I store the authenticated user in a session cookie. This cookie expires after
an hour. Now for some reason sometimes the client browser decides not to send
the session cookie information with a new request. This means the server
receives a request without user information and redirect the user to the
login page.
Somebody any bright ideas?
TX!
best regards,
nico 4 1250
Hello nico,
You can set the session time-out in web.config.
Regards,
Mark Monster I store the authenticated user in a session cookie. This cookie expires after an hour. Now for some reason sometimes the client browser decides not to send the session cookie information with a new request. This means the server receives a request without user information and redirect the user to the login page.
Somebody any bright ideas?
TX!
best regards, nico
Hi Mark,
thank you for your quick reaction. The session time-out and cokkie
expiration are both set to 1 hour, but sometimes it happens that after let's
say 15 minutes a request from a user has no session cookie attached.
I analyzed the IIS logs and I could see the user logging on and goiing
through the pages with the session cookie information attached to the GET.
But for some reason it sometimes happens that the client doesn't send this
session information which results in a logout.
Why should a browser decide not to send a session cookie although it is not
expired?
"Mark Monster" wrote: Hello nico,
You can set the session time-out in web.config.
Regards,
Mark Monster
I store the authenticated user in a session cookie. This cookie expires after an hour. Now for some reason sometimes the client browser decides not to send the session cookie information with a new request. This means the server receives a request without user information and redirect the user to the login page.
Somebody any bright ideas?
TX!
best regards, nico
Hi Nico,
Any idea what kind of requests are being done that do not send the
cookie? I mean, perhaps a javascript document.locati on.replace does not
see the cookie because it's set by http headers instead of javascript code.
Cheers,
//Rutger http://www.RutgerSmit.com
nico wrote: I store the authenticated user in a session cookie. This cookie expires after an hour. Now for some reason sometimes the client browser decides not to send the session cookie information with a new request. This means the server receives a request without user information and redirect the user to the login page.
Somebody any bright ideas?
TX!
best regards, nico
Hi,
the requests are all done by redirecting to a new page, which is actually
the same page with different parameters. Nothing in particular about that.
regards,
nico
"//Rutger Smit" wrote: Hi Nico,
Any idea what kind of requests are being done that do not send the cookie? I mean, perhaps a javascript document.locati on.replace does not see the cookie because it's set by http headers instead of javascript code.
Cheers, //Rutger
http://www.RutgerSmit.com
nico wrote: I store the authenticated user in a session cookie. This cookie expires after an hour. Now for some reason sometimes the client browser decides not to send the session cookie information with a new request. This means the server receives a request without user information and redirect the user to the login page.
Somebody any bright ideas?
TX!
best regards, nico This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: mrbog |
last post by:
Tell me if my assertion is wrong here:
The only way to prevent session hijacking is to NEVER store
authentication information (such as name/password) in the session.
Well, to never authenticate a user from information you got from the
session. Each secure app on a site must challenge the user for name
and password, each and every time the user accesses it (not just once
and then store it in the session). If a secure app is multi-page,...
|
by: Chris |
last post by:
When a request comes into a page on my ASP.net site and a session is
not found, I want to detect whether the request is an initial request
or if the user did have a session going that has now been lost and
show an explanatory message before restarting the session.
Rather than tagging a 'session in progress' flag on the end of every
request querystring I'd like to detect it using data sent in every
request.
One idea I had was that when...
|
by: Dirc Khan-Evans |
last post by:
I have a problem with a Session variable that dissapears after a
postback of one of my pages.
This only happens on WIn 2003 servers.. it is fine on my XP dev box.
This page opens in another window, but I have ascertained that is is
definitely using the same session ID.
Nowhere on the page do I clear the session variable.. it is only ever
retrieved... this page only works if it is there.
|
by: Åženol Akbulak |
last post by:
Hello;
I use in my web application FormsAuthentication. Also I use Session state
(InProc).
When a user logged in, I can read Session parameters. (For example
Session). Problem is that, when user close the browser window then
open a new browser, FormsAuthentication reads from cookie and user logs in.
Althought user logged in, session parameter is null.
|
by: Goofy |
last post by:
Does anyone know how I can kill a session by session ID ?
--
Goofy
| |
by: rgparkins |
last post by:
Hello
I am running out of time with a problem I have running PHP 5.04 and
Apache 2.0 and really need help :(. I have a page that stores a
variable in session but each time I reload that page the session seems
to be re-created and is an empty array. I have checked the session file
and the variable is being stored against the session id, but I dont
know why PHP is not picking up the session after I reload.. I have
tried the usual suspects...
|
by: Gordon Burditt |
last post by:
I had this idea about preventing session fixation, and I'm wondering
what anyone else thinks about it. The idea is, essentially, don't
allow session ids that YOUR PHP didn't generate (and aren't yet
expired) to log in. That way if someone sticks a made-up session
ID on a URL, it won't matter, unless it happens to correspond to
an active session (guessing a user password is probably easier).
Is this already standard practice, new, or is...
|
by: Glenn |
last post by:
Hi
I've been experimenting with managing state using the Session object. I've
created a simple WS with a couple of methods, one which sets a string
value, another that retrieves it.
Each method has the WebMethodAttribute.EnableSession set to true.
When I run the test page the session is maintained. However, using a
console application, in between setting the string value and attempting to
|
by: Josh |
last post by:
I run a Joomla website and am familiar with php in some but not all
aspects. Currently I am trying to find some solutions related to
session handling.
Am I correct in saying that "login" is kept in sessions? I can see
active sessions in my mysql database, but is that the only place this
information is stored? Sessions and cookies I know are related also,
but how specifically (session info stored in cookies?)?
Right now, when users...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |