473,327 Members | 2,090 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

Session Issue

Hi,

I created a html page from which I give a link to another web site. The new
site is opened in a new window. When I opened multiple windows, they all have
the same SessionID. I want ot know how to open the windows with different
sessionID.

Thanks
Jan 11 '06 #1
10 2155
Li Pang wrote:
Hi,

I created a html page from which I give a link to another web site.
The new site is opened in a new window. When I opened multiple
windows, they all have the same SessionID. I want ot know how to open
the windows with different sessionID.

Thanks


Put a Session.Abandon statement in the page opened in the new window.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jan 11 '06 #2
Thanks Bob,

It works when I added Session.Abandon in the called page. Should I add it
into Global.asa in the Session_OnStart function?

"Bob Barrows [MVP]" wrote:
Li Pang wrote:
Hi,

I created a html page from which I give a link to another web site.
The new site is opened in a new window. When I opened multiple
windows, they all have the same SessionID. I want ot know how to open
the windows with different sessionID.

Thanks


Put a Session.Abandon statement in the page opened in the new window.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Jan 11 '06 #3
No, that will have no effect on the situation you are working with. The
session has already started ...
Li Pang wrote:
Thanks Bob,

It works when I added Session.Abandon in the called page. Should I
add it into Global.asa in the Session_OnStart function?

"Bob Barrows [MVP]" wrote:
Li Pang wrote:
Hi,

I created a html page from which I give a link to another web site.
The new site is opened in a new window. When I opened multiple
windows, they all have the same SessionID. I want ot know how to
open the windows with different sessionID.

Thanks


Put a Session.Abandon statement in the page opened in the new window.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jan 11 '06 #4
Hi Bob,

You said that “The session has already started”. Is it still true if the
calling page and the called page are located at the different servers?

How the session really works?
If the calling page A calls the called page B then the session of page B
started (from the server B).
If the calling page A calls second time the page B, how the asp or iis knows
that the session has been already started?

Is the session of page B depends on the parent page A?
Is that possible to use the javascript function “window.open” enforcing to
open a new sessions?

Thanks in advance
"Bob Barrows [MVP]" wrote:
No, that will have no effect on the situation you are working with. The
session has already started ...
Li Pang wrote:
Thanks Bob,

It works when I added Session.Abandon in the called page. Should I
add it into Global.asa in the Session_OnStart function?

"Bob Barrows [MVP]" wrote:
Li Pang wrote:
Hi,

I created a html page from which I give a link to another web site.
The new site is opened in a new window. When I opened multiple
windows, they all have the same SessionID. I want ot know how to
open the windows with different sessionID.

Thanks

Put a Session.Abandon statement in the page opened in the new window.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jan 11 '06 #5
Li Pang wrote:
Hi Bob,

You said that "The session has already started". Is it still true if
the calling page and the called page are located at the different
servers?
If they are on different servers, then, by definition, they cannot have the
same session.
There is no point in abandoning a session in Session_OnStart because that
event only fires when a session is starting.

How the session really works?
If the calling page A calls the called page B then the session of
page B started (from the server B).
Correct. A new session starts on server B
If the calling page A calls second time the page B, how the asp or
iis knows that the session has been already started?
Because the server B session cookie still exists on the user's machine.

Is the session of page B depends on the parent page A?
No. the session depends on a session cookie written to the user's machine by
server B.
The session cookies remain until all browser windows are closed
Is that possible to use the javascript function "window.open"
enforcing to open a new sessions?


Only by issuing a Session.Abandon call in the server-side code of the page
being called.

You could have a SessionAbandon.asp page to which you pass a querystring
argument to control a Response.Redirect statement which is executed after
the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jan 11 '06 #6
Bob,

I have still an issue of session variables.

I have a web site that allows users access with different profiles
(different sets of session variables). When users start a new browser, each
login has its own set of session variables. There is an option that a user
can open multiple windows with different user’s profile (administrators), and
when the multiple windows are opened by a new browser separately, every thing
works well (i.e., no interaction between the sessions).

Now, there is an issue of session variables when users open multiple windows
from a parent page (providing a link to above web site), i.e., when open a
window with profile A, it’s OK, but when open another window with profile B,
all session variables within profile A are replaced by those of profile B.
And if a third window is opened with profile C, then all session variables in
profile A and B are replaced by those in profile C.

I put the statement “Session.Abandon” at the beginning of first page of the
web site, that changes the session ID after every login, but the interaction
between different sessions still happens.

Any ideal on that?

I appreciate your support.
"Bob Barrows [MVP]" wrote:
Li Pang wrote:
Hi Bob,

You said that "The session has already started". Is it still true if
the calling page and the called page are located at the different
servers?


If they are on different servers, then, by definition, they cannot have the
same session.
There is no point in abandoning a session in Session_OnStart because that
event only fires when a session is starting.

How the session really works?
If the calling page A calls the called page B then the session of
page B started (from the server B).


Correct. A new session starts on server B
If the calling page A calls second time the page B, how the asp or
iis knows that the session has been already started?


Because the server B session cookie still exists on the user's machine.

Is the session of page B depends on the parent page A?


No. the session depends on a session cookie written to the user's machine by
server B.
The session cookies remain until all browser windows are closed
Is that possible to use the javascript function "window.open"
enforcing to open a new sessions?


Only by issuing a Session.Abandon call in the server-side code of the page
being called.

You could have a SessionAbandon.asp page to which you pass a querystring
argument to control a Response.Redirect statement which is executed after
the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jan 12 '06 #7
Bob,

I give you my testing codes as below.
To reproduce the problem, do the following:
1. start test.asp, and click on Development
2. it pops up a new window. In the Login field, it shows “lpang” then click
“Submit”
3. Apphome.asp page shows the user id
4. click on Development link on test.asp page again
5. it pops up another window. In Login field replace “lpang” by “Bob” and
click on “Submit”
6. the page shows Bob as user id, now click on “refresh”
7. The page shows “Bob” as user id
8. Go to first page click “refresh”, it shows “Bob” as well (“lpang” is
overwritten)

test.asp
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<TABLE WIDTH="100%" HEIGHT="100%">
<TR>
<TD><a target="_blank" href="../TestApp/app.asp">Development</a>
</TD>
</TR>
</TABLE>
</BODY>
</html>

App.asp
<%
Session.Abandon
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Login</th>

</tr>
<tr>
<td align="right">Login:</td>
<td><input type="text" name="login" class="ipText" size="20"
value="lpang"></td>
</tr>
<tr>
<td></td>
<td align="center"><a href="javascript:form1.submit();">Submit</a></td>
</tr>
</table>
</form>
</BODY>
</html>

Apphome.asp
<%
'Session.Abandon
session("uid") = request.form("login")
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show
User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
<TR>
<TD align="center"><a href="App2.asp">refresh</a></TD>
</TR>
</table>
</form>
</BODY>
</html>

App2.asp
<%
'Session.Abandon
'session("uid") = "XXX"
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=App2.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show User"
style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
</table>
</form>
</BODY>
</html>

"Bob Barrows [MVP]" wrote:
Li Pang wrote:
Hi Bob,

You said that "The session has already started". Is it still true if
the calling page and the called page are located at the different
servers?


If they are on different servers, then, by definition, they cannot have the
same session.
There is no point in abandoning a session in Session_OnStart because that
event only fires when a session is starting.

How the session really works?
If the calling page A calls the called page B then the session of
page B started (from the server B).


Correct. A new session starts on server B
If the calling page A calls second time the page B, how the asp or
iis knows that the session has been already started?


Because the server B session cookie still exists on the user's machine.

Is the session of page B depends on the parent page A?


No. the session depends on a session cookie written to the user's machine by
server B.
The session cookies remain until all browser windows are closed
Is that possible to use the javascript function "window.open"
enforcing to open a new sessions?


Only by issuing a Session.Abandon call in the server-side code of the page
being called.

You could have a SessionAbandon.asp page to which you pass a querystring
argument to control a Response.Redirect statement which is executed after
the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jan 12 '06 #8
The page in which you issue Session.Abandon must immediately redirect to
another page. The Session is not destroyed until the page in which the
statement is issued finishes processing.
Li Pang wrote:
Bob,

I give you my testing codes as below.
To reproduce the problem, do the following:
1. start test.asp, and click on Development
2. it pops up a new window. In the Login field, it shows "lpang" then
click "Submit"
3. Apphome.asp page shows the user id
4. click on Development link on test.asp page again
5. it pops up another window. In Login field replace "lpang" by "Bob"
and click on "Submit"
6. the page shows Bob as user id, now click on "refresh"
7. The page shows "Bob" as user id
8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
is overwritten)

test.asp
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<TABLE WIDTH="100%" HEIGHT="100%">
<TR>
<TD><a target="_blank" href="../TestApp/app.asp">Development</a>
</TD>
</TR>
</TABLE>
</BODY>
</html>

App.asp
<%
Session.Abandon
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Login</th>

</tr>
<tr>
<td align="right">Login:</td>
<td><input type="text" name="login" class="ipText" size="20"
value="lpang"></td>
</tr>
<tr>
<td></td>
<td align="center"><a
href="javascript:form1.submit();">Submit</a></td> </tr>
</table>
</form>
</BODY>
</html>

Apphome.asp
<%
'Session.Abandon
session("uid") = request.form("login")
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show
User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
<TR>
<TD align="center"><a href="App2.asp">refresh</a></TD>
</TR>
</table>
</form>
</BODY>
</html>

App2.asp
<%
'Session.Abandon
'session("uid") = "XXX"
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=App2.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show User"
style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
</table>
</form>
</BODY>
</html>

"Bob Barrows [MVP]" wrote:
Li Pang wrote:
Hi Bob,

You said that "The session has already started". Is it still true if
the calling page and the called page are located at the different
servers?


If they are on different servers, then, by definition, they cannot
have the same session.
There is no point in abandoning a session in Session_OnStart because
that event only fires when a session is starting.

How the session really works?
If the calling page A calls the called page B then the session of
page B started (from the server B).


Correct. A new session starts on server B
If the calling page A calls second time the page B, how the asp or
iis knows that the session has been already started?


Because the server B session cookie still exists on the user's
machine.

Is the session of page B depends on the parent page A?


No. the session depends on a session cookie written to the user's
machine by server B.
The session cookies remain until all browser windows are closed
Is that possible to use the javascript function "window.open"
enforcing to open a new sessions?


Only by issuing a Session.Abandon call in the server-side code of
the page being called.

You could have a SessionAbandon.asp page to which you pass a
querystring argument to control a Response.Redirect statement which
is executed after the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jan 12 '06 #9
Bob,

In reality, I don't want to kill any sessions. My concern is to keep every
set of session within its own window. There is an issue of session shared
within multiple windows. My filling is that the server checks the IE instance
or id of client, as long as the same parameter found, it uses the same set of
session. I can't find the reason that IE does that.

"Bob Barrows [MVP]" wrote:
The page in which you issue Session.Abandon must immediately redirect to
another page. The Session is not destroyed until the page in which the
statement is issued finishes processing.
Li Pang wrote:
Bob,

I give you my testing codes as below.
To reproduce the problem, do the following:
1. start test.asp, and click on Development
2. it pops up a new window. In the Login field, it shows "lpang" then
click "Submit"
3. Apphome.asp page shows the user id
4. click on Development link on test.asp page again
5. it pops up another window. In Login field replace "lpang" by "Bob"
and click on "Submit"
6. the page shows Bob as user id, now click on "refresh"
7. The page shows "Bob" as user id
8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
is overwritten)

test.asp
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<TABLE WIDTH="100%" HEIGHT="100%">
<TR>
<TD><a target="_blank" href="../TestApp/app.asp">Development</a>
</TD>
</TR>
</TABLE>
</BODY>
</html>

App.asp
<%
Session.Abandon
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Login</th>

</tr>
<tr>
<td align="right">Login:</td>
<td><input type="text" name="login" class="ipText" size="20"
value="lpang"></td>
</tr>
<tr>
<td></td>
<td align="center"><a
href="javascript:form1.submit();">Submit</a></td> </tr>
</table>
</form>
</BODY>
</html>

Apphome.asp
<%
'Session.Abandon
session("uid") = request.form("login")
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show
User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
<TR>
<TD align="center"><a href="App2.asp">refresh</a></TD>
</TR>
</table>
</form>
</BODY>
</html>

App2.asp
<%
'Session.Abandon
'session("uid") = "XXX"
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=App2.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show User"
style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
</table>
</form>
</BODY>
</html>

"Bob Barrows [MVP]" wrote:
Li Pang wrote:
Hi Bob,

You said that "The session has already started". Is it still true if
the calling page and the called page are located at the different
servers?

If they are on different servers, then, by definition, they cannot
have the same session.
There is no point in abandoning a session in Session_OnStart because
that event only fires when a session is starting.
How the session really works?
If the calling page A calls the called page B then the session of
page B started (from the server B).

Correct. A new session starts on server B

If the calling page A calls second time the page B, how the asp or
iis knows that the session has been already started?

Because the server B session cookie still exists on the user's
machine.
Is the session of page B depends on the parent page A?

No. the session depends on a session cookie written to the user's
machine by server B.
The session cookies remain until all browser windows are closed

Is that possible to use the javascript function "window.open"
enforcing to open a new sessions?
Only by issuing a Session.Abandon call in the server-side code of
the page being called.

You could have a SessionAbandon.asp page to which you pass a
querystring argument to control a Response.Redirect statement which
is executed after the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jan 12 '06 #10
I think I am beginning to understand.
I may be wrong, but I don't think it is possible for multiple sessions to be
spawned for the same application from a single web server on a single client
machine. This would probably be a security breach, enabling sessions to be
hijacked.

You should check with the experts over at .inetserver.iis, but I think you
will need to find another way to maintain your session state for your
applications.

Li Pang wrote:
Bob,

In reality, I don't want to kill any sessions. My concern is to keep
every set of session within its own window. There is an issue of
session shared within multiple windows. My filling is that the server
checks the IE instance or id of client, as long as the same parameter
found, it uses the same set of session. I can't find the reason that
IE does that.

"Bob Barrows [MVP]" wrote:
The page in which you issue Session.Abandon must immediately
redirect to another page. The Session is not destroyed until the
page in which the statement is issued finishes processing.
Li Pang wrote:
Bob,

I give you my testing codes as below.
To reproduce the problem, do the following:
1. start test.asp, and click on Development
2. it pops up a new window. In the Login field, it shows "lpang"
then click "Submit"
3. Apphome.asp page shows the user id
4. click on Development link on test.asp page again
5. it pops up another window. In Login field replace "lpang" by
"Bob" and click on "Submit"
6. the page shows Bob as user id, now click on "refresh"
7. The page shows "Bob" as user id
8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
is overwritten)

test.asp
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<TABLE WIDTH="100%" HEIGHT="100%">
<TR>
<TD><a target="_blank" href="../TestApp/app.asp">Development</a>
</TD>
</TR>
</TABLE>
</BODY>
</html>

App.asp
<%
Session.Abandon
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Login</th>

</tr>
<tr>
<td align="right">Login:</td>
<td><input type="text" name="login" class="ipText" size="20"
value="lpang"></td>
</tr>
<tr>
<td></td>
<td align="center"><a
href="javascript:form1.submit();">Submit</a></td> </tr>
</table>
</form>
</BODY>
</html>

Apphome.asp
<%
'Session.Abandon
session("uid") = request.form("login")
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show
User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
<TR>
<TD align="center"><a href="App2.asp">refresh</a></TD>
</TR>
</table>
</form>
</BODY>
</html>

App2.asp
<%
'Session.Abandon
'session("uid") = "XXX"
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=App2.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show
User" style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
</table>
</form>
</BODY>
</html>

"Bob Barrows [MVP]" wrote:

Li Pang wrote:
> Hi Bob,
>
> You said that "The session has already started". Is it still true
> if the calling page and the called page are located at the
> different servers?

If they are on different servers, then, by definition, they cannot
have the same session.
There is no point in abandoning a session in Session_OnStart
because that event only fires when a session is starting.

>
> How the session really works?
> If the calling page A calls the called page B then the session of
> page B started (from the server B).

Correct. A new session starts on server B

> If the calling page A calls second time the page B, how the asp or
> iis knows that the session has been already started?

Because the server B session cookie still exists on the user's
machine.

>
> Is the session of page B depends on the parent page A?

No. the session depends on a session cookie written to the user's
machine by server B.
The session cookies remain until all browser windows are closed

> Is that possible to use the javascript function "window.open"
> enforcing to open a new sessions?
>

Only by issuing a Session.Abandon call in the server-side code of
the page being called.

You could have a SessionAbandon.asp page to which you pass a
querystring argument to control a Response.Redirect statement which
is executed after the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will
get a quicker response by posting to the newsgroup.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get
a quicker response by posting to the newsgroup.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jan 12 '06 #11

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
3
by: headware | last post by:
I have an issue that I've been encountering in an ASP application I'm working on. Most of the application is written in ASP, but there is one page written in ASP.NET. The ASP.NET page needs to have...
5
by: Mark Rodrigues | last post by:
Hi Everyone, I have been fighting a problem for a while and I wonder if someone out there can help. This problem has been presented in a number of news postings previously but I am yet to see a...
5
by: ASP.Confused | last post by:
As you can tell from my previous posts on this issue...I'm really confused :-/ I have a few ASP.NET web applications on my web host's "https" server. Our web host has a single "bin" folder for...
5
by: fbwhite | last post by:
I know this issue has been brought up many times, but I have tried many of the solutions to no avail. I wanted to give my specific case to see if someone could be of any help. We are using the...
9
by: cashdeskmac | last post by:
I have put a string into Session and tried to retrieve it on the next page I visit but the Session appears empty. I have exactly the same spelling for both adding and retrieving the value: ...
18
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...
11
by: Joseph Geretz | last post by:
I've been looking at two approaches for the maintenance of Session state for a Web Service application. One approach uses the old familiar Session object which I've used in the past for Web...
7
by: Microsoft Newsserver | last post by:
Hi Folks. I have an issue I need some help with if thats OK. I am running Framework 2.0 using Windows Integrated Security. For most of the application we manage session timeouts without the...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.