467,894 Members | 1,461 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,894 developers. It's quick & easy.

Session Var Issues

Hi all,

Anyone out there using session vars to hold user information when a user
logs in to your Web site, and sometimes having the Session Vars not get
set (especially in IE)?

My situation involves a Web site that uses a Session Var to hold a
UserID and another to hold a UserType and some users are being directed
to our 'timeout' message right away when they log in - it's coded so
users get directed here if the Session Vars are empty, NULL, or "" so
they are not really 'timing out'. The biggest problem is that some
users cannot even get in. I have found that IE's Privacy setting about
'blocking all cookies' will cause this to happen and as long as the
privacy gets set to 'High', you can still block cookies as long as you
enable 'Session Cookies'. I have also found a work around by adding the
Web site to the list of trusted sites in IE. Any other suggestions?
Perhaps there is a coding work-around that I am not aware of.

Any tips would be appreciated. Thanks

Agent H :)

*** Sent via Developersdex http://www.developersdex.com ***
Oct 25 '06 #1
  • viewed: 1112
Share:
2 Replies
Agent H wrote:
Hi all,

Anyone out there using session vars to hold user information when a
user logs in to your Web site,
Yes
and sometimes having the Session Vars
not get set (especially in IE)?
No.
>
My situation involves a Web site that uses a Session Var to hold a
UserID and another to hold a UserType and some users are being
directed to our 'timeout' message right away when they log in - it's
coded so users get directed here if the Session Vars are empty, NULL,
or "" so they are not really 'timing out'. The biggest problem is
that some users cannot even get in. I have found that IE's Privacy
setting about 'blocking all cookies' will cause this to happen
Of course. Sessions depend on session cookies.
and as
long as the privacy gets set to 'High', you can still block cookies
as long as you enable 'Session Cookies'. I have also found a work
around by adding the Web site to the list of trusted sites in IE.
Any other suggestions? Perhaps there is a coding work-around that I
am not aware of.
No, those are the only solutions if you wish to use the Session object.
Of course, you could roll your own session management system involving a
database, completely avoiding the need for cookies. Just be aware of the
possibility that not all users are benign: for example, a user might try
to hijack another user's "session". Keep that in mind when you design
your security structure.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Oct 25 '06 #2
Hi all,

Thanks for the help, Bob. I was glad to hear that I wasn't completely
crazy in thinking that Cookies were needed. :) Have a great day!

Agent H :)

*** Sent via Developersdex http://www.developersdex.com ***
Oct 25 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by ASP.Confused | last post: by
4 posts views Thread by Nick Gilbert | last post: by
26 posts views Thread by BillE | last post: by
13 posts views Thread by Laurahn | last post: by
25 posts views Thread by =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post: by
8 posts views Thread by Andrew Teece | last post: by
13 posts views Thread by Samir Chouaieb | last post: by
5 posts views Thread by =?Utf-8?B?QmlsbHkgWmhhbmc=?= | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.