Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Join Date
    Nov 2002
    Location
    Singapore
    Posts
    17

    Question Unanswered: Session Variables Lost

    Hi people,

    I have a problem with session variables lost while redirecting to other pages.
    What the codes does is to ask the user to sign in. If success authenticate the user, member ID will be assign to the session. And the next page will do a check on member ID in session.


    Sign-in page :
    - The usual form asking for password and email


    Login page :
    <%
    If Success Login Then
    Session("memberID") = Member ID
    Response.Redirect "Page 1"
    Else
    Response.Redirect "login.asp?mode=2"
    End If
    %>


    Page 1 :
    <%
    If Session("memberID") = 0 Then
    Response.Redirect "login.asp?mode=1"
    End If
    %>


    So, page 1 simply enforce user to login before viewing its content. The problem here is, in login page, the member ID does exists in session. But while redirecting over to Page 1, the member ID is lost !


    I have got a few facts over the web, which does not apply in my case.

    1. There are no Session.abandon been called in anywhere. No way the session data can be cleared away.
    2. My server is on a workgroup and has no invalid characters ( refer http://support.microsoft.com/default...b;EN-US;316112 for one of the possible caused of session not persist)
    3. The value does exists and stay in session while I am in login.asp... it just never stay alive till the next page.
    4. I have testing on a few different PC and the same problem occurs
    5. I use no frame for the webpages ( refer http://support.microsoft.com/default...;en-us;q178037 - this is applicable to IE 4,5 only)
    6. Yes, the browser is cookies enabled
    7. The pages are tested locally, never go through any firewall (I have read somewhere that ASP session might lost while travelling through firewall)
    8. Standard session timeout : 20 minutes

    All the server I have tested is running Win2k Server, IIS5, IE6.


    Any idea what went wrong? Please advise.

    Thanks in advance.
    Last edited by hktang; 02-26-03 at 21:18.

  2. #2
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    147
    You can't redirect in the same page as you set the session like that.

    The page needs to 'complete' before it actually sets the session variable, and as you are redirecting it hasn't yet completely sent all the session details to the users browser.

    At least , I think that's the problem :=)

    You might try setting:
    response.buffer = true at the top of the page, or setting the session varible in "Page 1" AFTER you redirect..

    Hope this helps..

    Cheers,
    Andrew
    There have been many posts made throughout the world.
    This was one of them.

  3. #3
    Join Date
    Nov 2002
    Location
    Singapore
    Posts
    17
    Hi Andrew,

    I have done a very simple test.

    Page 1:
    a simply link to page 2
    <a href=page2.asp>go</a>

    Page 2:
    assign a session variable and redirect immediately to page 3
    <%
    session("member") = 1
    response.redirect "page3.asp"
    %>

    Page 3:
    simply write out the session variable value
    <%
    response.write session("member")
    %>


    Yes, it does shows the value stored in the session... nothing is lost....

    By the way, I have also set the response.buffer to true... and still the value stored in the session lost after redirecting to the second page.

    Regards,
    Tang


    Originally posted by Bunce
    You can't redirect in the same page as you set the session like that.

    The page needs to 'complete' before it actually sets the session variable, and as you are redirecting it hasn't yet completely sent all the session details to the users browser.

    At least , I think that's the problem :=)

    You might try setting:
    response.buffer = true at the top of the page, or setting the session varible in "Page 1" AFTER you redirect..

    Hope this helps..

    Cheers,
    Andrew

  4. #4
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    147
    bumber. I thought that sounded really good too!! Maybe its for cookies only..

    Anyway is this a syntax error:
    Session("memberID") = Member ID

    As the space in a variable name 'Member ID' would be a problem...

    Cheers,
    Andrew
    There have been many posts made throughout the world.
    This was one of them.

  5. #5
    Join Date
    Nov 2002
    Location
    Singapore
    Posts
    17
    Nope... Member ID is just to show that I will be putting a member ID value here...

    hehe... tell you what, I do set the member ID value in cookies before I set the session variables and before I do the redirection.... well, I have checked the cookies and it holds the member ID value I have assigned it...

    hmm.....

    Originally posted by Bunce
    bumber. I thought that sounded really good too!! Maybe its for cookies only..

    Anyway is this a syntax error:
    Session("memberID") = Member ID

    As the space in a variable name 'Member ID' would be a problem...

    Cheers,
    Andrew

  6. #6
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    147
    Well it's got me buggered! You seem to have tested everything...

    Only thing I can come up with is to double check you code in Page1.. Perhaps just try outputting the session variable in page 1 rather than doing another redirect just to see if its there.

    I mean you just tested it in thats simple example, so it should work!!!

    If all else fails, how about adding your existing code to the new example pages you just made, a bit at a time, until it doesn't work.. Perhaps that way you will find the problem??

    Good luck!!!

    Andrew
    There have been many posts made throughout the world.
    This was one of them.

  7. #7
    Join Date
    Nov 2002
    Location
    Singapore
    Posts
    17
    well you should have notice that I have done a few of the research on the web before I posted to the forum (well... that means I simply can't find any solution over this super simply problem )

    oh yeah... thanks for your replies.. I am going mad with SESSSION! ha...

    Originally posted by Bunce
    Well it's got me buggered! You seem to have tested everything...

    Only thing I can come up with is to double check you code in Page1.. Perhaps just try outputting the session variable in page 1 rather than doing another redirect just to see if its there.

    I mean you just tested it in thats simple example, so it should work!!!

    If all else fails, how about adding your existing code to the new example pages you just made, a bit at a time, until it doesn't work.. Perhaps that way you will find the problem??

    Good luck!!!

    Andrew

  8. #8
    Join Date
    Jan 2003
    Location
    London, England
    Posts
    106
    I have never in my time as a professional webdeveloper (4 years) experienced that a session "forgets" anything and I have used it ALOT, so my guess is that this session of yours doesn't get set at all. If you post yur real code instead of pseudo-code it might be easier to debug...

    ...and for the record Bunce, sessions don't get sent to the browser. Sessions are stored on the server (and cookies are stored on the client) and once you reference either one of them in your ASP they are set right away.
    Frettmaestro
    "Real programmers don't document, if it was hard to write it should be hard to understand!"

  9. #9
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    147
    I was referring to the session cookie, which does get sent to the client.
    Last edited by Bunce; 03-03-03 at 18:14.
    There have been many posts made throughout the world.
    This was one of them.

  10. #10
    Join Date
    Feb 2002
    Location
    San Francisco, CA
    Posts
    441
    The Session object
    When you are working with an application, you open it, do some changes and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are and what you do because the HTTP address doesn't maintain state.

    ASP solves this problem by creating a unique cookie for each user. The cookie is sent to the client and it contains information that identifies the user. This interface is called the Session object.

    The Session object is used to store information about, or change settings for a user session. Variables stored in the Session object hold information about one single user, and are available to all pages in one application. Common information stored in session variables are name, id, and preferences. The server creates a new Session object for each new user, and destroys the Session object when the session expires.
    This is what W3C says, but I have to agree, I thought all Session("blah") stuff would be stored on the server....

  11. #11
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    147
    Most of it does. It only sends this cookie to the client as a means of identification.

    Makes sense when you think about it.. How else would the server know who's session data to grab from the server when someone makes a request? Needs some form of identification..

    Thats why sessions won't work if cookies (or per-session cookies) are disabled on the browser.

    Cheers,
    Andrew
    There have been many posts made throughout the world.
    This was one of them.

  12. #12
    Join Date
    Feb 2002
    Location
    San Francisco, CA
    Posts
    441
    I think i get you; the cookie just stores the session id, which is used to id the client.

    Hmmm, makes much more sense than trying to constantly send/retrive data from the client.

    Offtopic; is it possible to access session x's variables from session y? (no not application variable or 'out like that)

  13. #13
    Join Date
    Nov 2002
    Location
    Singapore
    Posts
    17

    Full Codes

    Hi Guys,

    This is my full code....

    signup.asp
    <form name=frmMemberLogin action=login.asp method=post>
    <input type=hidden name=URL value="<%=varRedirectURL%>">
    <table width="100%" border="0" cellspacing="1" cellpadding="1" bgcolor=#ffffff>
    <tr>
    <td width="45%" class="normalText"><div align="right">Email
    Address &nbsp;</div></td>
    <td width="55%" class="normalText"><input name="txtEmail" type="text" class="txt" id="txtEmail" size="30"></td>
    </tr>
    <tr>
    <td width="45%" class="normalText"><div align="right">Password&nbsp;</div></td>
    <td width="55%" class="normalText"><input name="txtPassword" type="password" class="txt" id="txtPassword" size="20"></td>
    </tr>
    <tr>
    <td width="45%" class="normalText"><div align="right"></div></td>
    <td width="55%" class="normalText"><input name="btnSubmit" type="submit" class="btn" id="btnSubmit2" value="Login"></td>
    </tr>
    </table>
    </form>


    login.asp
    <!-- #include virtual="/library/member.asp" -->
    <%
    varEmail = Request.Form("txtEmail")
    varPassword = Request.Form("txtPassword")
    varRedirectURL = Request.Form("URL")

    Set objLoginMember = New Member

    If objLoginMember.memberLogin(varEmail, varPassword) Then
    Session("memberID") = objLoginMember.memberID

    If LTrim(RTrim(varRedirectURL)) = "" OR isNull(varRedirectURL) Then
    Response.Redirect "/default.asp?mode=1"
    Else
    Response.Redirect varRedirectURL
    End If
    Else
    If LTrim(RTrim(varRedirectURL)) = "" OR isNull(varRedirectURL) Then
    Response.Redirect "signin.asp?mode=2"
    Else
    Response.Redirect "signin.asp?mode=2&URL=" & varRedirectURL
    End If
    End If
    %>



    signin.asp is where the form user needs to fill up email address and password.
    login.asp page is where the authentication runs.
    This function (objLoginMember.memberLogin(varEmail, varPassword) ) will return True or False. If true, it will assign member ID into session and redirect the user to the default.asp page.
    varRedirectURL variable will hold the URL where user were redirected from. If authentication correct, it will be redirected back to that URL.

    Anything wrong with the assignment of member ID into session???

    I have included a virtual directory and there are sub folder in it... would it affect the session variables??

    Tang



    Originally posted by Frettmaestro
    I have never in my time as a professional webdeveloper (4 years) experienced that a session "forgets" anything and I have used it ALOT, so my guess is that this session of yours doesn't get set at all. If you post yur real code instead of pseudo-code it might be easier to debug...

    ...and for the record Bunce, sessions don't get sent to the browser. Sessions are stored on the server (and cookies are stored on the client) and once you reference either one of them in your ASP they are set right away.
    Last edited by hktang; 03-03-03 at 22:45.

  14. #14
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    147
    Originally posted by rhs98
    Offtopic; is it possible to access session x's variables from session y? (no not application variable or 'out like that)
    Not that I know of, would be a security risk. I assume that the 'ticket' that it sends contains server identification as well, so only that specific server can access it.

    Even withink the server, it finds a way to uniquely identify session, for the same user.. When you open a new browser instance, on the same site, you're actually creating a new session, so it has to differentiate that as well.

    I recall a KB article about sharing *cookies*, and a related security problem, but nothing about sessions.

    Cheers,
    Andrew
    There have been many posts made throughout the world.
    This was one of them.

  15. #15
    Join Date
    Feb 2002
    Location
    San Francisco, CA
    Posts
    441
    I did mean on the server...but hey, I don't even know why it would be useful.

    hktang, your code does not look complete; the signup.asp uses a variable to redirect that is not listed, also member.asp that you include.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •