By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,501 Members | 1,678 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,501 IT Pros & Developers. It's quick & easy.

Ending Session

P: n/a
I am trying to end a session for a site without having to completely close
the browser to end it.

When I access the site and log in it works fine. If I log out and in with a
different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6), and
have the same problems if I make multiple instances of the browser control
inside the app, but I CAN have different session inside the .NET windows app
than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached page?
I open a new browser and log in from the beginning, so the session can't be
in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin
Jul 19 '05 #1
Share this Question
Share on Google+
14 Replies


P: n/a
In an ASP page call:

Session.Abandon

The cookie is probably not where you thought it was or is hidden from you
since cookies *are* how ASP handles sessions.

Chris.

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
I am trying to end a session for a site without having to completely close
the browser to end it.

When I access the site and log in it works fine. If I log out and in with a
different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6), and
have the same problems if I make multiple instances of the browser control
inside the app, but I CAN have different session inside the .NET windows app
than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached page?
I open a new browser and log in from the beginning, so the session can't be
in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin

Jul 19 '05 #2

P: n/a
Chris,

Thank you very much for your response.

Unfortunately, it's not my page that I'm accessing. I'm writing an app for a
company that wants to 'scrape' the data off of the page from some other web
site to cut down on their data entry. Everything works fine, but I need to
close the browser (or whatever process holds the browser) to get rid of the
session. If I use IE Tools->Internet Options to delete cookies and temporary
files, or delete them myself the session persists??


"Chris Barber" <ch***@blue-canoe.co.uk.NOSPAM> wrote in message
news:Oy**************@tk2msftngp13.phx.gbl...
In an ASP page call:

Session.Abandon

The cookie is probably not where you thought it was or is hidden from you
since cookies *are* how ASP handles sessions.

Chris.

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
I am trying to end a session for a site without having to completely close
the browser to end it.

When I access the site and log in it works fine. If I log out and in with a different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6), and have the same problems if I make multiple instances of the browser control
inside the app, but I CAN have different session inside the .NET windows app than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached page? I open a new browser and log in from the beginning, so the session can't be in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin

Jul 19 '05 #3

P: n/a
Ahh, you mean you want to end the session for the remote webserver from the
client side?

http://www.asp101.com/articles/john/...nd/default.asp

As far as I know, it's not possible unless you can inform the remote
webserver that you want to end the session.

Chris.

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
Chris,

Thank you very much for your response.

Unfortunately, it's not my page that I'm accessing. I'm writing an app for a
company that wants to 'scrape' the data off of the page from some other web
site to cut down on their data entry. Everything works fine, but I need to
close the browser (or whatever process holds the browser) to get rid of the
session. If I use IE Tools->Internet Options to delete cookies and temporary
files, or delete them myself the session persists??


"Chris Barber" <ch***@blue-canoe.co.uk.NOSPAM> wrote in message
news:Oy**************@tk2msftngp13.phx.gbl...
In an ASP page call:

Session.Abandon

The cookie is probably not where you thought it was or is hidden from you
since cookies *are* how ASP handles sessions.

Chris.

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
I am trying to end a session for a site without having to completely close
the browser to end it.

When I access the site and log in it works fine. If I log out and in with a different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6), and have the same problems if I make multiple instances of the browser control
inside the app, but I CAN have different session inside the .NET windows app than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached page? I open a new browser and log in from the beginning, so the session can't be in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin


Jul 19 '05 #4

P: n/a
That stinks. I still want to think that there must a way since the remote
server really isn't holding any type of static connection with the client. I
can't figure out how it is keeping it's session? It has got to be storing it
somewhere client side.

Thank you again for your response and the link. It looks like it has quite a
bit of info.

I'll see what I can figure out...

-Darrin
"Chris Barber" <ch***@blue-canoe.co.uk.NOSPAM> wrote in message
news:e4**************@TK2MSFTNGP11.phx.gbl...
Ahh, you mean you want to end the session for the remote webserver from the client side?

http://www.asp101.com/articles/john/...nd/default.asp

As far as I know, it's not possible unless you can inform the remote
webserver that you want to end the session.

Chris.

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
Chris,

Thank you very much for your response.

Unfortunately, it's not my page that I'm accessing. I'm writing an app for a company that wants to 'scrape' the data off of the page from some other web site to cut down on their data entry. Everything works fine, but I need to
close the browser (or whatever process holds the browser) to get rid of the session. If I use IE Tools->Internet Options to delete cookies and temporary files, or delete them myself the session persists??


"Chris Barber" <ch***@blue-canoe.co.uk.NOSPAM> wrote in message
news:Oy**************@tk2msftngp13.phx.gbl...
In an ASP page call:

Session.Abandon

The cookie is probably not where you thought it was or is hidden from you since cookies *are* how ASP handles sessions.

Chris.

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
I am trying to end a session for a site without having to completely close the browser to end it.

When I access the site and log in it works fine. If I log out and in with
a
different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting

all cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6),

and
have the same problems if I make multiple instances of the browser control inside the app, but I CAN have different session inside the .NET windows

app
than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached

page?
I open a new browser and log in from the beginning, so the session can't

be
in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin


Jul 19 '05 #5

P: n/a
Darrin J Olson wrote:
That stinks. I still want to think that there must a way since the
remote server really isn't holding any type of static connection with
the client. I can't figure out how it is keeping it's session? It has
got to be storing it somewhere client side.


A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his
browser, or navigates to another page, or whatever. It only knows whether or
not it receives http requests containing the appropriate session id or not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jul 19 '05 #6

P: n/a
This I understand.

Here are the facts, and any help you can give would be greatly appreciated!

1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login page
and login with a new account without closing my browser, I get data from the
first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I
used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any subsequent
logins return data from the initial session login, regardless of wether or
not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the browsers
using IE and the browser controls in my application, they don't appear to
communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET C#),
so I have some familiarity, but I don't feel this has anything to do with
ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete any
cookies and don't see any in the index.dat file? The session always persists
unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a
new browser that was opened, which makes me think either cached pages or a
cookie. I delete the cached pages and the cookies, but the session remains.

Again, any help would be greatly appreciated.

Thanks,
-Darrin


"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:uy**************@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:
That stinks. I still want to think that there must a way since the
remote server really isn't holding any type of static connection with
the client. I can't figure out how it is keeping it's session? It has
got to be storing it somewhere client side.

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his
browser, or navigates to another page, or whatever. It only knows whether

or not it receives http requests containing the appropriate session id or not.
HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Jul 19 '05 #7

P: n/a
But .. the question was whether or not the session can be reset from the
client side (eg. delete the relevant cookie so that the http headers will
not contains the relevant session id).
I can't find any information about how to do it although I presume it would
only be possible from outside of IE itself [the cookie delete thing] without
setting off lots of security warnings. The basic mechanisms for how sessions
are created, timeout and die are well known and certainly from an ASP point
of view it's easy to achieve.

Chris.
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:uy**************@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:
That stinks. I still want to think that there must a way since the
remote server really isn't holding any type of static connection with
the client. I can't figure out how it is keeping it's session? It has
got to be storing it somewhere client side.


A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his
browser, or navigates to another page, or whatever. It only knows whether or
not it receives http requests containing the appropriate session id or not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Jul 19 '05 #8

P: n/a
It must have something to with ASP, or you wouldn't be posting here - right?
:>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
This I understand.

Here are the facts, and any help you can give would be greatly appreciated!
1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login page and login with a new account without closing my browser, I get data from the first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any subsequent logins return data from the initial session login, regardless of wether or
not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the browsers using IE and the browser controls in my application, they don't appear to
communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET C#), so I have some familiarity, but I don't feel this has anything to do with
ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete any cookies and don't see any in the index.dat file? The session always persists unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a
new browser that was opened, which makes me think either cached pages or a
cookie. I delete the cached pages and the cookies, but the session remains.
Again, any help would be greatly appreciated.

Thanks,
-Darrin


"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:uy**************@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:
That stinks. I still want to think that there must a way since the
remote server really isn't holding any type of static connection with
the client. I can't figure out how it is keeping it's session? It has
got to be storing it somewhere client side.

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his browser, or navigates to another page, or whatever. It only knows

whether or
not it receives http requests containing the appropriate session id or

not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


Jul 19 '05 #9

P: n/a
Thanks Bob, that would explain a lot.

As far as the newsgroup, I wasn't sure where to post it since it involved a
few different things, and I may not have had the potential of querying such
intelligent and knowledgeable folks if I used a different one. ;-)

Thanks again to both you and Chris for your help.
-Darrin


"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
It must have something to with ASP, or you wouldn't be posting here - right? :>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
This I understand.

Here are the facts, and any help you can give would be greatly appreciated!

1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login

page
and login with a new account without closing my browser, I get data from

the
first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I
used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any

subsequent
logins return data from the initial session login, regardless of wether

or not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the

browsers
using IE and the browser controls in my application, they don't appear to communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET

C#),
so I have some familiarity, but I don't feel this has anything to do with ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete

any
cookies and don't see any in the index.dat file? The session always

persists
unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a new browser that was opened, which makes me think either cached pages or a cookie. I delete the cached pages and the cookies, but the session

remains.

Again, any help would be greatly appreciated.

Thanks,
-Darrin


"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:uy**************@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:
> That stinks. I still want to think that there must a way since the
> remote server really isn't holding any type of static connection with > the client. I can't figure out how it is keeping it's session? It has > got to be storing it somewhere client side.
>

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes

his browser, or navigates to another page, or whatever. It only knows

whether
or
not it receives http requests containing the appropriate session id or

not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"



Jul 19 '05 #10

P: n/a
Thanks for the info Bob.

I was beginning to suspect the same although all information I've ever seen
seems to indicate (indirectly) that session persistence was to do with
cookies. However, on thinking about it, I now see that the information I
have read says that 'ASP sessions require that cookies be enabled', *not*
that IE stores the session id *as* a cookie.

So, that would explain the majority of stuff but perhaps not the multiple
browsers getting the same session data scenario which I have no idea why
that could be happening unless both (or more) instances of IE are in fact
instances of a class from an ActiveX EXE (thus all instances could be
getting access to the same common 'session' information dependant on the
settings for the class). NB: MS Word work like this in that Word.exe is in
fact an ActiveXEXE Server.

Chris.

"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
It must have something to with ASP, or you wouldn't be posting here - right?
:>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
This I understand.

Here are the facts, and any help you can give would be greatly appreciated!
1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login page and login with a new account without closing my browser, I get data from the first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any subsequent logins return data from the initial session login, regardless of wether or
not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the browsers using IE and the browser controls in my application, they don't appear to
communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET C#), so I have some familiarity, but I don't feel this has anything to do with
ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete any cookies and don't see any in the index.dat file? The session always persists unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a
new browser that was opened, which makes me think either cached pages or a
cookie. I delete the cached pages and the cookies, but the session remains.
Again, any help would be greatly appreciated.

Thanks,
-Darrin


"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:uy**************@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:
That stinks. I still want to think that there must a way since the
remote server really isn't holding any type of static connection with
the client. I can't figure out how it is keeping it's session? It has
got to be storing it somewhere client side.

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his browser, or navigates to another page, or whatever. It only knows

whether or
not it receives http requests containing the appropriate session id or

not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"



Jul 19 '05 #11

P: n/a
I'd say that the implementation of the sessions *is* - predominantly for
this discussion - ASP but the surrounding technologies may not be ... I
still reckon ASP was the right choice.

LoL, and I still managed to learn something.

Chris.

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
Thanks Bob, that would explain a lot.

As far as the newsgroup, I wasn't sure where to post it since it involved a
few different things, and I may not have had the potential of querying such
intelligent and knowledgeable folks if I used a different one. ;-)

Thanks again to both you and Chris for your help.
-Darrin


"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
It must have something to with ASP, or you wouldn't be posting here - right? :>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
This I understand.

Here are the facts, and any help you can give would be greatly appreciated!

1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login

page
and login with a new account without closing my browser, I get data from

the
first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I
used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any

subsequent
logins return data from the initial session login, regardless of wether

or not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the

browsers
using IE and the browser controls in my application, they don't appear to communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET

C#),
so I have some familiarity, but I don't feel this has anything to do with ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete

any
cookies and don't see any in the index.dat file? The session always

persists
unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a new browser that was opened, which makes me think either cached pages or a cookie. I delete the cached pages and the cookies, but the session

remains.

Again, any help would be greatly appreciated.

Thanks,
-Darrin


"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:uy**************@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:
> That stinks. I still want to think that there must a way since the
> remote server really isn't holding any type of static connection with > the client. I can't figure out how it is keeping it's session? It has > got to be storing it somewhere client side.
>

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes

his browser, or navigates to another page, or whatever. It only knows

whether
or
not it receives http requests containing the appropriate session id or

not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"




Jul 19 '05 #12

P: n/a
Chris,

I think you are on the right track. That would also explain why when I add
the activeX browser controls to my .NET app it holds a different session and
must use a different cookie in memory than what the browsers out of the OS
do. It must kind of hold a common cookie per process per domain.

Thanks!

-Darrin


"Chris Barber" <ch***@blue-canoe.co.uk.NOSPAM> wrote in message
news:Or****************@TK2MSFTNGP12.phx.gbl...
Thanks for the info Bob.

I was beginning to suspect the same although all information I've ever seen seems to indicate (indirectly) that session persistence was to do with
cookies. However, on thinking about it, I now see that the information I
have read says that 'ASP sessions require that cookies be enabled', *not*
that IE stores the session id *as* a cookie.

So, that would explain the majority of stuff but perhaps not the multiple
browsers getting the same session data scenario which I have no idea why
that could be happening unless both (or more) instances of IE are in fact
instances of a class from an ActiveX EXE (thus all instances could be
getting access to the same common 'session' information dependant on the
settings for the class). NB: MS Word work like this in that Word.exe is in
fact an ActiveXEXE Server.

Chris.

"Bob Lehmann" <no****@dontbotherme.zzz> wrote in message
news:%2***************@tk2msftngp13.phx.gbl...
It must have something to with ASP, or you wouldn't be posting here - right? :>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <da************@sio.midco.net> wrote in message
news:vp************@corp.supernews.com...
This I understand.

Here are the facts, and any help you can give would be greatly appreciated!

1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login

page
and login with a new account without closing my browser, I get data from

the
first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I
used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any

subsequent
logins return data from the initial session login, regardless of wether

or not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the

browsers
using IE and the browser controls in my application, they don't appear to communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET

C#),
so I have some familiarity, but I don't feel this has anything to do with ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete

any
cookies and don't see any in the index.dat file? The session always

persists
unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a new browser that was opened, which makes me think either cached pages or a cookie. I delete the cached pages and the cookies, but the session

remains.

Again, any help would be greatly appreciated.

Thanks,
-Darrin


"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:uy**************@TK2MSFTNGP09.phx.gbl...
Darrin J Olson wrote:
> That stinks. I still want to think that there must a way since the
> remote server really isn't holding any type of static connection with > the client. I can't figure out how it is keeping it's session? It has > got to be storing it somewhere client side.
>

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes

his browser, or navigates to another page, or whatever. It only knows

whether
or
not it receives http requests containing the appropriate session id or

not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"



Jul 19 '05 #13

P: n/a
"Chris Barber" <ch***@blue-canoe.co.uk.NOSPAM> wrote in message
news:Or**************@TK2MSFTNGP12.phx.gbl...
have read says that 'ASP sessions require that cookies be enabled', *not* that IE stores the session id *as* a cookie.
It is specifically a "Session Cookie", they are special and only exist
in memory (aka Temporary Cookies). They are not the same thing as
other Cookies. It is two different animals.
So, that would explain the majority of stuff but perhaps not the multiple browsers getting the same session data scenario which I have no idea

why

Multiple Browser *Windows* get the same session, multiple Browser
*instances* do not. Hitting "CTRL-N" pops up a new Window not a new
"Browser". To get a new browse you must re-execute the excutable
(iexplorer.exe).

--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com
Jul 19 '05 #14

P: n/a
I've never really tried that hard to find the exact circumstances so thanks
for the info, it's much appreciated.

Chris.

"Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
"Chris Barber" <ch***@blue-canoe.co.uk.NOSPAM> wrote in message
news:Or**************@TK2MSFTNGP12.phx.gbl...
have read says that 'ASP sessions require that cookies be enabled', *not* that IE stores the session id *as* a cookie.
It is specifically a "Session Cookie", they are special and only exist
in memory (aka Temporary Cookies). They are not the same thing as
other Cookies. It is two different animals.
So, that would explain the majority of stuff but perhaps not the multiple browsers getting the same session data scenario which I have no idea

why

Multiple Browser *Windows* get the same session, multiple Browser
*instances* do not. Hitting "CTRL-N" pops up a new Window not a new
"Browser". To get a new browse you must re-execute the excutable
(iexplorer.exe).

--

Phillip Windell [CCNA, MVP, MCP]
pw******@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com

Jul 19 '05 #15

This discussion thread is closed

Replies have been disabled for this discussion.