473,288 Members | 1,726 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,288 software developers and data experts.

Response.Redirect via XMLHTTP causes new Session

I have an ASP page that is using an XMLHTTP object to request various
pages from my server. I keep a single session throughout the XMLHTTP
requests by bassing the ASPSESSIONID cookie through the XMLHTTP object.

However, when the page requested through the XML object makes a
<%Response.Redirect()%>
call, a new session is created each time.

Is this a flaw in the XMLHTTP Object? How can I force the session to
remain the same after a Response.Redirect call?

Sep 21 '06 #1
4 11334
mi********@gmail.com wrote:
I have an ASP page that is using an XMLHTTP object to request various
pages from my server.
Is this being done in client-side code? or are you really using the
XMLHTTPServer object?
I keep a single session throughout the
XMLHTTP requests by bassing the ASPSESSIONID cookie through the
XMLHTTP object.
If using XMLHTTP from client-side code, I do not believe this is
necessary.
>
However, when the page requested through the XML object makes a
<%Response.Redirect()%>
call, a new session is created each time.
This test fails to duplicate your behavior:

xmlhttp_session.asp:
<%
session("test")="Z"
%>
<HTML>
<HEAD>
<script type="text/javascript">
function test()
{
var oHTTP = new ActiveXObject("Microsoft.XMLHTTP");
oHTTP.open("POST","getsessionval.asp", false);
oHTTP.send();
alert(oHTTP.responseText)
}
</script>
</HEAD>
<BODY>
<INPUT type="button" value="Button" id=button1 name=button1
onclick="test();">
</BODY>
</HTML>
getsessionval.asp:
<%response.redirect "getsessionval2.asp"%>

getsessionval2.asp:
<%response.write session("test")%>

Clicking the button results in "Z" being alerted.

Have I just wasted my time? Are you really using XMLHTTPServer in
server-side code?

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Sep 21 '06 #2

Bob Barrows [MVP] wrote:
mi********@gmail.com wrote:
I have an ASP page that is using an XMLHTTP object to request various
pages from my server.
Is this being done in client-side code? or are you really using the
XMLHTTPServer object?
I keep a single session throughout the
XMLHTTP requests by bassing the ASPSESSIONID cookie through the
XMLHTTP object.

If using XMLHTTP from client-side code, I do not believe this is
necessary.

However, when the page requested through the XML object makes a
<%Response.Redirect()%>
call, a new session is created each time.
This test fails to duplicate your behavior:

xmlhttp_session.asp:
<%
session("test")="Z"
%>
<HTML>
<HEAD>
<script type="text/javascript">
function test()
{
var oHTTP = new ActiveXObject("Microsoft.XMLHTTP");
oHTTP.open("POST","getsessionval.asp", false);
oHTTP.send();
alert(oHTTP.responseText)
}
</script>
</HEAD>
<BODY>
<INPUT type="button" value="Button" id=button1 name=button1
onclick="test();">
</BODY>
</HTML>
getsessionval.asp:
<%response.redirect "getsessionval2.asp"%>

getsessionval2.asp:
<%response.write session("test")%>

Clicking the button results in "Z" being alerted.

Have I just wasted my time? Are you really using XMLHTTPServer in
server-side code?

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Bob, I apologize for not making myself more clear. I am indeed using
ServerXMLHTTP.

Setting up an example isn't necessarily simple, but I'll give it a
shot.

Page1.asp:
<%
<!--#include file="includes/classes/cookie.asp" -->
Function ProcessResponseHeaders(sHeaders)
Set reCookies = New RegExp
reCookies.IgnoreCase = true
reCookies.Global = true
reCookies.Pattern = "Set-Cookie: [^\n]*\n"
Set oMatches = reCookies.Execute(sHeaders)
for each oMatch in oMatches
Set oCookie = New Cookie
oCookie.ParseCookieHeader(oMatch.Value)
if(oCookie.IsSessionCookie)then
Session("CookieName") = oCookie.Name
Session("CookieValue") = oCookie.Value
else
oCookie.WriteToResponse()
end if
next
End Function

sSessionCookie = Session("CookieName")
sSessionCookieValue = Session("CookieValue")

Set oHTTPpost = Server.CreateObject("Msxml2.ServerXMLHTTP")
oHTTPpost.open "GET", "http:/url.tld/testsession.asp" , false
oHTTPpost.SetRequestHeader "Cookie", sSessionCookie & "=" &
sSessionCookieValue
oHTTPpost.send(null)
sReturnValue = oHTTPpost.responseText
ProcessResponseHeaders(oHTTPPost.GetAllResponseHea ders)
Response.Write(sReturnValue)
%>

testsession.asp
<%
Response.Redirect("redirecttarget.asp")
Response.Write(Session.SessionID)
%>

redirecttarget.asp
<%
Response.Write(Session.SessionID)
%>

cookie.asp:
<%
Class Cookie
Public Name
Public Value
Public Expires
Public Path

Private Sub Class_Initialize
Me.Name = ""
Me.Value = ""
Me.Expires = ""
Me.Path = ""
End Sub

Private Sub Class_Terminate

End Sub

Public Function ParseCookieHeader(sHeader)
Set reCookie = New RegExp
reCookie.IgnoreCase = true
reCookie.Global = true
reCookie.Pattern = "[^\s]*=[^\n;]*"
Set oMatches = reCookie.Execute(sHeader)
for each oMatch in oMatches
a_sMatch = split(oMatch.value,"=")
sName = a_sMatch(0)
sValue = a_sMatch(1)
select case lcase(sName)
case "path": Me.Path = URLDecode(sValue)
case "expires": Me.Expires = URLDecode(sValue)
case else: Me.Name = URLDecode(sName)
Me.Value = URLDecode(sValue)
end select
next
End Function

Public Function WriteToResponse()
if(Me.Name <"")then
Response.Cookies(Me.Name) = Me.Value
if(Me.Path <"")then
Response.Cookies(Me.Name).Path = Me.Path
end if
if(Me.Expires <"")then
Response.Cookies(Me.Name).Expires = Me.Expires
end if
end if
End Function

Function URLDecode(sConvert)
Dim aSplit
Dim sOutput
Dim I
If IsNull(sConvert) Then
URLDecode = ""
Exit Function
End If

' convert all pluses to spaces
sOutput = REPLACE(sConvert, "+", " ")

' next convert %hexdigits to the character
aSplit = Split(sOutput, "%")

If IsArray(aSplit) Then
sOutput = aSplit(0)
For I = 0 to UBound(aSplit) - 1
sOutput = sOutput & _
Chr("&H" & Left(aSplit(i + 1), 2)) &_
Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
Next
End If

URLDecode = sOutput
End Function
End Class
%>

So, in this example, page1.asp requests testsession.asp via the
ServerXMLTTP object. page1.asp maintains the ASP session ID by passing
the ASPSESSIONID cookie to through the ServerXMLHTTP object.
ProcessFunctionHeaders and the cookie class are responsible for this.
Once requested, testsession.asp writes a redirect header to the client
(in this case the ServerXMLHTTP object). The client then redirects to
redirecttarget.asp, which prints the current session id.) As you will
see, the value printed by page1.asp will increment with ever refresh of
page1.asp. Commenting the first line of testsession.asp (commenting out
the redirect) causes the sessionid to remain constant with every
refresh of page1.asp.

This leads me to believe that the ServerXMLHTTP object fails to pass
the cookies to the server if the server has responded with a 302
redirect header (issued by response.redirect). Can anyone confirm or
deny this issue?

Many thanks.
Mike Biang
Software Developmer
Cramer Development
mi********@gmail.com

Sep 21 '06 #3

<mi********@gmail.comwrote in message
news:11**********************@i42g2000cwa.googlegr oups.com...
>
Bob Barrows [MVP] wrote:
mi********@gmail.com wrote:
I have an ASP page that is using an XMLHTTP object to request various
pages from my server.
Is this being done in client-side code? or are you really using the
XMLHTTPServer object?
I keep a single session throughout the
XMLHTTP requests by bassing the ASPSESSIONID cookie through the
XMLHTTP object.
If using XMLHTTP from client-side code, I do not believe this is
necessary.
>
However, when the page requested through the XML object makes a
<%Response.Redirect()%>
call, a new session is created each time.
>
This test fails to duplicate your behavior:

xmlhttp_session.asp:
<%
session("test")="Z"
%>
<HTML>
<HEAD>
<script type="text/javascript">
function test()
{
var oHTTP = new ActiveXObject("Microsoft.XMLHTTP");
oHTTP.open("POST","getsessionval.asp", false);
oHTTP.send();
alert(oHTTP.responseText)
}
</script>
</HEAD>
<BODY>
<INPUT type="button" value="Button" id=button1 name=button1
onclick="test();">
</BODY>
</HTML>
getsessionval.asp:
<%response.redirect "getsessionval2.asp"%>

getsessionval2.asp:
<%response.write session("test")%>

Clicking the button results in "Z" being alerted.

Have I just wasted my time? Are you really using XMLHTTPServer in
server-side code?

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Bob, I apologize for not making myself more clear. I am indeed using
ServerXMLHTTP.

Setting up an example isn't necessarily simple, but I'll give it a
shot.

Page1.asp:
<%
<!--#include file="includes/classes/cookie.asp" -->
Function ProcessResponseHeaders(sHeaders)
Set reCookies = New RegExp
reCookies.IgnoreCase = true
reCookies.Global = true
reCookies.Pattern = "Set-Cookie: [^\n]*\n"
Set oMatches = reCookies.Execute(sHeaders)
for each oMatch in oMatches
Set oCookie = New Cookie
oCookie.ParseCookieHeader(oMatch.Value)
if(oCookie.IsSessionCookie)then
Session("CookieName") = oCookie.Name
Session("CookieValue") = oCookie.Value
else
oCookie.WriteToResponse()
end if
next
End Function

sSessionCookie = Session("CookieName")
sSessionCookieValue = Session("CookieValue")

Set oHTTPpost = Server.CreateObject("Msxml2.ServerXMLHTTP")
oHTTPpost.open "GET", "http:/url.tld/testsession.asp" , false
oHTTPpost.SetRequestHeader "Cookie", sSessionCookie & "=" &
sSessionCookieValue
oHTTPpost.send(null)
sReturnValue = oHTTPpost.responseText
ProcessResponseHeaders(oHTTPPost.GetAllResponseHea ders)
Response.Write(sReturnValue)
%>

testsession.asp
<%
Response.Redirect("redirecttarget.asp")
Response.Write(Session.SessionID)
%>

redirecttarget.asp
<%
Response.Write(Session.SessionID)
%>

cookie.asp:
<%
Class Cookie
Public Name
Public Value
Public Expires
Public Path

Private Sub Class_Initialize
Me.Name = ""
Me.Value = ""
Me.Expires = ""
Me.Path = ""
End Sub

Private Sub Class_Terminate

End Sub

Public Function ParseCookieHeader(sHeader)
Set reCookie = New RegExp
reCookie.IgnoreCase = true
reCookie.Global = true
reCookie.Pattern = "[^\s]*=[^\n;]*"
Set oMatches = reCookie.Execute(sHeader)
for each oMatch in oMatches
a_sMatch = split(oMatch.value,"=")
sName = a_sMatch(0)
sValue = a_sMatch(1)
select case lcase(sName)
case "path": Me.Path = URLDecode(sValue)
case "expires": Me.Expires = URLDecode(sValue)
case else: Me.Name = URLDecode(sName)
Me.Value = URLDecode(sValue)
end select
next
End Function

Public Function WriteToResponse()
if(Me.Name <"")then
Response.Cookies(Me.Name) = Me.Value
if(Me.Path <"")then
Response.Cookies(Me.Name).Path = Me.Path
end if
if(Me.Expires <"")then
Response.Cookies(Me.Name).Expires = Me.Expires
end if
end if
End Function

Function URLDecode(sConvert)
Dim aSplit
Dim sOutput
Dim I
If IsNull(sConvert) Then
URLDecode = ""
Exit Function
End If

' convert all pluses to spaces
sOutput = REPLACE(sConvert, "+", " ")

' next convert %hexdigits to the character
aSplit = Split(sOutput, "%")

If IsArray(aSplit) Then
sOutput = aSplit(0)
For I = 0 to UBound(aSplit) - 1
sOutput = sOutput & _
Chr("&H" & Left(aSplit(i + 1), 2)) &_
Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
Next
End If

URLDecode = sOutput
End Function
End Class
%>

So, in this example, page1.asp requests testsession.asp via the
ServerXMLTTP object. page1.asp maintains the ASP session ID by passing
the ASPSESSIONID cookie to through the ServerXMLHTTP object.
ProcessFunctionHeaders and the cookie class are responsible for this.
Once requested, testsession.asp writes a redirect header to the client
(in this case the ServerXMLHTTP object). The client then redirects to
redirecttarget.asp, which prints the current session id.) As you will
see, the value printed by page1.asp will increment with ever refresh of
page1.asp. Commenting the first line of testsession.asp (commenting out
the redirect) causes the sessionid to remain constant with every
refresh of page1.asp.

This leads me to believe that the ServerXMLHTTP object fails to pass
the cookies to the server if the server has responded with a 302
redirect header (issued by response.redirect). Can anyone confirm or
deny this issue?
Here is a simple test I've done:-

Test.asp:-
<%Response.Redirect("Test2.asp")%>

Test2.asp:-
Hello World

Test.vbs:-
Option Explicit

Dim oXH : Set oXH = CreateObject("MSXML2.ServerXMLHTTP")
oXH.Open "GET", "http://myserver/test/test.asp", False
oXH.Send

MsgBox oXH.responseText
Watching the http traffic I see that the 302 from the server carries the
Set-Cookie: ASPSESSIONxxxxxxxx=xxxxx; and the subsequent request to
test2.asp generated internally be WinHTTP carries this cookie in the
request. So it would seem that ServerXMLHTTP does pass on cookies received
in these cases.

I used this unbelievably useful (and free) tool:-
http://www.fiddlertool.com/fiddler/version.asp

To monitor the http traffic. Since this is in effect a proxy server so once
fired up you need to let WinHTTP know what the proxy settings are. Use the
command line 'proxycfg -u' to make sure WinHTTP traffic runs through it. Be
sure to use 'proxycfg -d' after you done to remove the settings.

Here are some questions:-

MSXML3 is installed in replace mode? Try using the specific version of the
prog ID MSXML2.ServerXMLHTTP.3.0.

Have you got the latest version of msxml3? There are some KBs refering to
older releases om msxml3 which may be relevant.
For example http://support.microsoft.com/kb/326847/EN-US/ not an exact match
but close.

If you install msxml6 and use 6 specific progIDs do you still get the
problem?
Many thanks.
Mike Biang
Software Developmer
Cramer Development
mi********@gmail.com

Sep 22 '06 #4
Anthony Jones wrote:

Anthony, could you contact me offline?

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Sep 22 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Gary | last post by:
I am having a strange problem that I cannot solve. I have an asp page that I use for a user to login and gain access to other pages. When the user logs in I set a couple of session variables like...
0
by: Chris North | last post by:
I needed a mechanism to prevent a webform from resubmitting data if a user presses the "Back" button following a submit. To provide this mechanism, on Page_Load, I check a value in viewstate...
7
by: Anne | last post by:
hie there, i want to be able to pass multiple parameters to another page. currently, i am able to do so, but somehow i feel it is not the correct way to do it. below is part of what i have so far....
6
by: Sam | last post by:
I have some issues with HTTP Headers and I was hoping for some pointers or references to good articles. Here is the problem. I have 6 .aspx pages, each page contains a common .ascx. This ascx...
10
by: Anthony Williams | last post by:
Hi gang, This one looks like a bug :o( As you may or may not know, setting session management in web.config to use cookieless sessions causes the ASP.NET runtime to munge a session ID into...
4
by: csn | last post by:
Is it possible to have a Response.Redirect in Global.asax in the Application_Start and Session_Start events? We have code in both events, with try-catch blocks, and if an exception is caught, we...
10
by: GreggTB | last post by:
I've got an page (LOGIN.ASPX) that receives the user's login information. During the page load, it checks the credentials against a database and, if validation is successful, creates an instance of...
12
by: gigi | last post by:
How to send more than one value using response redirect? For example i can send one like this response.Redirect "pregled.asp?ime=" & strUserName but how to send two or more values? I tried...
9
by: RN1 | last post by:
When a server encounters the line Response.Redirect("abcd.asp") in a ASP script, the server tells the browser that it has to be redirected to another page (which is abcd.asp, in this case)....
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.