By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,903 Members | 2,036 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,903 IT Pros & Developers. It's quick & easy.

session variable inconsistency

P: n/a
Hi,
I am experiencing a problem with recalling a session variable which stores
whether a person is logged in to a "members only" section of a website. This
area of the site has been working flawlessly for a couple of years under
Windows 2000 server but now is very inconsistent following a recent upgrade
to Windows server 2003. Following a login, the login info is passed to this
asp page that checks an Access database for the user name and password:

SET DbObject = Server.CreateObject ("ADODB.Connection")
DbObject.Open "DSN=pseudoCAP1;UID=;PWD="
set rs = server.createobject("adodb.recordset")
SET Rs = DbObject.Execute (SQL)

If Rs.EOF Then
Session("Authenticated") = 0
Response.Redirect ("unsuccessfulLogin.htm")
Else
Session("Authenticated") = 1
Session("user") = Request.Form("username")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redirect "main.asp"

If a correct password and username is provided, the user is always forwarded
to the main.asp member start page. I included a snippet of code while
troubleshooting to print the value of the authentication session variable
in the browser window to see if it was set (1=logged in, 0= not logged in).
However about 50% of the time, the following error occurs with our access
database and Authentication session variable is output as = 0:
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record has been deleted. Requested
operation requires a current record.

C:\INETPUB\WWWROOT\SUBMISSIONS\../include/functions.inc, line 4

The way that this page is written though, even if the record was not present
(although it is when I open the database), the authentication should still
be set to 1. Refreshing the main.asp page will often eliminate the ADODB
error above and the session variable value of 1 will be returned.

The rest of the time, authentication is OK and a value of 1 is output.
However when the user goes to another page requiring authentication, they
are redirected back to the login.html page because the authentication
variable is once again set as zero!

Could this be an IIS 6.0 specific problem (I do have session state enabled
at default value of 20 min) ??

Or could there be some permissions problem related to a specific file (I
have checked the database as well as the related files and they all seem
OK)?

Thanks,
Geoff

Jul 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Could you post your code?
"Geoff Winsor" <ge***@brinkman.mbb.sfu.ca> wrote in message
news:cb**********@morgoth.sfu.ca...
Hi,
I am experiencing a problem with recalling a session variable which stores
whether a person is logged in to a "members only" section of a website. This area of the site has been working flawlessly for a couple of years under
Windows 2000 server but now is very inconsistent following a recent upgrade to Windows server 2003. Following a login, the login info is passed to this asp page that checks an Access database for the user name and password:

SET DbObject = Server.CreateObject ("ADODB.Connection")
DbObject.Open "DSN=pseudoCAP1;UID=;PWD="
set rs = server.createobject("adodb.recordset")
SET Rs = DbObject.Execute (SQL)

If Rs.EOF Then
Session("Authenticated") = 0
Response.Redirect ("unsuccessfulLogin.htm")
Else
Session("Authenticated") = 1
Session("user") = Request.Form("username")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redirect "main.asp"

If a correct password and username is provided, the user is always forwarded to the main.asp member start page. I included a snippet of code while
troubleshooting to print the value of the authentication session variable
in the browser window to see if it was set (1=logged in, 0= not logged in). However about 50% of the time, the following error occurs with our access
database and Authentication session variable is output as = 0:
ADODB.Field error '800a0bcd'
Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

C:\INETPUB\WWWROOT\SUBMISSIONS\../include/functions.inc, line 4

The way that this page is written though, even if the record was not present (although it is when I open the database), the authentication should still
be set to 1. Refreshing the main.asp page will often eliminate the ADODB
error above and the session variable value of 1 will be returned.

The rest of the time, authentication is OK and a value of 1 is output.
However when the user goes to another page requiring authentication, they
are redirected back to the login.html page because the authentication
variable is once again set as zero!

Could this be an IIS 6.0 specific problem (I do have session state enabled at default value of 20 min) ??

Or could there be some permissions problem related to a specific file (I
have checked the database as well as the related files and they all seem
OK)?

Thanks,
Geoff

Jul 19 '05 #2

P: n/a
Hi James,
Here is the code for login.html, verify.asp (sets the session variable),
main.asp, a method in the functions.inc file (which contains a line referred
to in the previous error message) and a snippet of code from options.asp
that checks to see if the authentication variable is set. I hope it is not
too messy too read.

The important code for the login page:

<form action=verify.asp method=Post
enctype="application/x-www-form-urlencoded" name=start
Onsubmit="return validateForm(this);">
<table border=0 cellpadding=0 width="22%"
style='width:22.0%;mso-cellspacing:
1.5pt;mso-padding-alt:2.25pt 2.25pt 2.25pt 2.25pt'>
<tr><td width="47%" style='width:47.0%;padding:2.25pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal>Username:&nbsp;</p>
</td> <td width="53%" style='width:53.0%;padding:2.25pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal><INPUT TYPE="text" SIZE="15" NAME="username"></p>
</td></tr><tr>
<td width="47%" style='width:47.0%;padding:2.25pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal>Password:</p></td>
<td width="53%" style='width:53.0%;padding:2.25pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal><INPUT TYPE="password" SIZE="15" NAME="password"></p>
</td></tr><tr>
<td colspan=2 style='padding:2.25pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal><INPUT TYPE="submit" ACTION="verify.asp"
METHOD="Post" NAME="submit"
ACTION=verify.asp METHOD=Post></p>
</td></tr></table>
</form>

The asp code for the verify.asp page:

<%
SQL ="SELECT * FROM Researcher WHERE StrComp('" & Request.Form("username")
& "', ResearcherID, 0)=0 AND StrComp(UserPassword, '" &
Request.Form("password") & "', 0)=0"
SET DbObject = Server.CreateObject ("ADODB.Connection")
DbObject.Open "DSN=pseudoCAP1;UID=;PWD="
set rs = server.createobject("adodb.recordset")
SET Rs = DbObject.Execute (SQL)
If Rs.EOF Then
Session("Authenticated") = 0
Response.Redirect ("unsuccessfulLogin.htm")
Else
Session("Authenticated") = 1
Session("user") = Request.Form("username")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redirect "main.asp"
%>

The main.asp page (does not check for a login but provides links to pages
that do need an authentication):

<%@ Language=VBScript %>
<SCRIPT LANGUAGE="JavaScript" src="include/help_windows.js"></SCRIPT>
<!--#INCLUDE FILE="../include/functions.inc"-->
<%
'Declare ADOVBS constants
Const adOpenStatic = 3
Const adLockOptimistic = 3
Const adCmdText = &H0001
SQL = "SELECT * FROM Researcher R LEFT OUTER JOIN Institution I ON I.iName
= R.Institution AND I.Street = R.Street AND I.City = R.City WHERE
ResearcherID = '" & Session("user") &"'"
SET DbObject = Server.CreateObject ("ADODB.Connection")
DbObject.Open "DSN=pseudoCAP1"
set RS = server.createobject("adodb.recordset")
RS.Open SQL, DbObject, adOpenStatic, adLockOptimistic, adCMDText
%>
<p align="center"><form METHOD="post" NAME="query"
ACTION="../UpdatesSearchResultsU.asp" target=_blank
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('history','','/images/viewHistory2.gif',1)"
onSubmit="return validRange(this);">
<input id="SearchStr1a" type="hidden" name="SearchStr1a" value="">
<input id="SearchStr1b" type="hidden" name="SearchStr1b" value="">
<input id="SearchStr1a_m" type="hidden" name="SearchStr1a_m" value="">
<input id="SearchStr1a_d" type="hidden" name="SearchStr1a_d" value="">
<input id="SearchStr1a_y" type="hidden" name="SearchStr1a_y" value="">
<input type="hidden" name="ord1" value="date_updated">
<input id="SearchStr1b_m" type="hidden" name="SearchStr1b_m" value="">
<input id="SearchStr2a_d" type="hidden" name="SearchStr1b_d" value="">
<input id="SearchStr2a_y" type="hidden" name="SearchStr1b_y" value="">
<input id="SearchStr4" type="hidden" name="SearchStr4"
maxlength="255">
<input id="viewRecent" type="hidden" name="viewRecent" value="false">
<input id="Field2" type="hidden" name="Field2" value="Participant">
<input id="SearchStr2" type="hidden" name="SearchStr2"
value="<%=getField(RS, "rLastName")%>">
<input name="history" type="image" border="0"
src="/images/viewHistory.gif" width="224" height="26" alt="View Submission
History">
</form></p><p>&nbsp;</p><p>If you have not already logged in, you will
have to do so <a href="login.html">here</a>.</p></td></tr></table>
<%
rs.Close
Set rs = Nothing
DbObject.close
Set DbObject = Nothing
%>
<p>&nbsp;</p>
</center>
</BODY>
</HTML>

A functions.inc file contains this function that is called in the form above
and is sometimes returned:

function getField(oRs, fieldIndex)
Strtemp = oRs(fieldIndex) ### this is the line referred to in
the error returned in my browser###
if isnull(strtemp) then
getField = ""
else
getField = Strtemp
end if
end function
Finally each page linked to from the main.asp page checks for the value of
the "Authentication" session variable:

<%
' Verify that the user has logged in
If Session("Authenticated") = 0 Then
Response.Redirect ("login.html")
End If
%>

I guess that is it. Thanks.
Geoff
Jul 19 '05 #3

P: n/a
I think I found the source of the problem:

Last week I was experimenting with assigning more than one worker process to
the web garden under the application pool properties in IIS 6.0 (because I
had an incident where IIS stopped serving ASP pages, possibly due to a bug
in the jet database engine when using ODBC). From my limited understanding
of IIS it seems that during one session, multiple worker processes may be
assigned and that they don't have access to the session variable assigned to
another process; hence the reason for being forwarded to the login.html
page. I guess the occassional error on the main.asp page is a separate
matter.
Anyway, I switched back to allowing only one worker process and the problem
seems resolved.
Geoff
"Geoff Winsor" <ge***@brinkman.mbb.sfu.ca> wrote in message
news:cb**********@morgoth.sfu.ca...
Hi James,
Here is the code for login.html, verify.asp (sets the session variable),
main.asp, a method in the functions.inc file (which contains a line referred to in the previous error message) and a snippet of code from options.asp
that checks to see if the authentication variable is set. I hope it is not
too messy too read.

The important code for the login page:

<form action=verify.asp method=Post
enctype="application/x-www-form-urlencoded" name=start
Onsubmit="return validateForm(this);">
<table border=0 cellpadding=0 width="22%"
style='width:22.0%;mso-cellspacing:
1.5pt;mso-padding-alt:2.25pt 2.25pt 2.25pt 2.25pt'>
<tr><td width="47%" style='width:47.0%;padding:2.25pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal>Username:&nbsp;</p>
</td> <td width="53%" style='width:53.0%;padding:2.25pt 2.25pt 2.25pt
2.25pt'>
<p class=MsoNormal><INPUT TYPE="text" SIZE="15" NAME="username"></p>
</td></tr><tr>
<td width="47%" style='width:47.0%;padding:2.25pt 2.25pt 2.25pt 2.25pt'> <p class=MsoNormal>Password:</p></td>
<td width="53%" style='width:53.0%;padding:2.25pt 2.25pt 2.25pt 2.25pt'> <p class=MsoNormal><INPUT TYPE="password" SIZE="15" NAME="password"></p> </td></tr><tr>
<td colspan=2 style='padding:2.25pt 2.25pt 2.25pt 2.25pt'>
<p class=MsoNormal><INPUT TYPE="submit" ACTION="verify.asp"
METHOD="Post" NAME="submit"
ACTION=verify.asp METHOD=Post></p>
</td></tr></table>
</form>

The asp code for the verify.asp page:

<%
SQL ="SELECT * FROM Researcher WHERE StrComp('" & Request.Form("username") & "', ResearcherID, 0)=0 AND StrComp(UserPassword, '" &
Request.Form("password") & "', 0)=0"
SET DbObject = Server.CreateObject ("ADODB.Connection")
DbObject.Open "DSN=pseudoCAP1;UID=;PWD="
set rs = server.createobject("adodb.recordset")
SET Rs = DbObject.Execute (SQL)
If Rs.EOF Then
Session("Authenticated") = 0
Response.Redirect ("unsuccessfulLogin.htm")
Else
Session("Authenticated") = 1
Session("user") = Request.Form("username")
End If
rs.close
set rs = nothing
DbObject.Close
set DbObject = nothing
response.redirect "main.asp"
%>

The main.asp page (does not check for a login but provides links to pages
that do need an authentication):

<%@ Language=VBScript %>
<SCRIPT LANGUAGE="JavaScript" src="include/help_windows.js"></SCRIPT>
<!--#INCLUDE FILE="../include/functions.inc"-->
<%
'Declare ADOVBS constants
Const adOpenStatic = 3
Const adLockOptimistic = 3
Const adCmdText = &H0001
SQL = "SELECT * FROM Researcher R LEFT OUTER JOIN Institution I ON I.iName = R.Institution AND I.Street = R.Street AND I.City = R.City WHERE
ResearcherID = '" & Session("user") &"'"
SET DbObject = Server.CreateObject ("ADODB.Connection")
DbObject.Open "DSN=pseudoCAP1"
set RS = server.createobject("adodb.recordset")
RS.Open SQL, DbObject, adOpenStatic, adLockOptimistic, adCMDText
%>
<p align="center"><form METHOD="post" NAME="query"
ACTION="../UpdatesSearchResultsU.asp" target=_blank
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('history','','/images/viewHistory2.gif',1)"
onSubmit="return validRange(this);">
<input id="SearchStr1a" type="hidden" name="SearchStr1a" value="">
<input id="SearchStr1b" type="hidden" name="SearchStr1b" value="">
<input id="SearchStr1a_m" type="hidden" name="SearchStr1a_m" value=""> <input id="SearchStr1a_d" type="hidden" name="SearchStr1a_d" value=""> <input id="SearchStr1a_y" type="hidden" name="SearchStr1a_y" value=""> <input type="hidden" name="ord1" value="date_updated">
<input id="SearchStr1b_m" type="hidden" name="SearchStr1b_m" value=""> <input id="SearchStr2a_d" type="hidden" name="SearchStr1b_d" value=""> <input id="SearchStr2a_y" type="hidden" name="SearchStr1b_y" value=""> <input id="SearchStr4" type="hidden" name="SearchStr4"
maxlength="255">
<input id="viewRecent" type="hidden" name="viewRecent" value="false"> <input id="Field2" type="hidden" name="Field2" value="Participant">
<input id="SearchStr2" type="hidden" name="SearchStr2"
value="<%=getField(RS, "rLastName")%>">
<input name="history" type="image" border="0"
src="/images/viewHistory.gif" width="224" height="26" alt="View Submission
History">
</form></p><p>&nbsp;</p><p>If you have not already logged in, you will have to do so <a href="login.html">here</a>.</p></td></tr></table>
<%
rs.Close
Set rs = Nothing
DbObject.close
Set DbObject = Nothing
%>
<p>&nbsp;</p>
</center>
</BODY>
</HTML>

A functions.inc file contains this function that is called in the form above and is sometimes returned:

function getField(oRs, fieldIndex)
Strtemp = oRs(fieldIndex) ### this is the line referred to in
the error returned in my browser###
if isnull(strtemp) then
getField = ""
else
getField = Strtemp
end if
end function
Finally each page linked to from the main.asp page checks for the value of
the "Authentication" session variable:

<%
' Verify that the user has logged in
If Session("Authenticated") = 0 Then
Response.Redirect ("login.html")
End If
%>

I guess that is it. Thanks.
Geoff

Jul 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.