Is this how session and application variables work?

Victor

I've got two domain names sharing the same IP address that use ASP VBScript

If I set a session variable with domain 1, it is only available for domain 1 - this is
correct?

If I set an application variable with domain 1, the app variable is sharing across all
domains using that IP address - this is correct?

This is the behavior I am seeing and I want to make sure that my server is set up
correct. I especially want to make sure application variable behavior is correct.

Thank you!

Jul 30 '06 #1

Follow Post Reply

2125

Slim

session variables are for the same web application only, are you talking
about the same web application accessed via 2 domains?
"Victor" <vi*@vic.comwrote in message
news:ON**************@TK2MSFTNGP06.phx.gbl...

I've got two domain names sharing the same IP address that use ASP
VBScript

If I set a session variable with domain 1, it is only available for domain
1 - this is
correct?

If I set an application variable with domain 1, the app variable is
sharing across all
domains using that IP address - this is correct?

This is the behavior I am seeing and I want to make sure that my server is
set up
correct. I especially want to make sure application variable behavior is
correct.

Thank you!

Jul 31 '06 #2

Anthony Jones

"Victor" <vi*@vic.comwrote in message
news:ON**************@TK2MSFTNGP06.phx.gbl...

I've got two domain names sharing the same IP address that use ASP

VBScript

>
If I set a session variable with domain 1, it is only available for domain

1 - this is

correct?

If I set an application variable with domain 1, the app variable is

sharing across all

domains using that IP address - this is correct?

Nope. The problem is that inorder for the server to identify the session it
sets a session cookie which is sent to the browser. The session cookie will
be rooted in a URL which represents the root of the application. If you use
two different domain names to access the same website they cannot share
sessions.

Eg.

A website is accessed as MyServer as well as MyServer.mydomain.com

It has an application called myapp

Visting http://MyServer/MyApp/Default.asp results in the browser receiving a
session cookie rooted at http://MyServer/MyApp/

Now if in the same browser session you visit another page say
http://MyServer/MyApp/SomeFolder/somepage.asp
the session cookie for http://MyServer/MyApp/ is included in the request
because the root path for the cookie matches the URL requested. This
enables ASP to access session variables that may have be created by
Default.asp earlier because the cookie identifies the session.

Now if, again in the same browser session, you visit yet another page say
http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this URL
does not match the path for which the earlier session cookie was created.
Hence the session cookie is not sent in this request. The server sees
request as needing a new session and does not have any idea about the other
session.

Hope this is clear,

Anthony.

This is the behavior I am seeing and I want to make sure that my server is

set up

correct. I especially want to make sure application variable behavior is

correct.

>
Thank you!

Jul 31 '06 #3

Victor

I understand your session explanation - thanks! It's the application variable that has
me perplexed.

If www.mydomain1.com and www.mydomain2.com both share the same IP address (domain
aliases), then I thought that their APPLICATION variables, set and read from the domain
root, would still be different. I'm surprised to see that an app variable set with the
first domain is also available to the aliased second domain.

Vic
"Anthony Jones" <An*@yadayadayada.comwrote in message
news:%2****************@TK2MSFTNGP06.phx.gbl...

>
"Victor" <vi*@vic.comwrote in message
news:ON**************@TK2MSFTNGP06.phx.gbl...
I've got two domain names sharing the same IP address that use ASP
VBScript

If I set a session variable with domain 1, it is only available for domain
1 - this is
correct?

If I set an application variable with domain 1, the app variable is
sharing across all
domains using that IP address - this is correct?

Nope. The problem is that inorder for the server to identify the session it
sets a session cookie which is sent to the browser. The session cookie will
be rooted in a URL which represents the root of the application. If you use
two different domain names to access the same website they cannot share
sessions.

Eg.

A website is accessed as MyServer as well as MyServer.mydomain.com

It has an application called myapp

Visting http://MyServer/MyApp/Default.asp results in the browser receiving a
session cookie rooted at http://MyServer/MyApp/

Now if in the same browser session you visit another page say
http://MyServer/MyApp/SomeFolder/somepage.asp
the session cookie for http://MyServer/MyApp/ is included in the request
because the root path for the cookie matches the URL requested. This
enables ASP to access session variables that may have be created by
Default.asp earlier because the cookie identifies the session.

Now if, again in the same browser session, you visit yet another page say
http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this URL
does not match the path for which the earlier session cookie was created.
Hence the session cookie is not sent in this request. The server sees
request as needing a new session and does not have any idea about the other
session.

Hope this is clear,

Anthony.

This is the behavior I am seeing and I want to make sure that my server is
set up
correct. I especially want to make sure application variable behavior is
correct.

Thank you!

Aug 1 '06 #4

Bob Barrows [MVP]

Victor wrote:

I understand your session explanation - thanks! It's the application
variable that has me perplexed.

If www.mydomain1.com and www.mydomain2.com both share the same IP
address (domain aliases), then I thought that their APPLICATION
variables, set and read from the domain root, would still be
different. I'm surprised to see that an app variable set with the
first domain is also available to the aliased second domain.

Vic

I know it's a silly question, but it's got to be asked: have you taken steps
to ensure that the variable value will be different depending on the domain
in which it's running? I mean, you're not just setting an app variable to a
value in the global.asa file and expecting it to only be set in one of the
domains in which it runs are you?

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Aug 1 '06 #5

Anthony Jones

"Victor" <vi*@vic.comwrote in message
news:uI**************@TK2MSFTNGP03.phx.gbl...

I understand your session explanation - thanks! It's the application

variable that has

me perplexed.

If www.mydomain1.com and www.mydomain2.com both share the same IP address

(domain

aliases), then I thought that their APPLICATION variables, set and read

from the domain

root, would still be different. I'm surprised to see that an app variable

set with the

first domain is also available to the aliased second domain.

Sorry misunderstood your question. Yes the behaviour you are seeing is
correct. The ASP application has not interest in the domain name(s) used to
access it and does not depend on anything from the client to identify the
application. Hence all urls which ultimate resolve to the application folder
(or one of its sub-folders) will identify with the same application on the
web server and will share any application variables.

Anthony.

Vic
"Anthony Jones" <An*@yadayadayada.comwrote in message
news:%2****************@TK2MSFTNGP06.phx.gbl...

"Victor" <vi*@vic.comwrote in message
news:ON**************@TK2MSFTNGP06.phx.gbl...
I've got two domain names sharing the same IP address that use ASP
VBScript
>
If I set a session variable with domain 1, it is only available for

domain

1 - this is
correct?
>
If I set an application variable with domain 1, the app variable is
sharing across all
domains using that IP address - this is correct?
>
Nope. The problem is that inorder for the server to identify the

session it

sets a session cookie which is sent to the browser. The session cookie

will

be rooted in a URL which represents the root of the application. If you

use

two different domain names to access the same website they cannot share
sessions.

Eg.

A website is accessed as MyServer as well as MyServer.mydomain.com

It has an application called myapp

Visting http://MyServer/MyApp/Default.asp results in the browser

receiving a

session cookie rooted at http://MyServer/MyApp/

Now if in the same browser session you visit another page say
http://MyServer/MyApp/SomeFolder/somepage.asp
the session cookie for http://MyServer/MyApp/ is included in the

request

because the root path for the cookie matches the URL requested. This
enables ASP to access session variables that may have be created by
Default.asp earlier because the cookie identifies the session.

Now if, again in the same browser session, you visit yet another page

say

http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this

URL

does not match the path for which the earlier session cookie was

created.

Hence the session cookie is not sent in this request. The server sees
request as needing a new session and does not have any idea about the

other

session.

Hope this is clear,

Anthony.

This is the behavior I am seeing and I want to make sure that my

server is

set up
correct. I especially want to make sure application variable behavior

correct.
>
Thank you!
>
>
>
>
>
>
>

Aug 1 '06 #6

Victor

"Anthony Jones" <An*@yadayadayada.comwrote in message
news:Oq**************@TK2MSFTNGP03.phx.gbl...

>
"Victor" <vi*@vic.comwrote in message
news:uI**************@TK2MSFTNGP03.phx.gbl...
I understand your session explanation - thanks! It's the application
variable that has
me perplexed.

If www.mydomain1.com and www.mydomain2.com both share the same IP address
(domain
aliases), then I thought that their APPLICATION variables, set and read
from the domain
root, would still be different. I'm surprised to see that an app variable
set with the
first domain is also available to the aliased second domain.

Sorry misunderstood your question. Yes the behaviour you are seeing is
correct. The ASP application has not interest in the domain name(s) used to
access it and does not depend on anything from the client to identify the
application. Hence all urls which ultimate resolve to the application folder
(or one of its sub-folders) will identify with the same application on the
web server and will share any application variables.

Anthony.

Vic
"Anthony Jones" <An*@yadayadayada.comwrote in message
news:%2****************@TK2MSFTNGP06.phx.gbl...
>
"Victor" <vi*@vic.comwrote in message
news:ON**************@TK2MSFTNGP06.phx.gbl...
I've got two domain names sharing the same IP address that use ASP
VBScript

If I set a session variable with domain 1, it is only available for

domain

1 - this is
correct?

If I set an application variable with domain 1, the app variable is
sharing across all
domains using that IP address - this is correct?

>
Nope. The problem is that inorder for the server to identify the

session it

sets a session cookie which is sent to the browser. The session cookie

will

be rooted in a URL which represents the root of the application. If you

use

two different domain names to access the same website they cannot share
sessions.
>
Eg.
>
A website is accessed as MyServer as well as MyServer.mydomain.com
>
It has an application called myapp
>
Visting http://MyServer/MyApp/Default.asp results in the browser

receiving a

session cookie rooted at http://MyServer/MyApp/
>
Now if in the same browser session you visit another page say
http://MyServer/MyApp/SomeFolder/somepage.asp
the session cookie for http://MyServer/MyApp/ is included in the

request

because the root path for the cookie matches the URL requested. This
enables ASP to access session variables that may have be created by
Default.asp earlier because the cookie identifies the session.
>
Now if, again in the same browser session, you visit yet another page

say

http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this

URL

does not match the path for which the earlier session cookie was

created.

Hence the session cookie is not sent in this request. The server sees
request as needing a new session and does not have any idea about the

other

session.
>
Hope this is clear,
>
Anthony.
>
This is the behavior I am seeing and I want to make sure that my

server is

set up
correct. I especially want to make sure application variable behavior

is

correct.

Thank you!

>
>

Aug 2 '06 #7

Victor

"Anthony Jones" <An*@yadayadayada.comwrote in message
news:Oq**************@TK2MSFTNGP03.phx.gbl...

Sorry misunderstood your question. Yes the behaviour you are seeing is
correct. The ASP application has not interest in the domain name(s) used to
access it and does not depend on anything from the client to identify the
application. Hence all urls which ultimate resolve to the application folder
(or one of its sub-folders) will identify with the same application on the
web server and will share any application variables.

Anthony.

This makes sense. Thank, Anthony.

Vic

Aug 2 '06 #8

Is this how session and application variables work?

This discussion thread is closed

Similar topics