want to do something very simpel. Make a part of my website available
only for users with a username and password. The site is mainly ASP
based. The webserver is an IIS6 and I do NOT have access to server
settings (session timeout, security,...).

I use sessions to set the validation for the users. Basically you are
redirected to a form where you can give a username and password, this is
validated with the values in a database. If the password and username
are ok a session value is set <%=Session("Validated")=True%>*.

At the beginning of each secured page I start with:
<%If Session("Validated")=False Then Response.Redirect("Login.asp") End
If%>

So if the session value "validated" is true you can see the secured
pages, else you are redirected to the logon page.

The default timeout value for session is 20 minutes. Because the session
should stay alive during the complete time of the visit I was thinking
of puting the session.timeout to 60 minutes. I set this at the beginning
of every secure page: <%Session.timeout=60%>

Now, Users keep on contacting me saying that they have to relogon quiet
often. This also seems to happen when a user is not on the website for
20 minutes already (session expired). I tested it myself and have the
feeling the I am indeed regularly redirected. Sometimes after 10
minutes, other times 30 minutes, ... There seems not to be any logic in
the time that users are redirected to the logon page.

Because the website is used to fill in a lot of long HTML forms, it is
very frustrating for the users when they are completing a form and then
pressing "Submit" being redirected to the logon page and lose all
entered data.

Is there somebody who can give me more info on the strange session
behavior? For me it is not normal that a session times out in that
unlogic way.

The only solution I can think of is passing the post information to the
logon page and then redirect after validation back to the transaction
page.

How can you reset the timeout counter on a session in ASP? What I was
thinking was that I am doing it maybe wrong?

Now the session variable that let a user have access to the site is set
once at logon time: (<%=Session("Validated")=True%*>*). Then it is
checked on every page that the user opens (<%If
Session("Validated")=False Then Response.Redirect("Login.asp") End If%>)

Would it be a good idea to re-set the variable every time a user
accesses page? Like <%If Session("Validated")=False Then
Response.Redirect("Login.asp") Else Session("Validated")=True End If%>
Would this reset the timer that times out the session? Or do I have to
add something like <%Session.Abandon%> before setting the variable
again?

What would this do on the server performance?
Is this a good way of working with sessions?

Swicth to cookies i.o. sessions?

I am open for all suggestions, please help! In the future there are also
money transactions going over this website, so it has to be a secure
method! I will use a seperate HTTPS host for this.

Thanks for you help!
*** Sent via Developersdex http://www.developersdex.com ***
Jul 22 '05 #1
2 1667
Ik Ben Het wrote:
The default timeout value for session is 20 minutes...

...Users keep on contacting me saying that they have to relogon
quiet often. This also seems to happen when a user is not on the
website for 20 minutes already (session expired)...


There are any number of possibilities. Here is a good list of things to
consider:
http://aspfaq.com/show.asp?id=2157

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Jul 22 '05 #2
Hello Dave,

Thank you very much. Indeed alot of answers to my questions!

Jul 22 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
6
by: JJ | last post by:
Hi, I really need to use cookieless ASP sessions with ASP 3 (IIS5) Can I find out the session ID from the first page, then post it or send it with the url to the next page, then at the start...
1
by: Ron | last post by:
Hi there, I'm trying to 'browse' a website using the HttpWebRequest class by calling the following function (webRequest is declared outside the function): private string GetHtml(string sUrl) {...
2
by: Steve Franks | last post by:
According to the docs you tell ASP.NET to use cookieless sessions by setting a value in the config.web file. However, what if I wanted to determine at run time whether or not I wanted to use...
2
by: Chris Mahoney | last post by:
Hi I'm using several Sessions in my app. When the user has cookies enabled in their browser, everything works fine. But with cookies disabled, only IE seems to remember the sessions. In Firefox...
7
by: Atte André Jensen | last post by:
Hi I'm developing a site where I'd like to store information during a users visit. So far I've been using sessions, but as far as I can tell it's not possible to control for how long a session...
5
by: jheines | last post by:
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet...
8
by: Chuck Anderson | last post by:
I've instituted a sessions based scheme on my web site to combat hot linking to my images. When someone requests a page at my site, I set a session variable. I then use htaccess to redirect *all*...
1
by: pedalpete | last post by:
I'm building a facebook app, and have been following the guidelines and posting on the facebook message board, but can't seem to get anywhere. Facebook creates a session and cookie on the users...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.