Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > ASP Sessions

Reply
Thread Tools

ASP Sessions

 
 
strycat@gmail.com
Guest
Posts: n/a
 
      02-16-2005
Hello,

I've got two different sets of ASP scripts on my server. Each set is
kept in their own directory. Both sets of scripts use sessions. I
want to make sure that the sessions are not accidentially shared
between the two sets as they are both different applications.

Right now I'm having a problem when I do a Session.Abandon from one set
of scripts it also kills the session for the other set of scripts (I
believe they are both using the exact same session). Is there some way
I can make sure this doesn't happen?

Thanks,

-Tom

 
Reply With Quote
 
 
 
 
Evertjan.
Guest
Posts: n/a
 
      02-16-2005
wrote on 16 feb 2005 in microsoft.public.inetserver.asp.general:
> I've got two different sets of ASP scripts on my server. Each set is
> kept in their own directory. Both sets of scripts use sessions. I
> want to make sure that the sessions are not accidentially shared
> between the two sets as they are both different applications.


I don't know about what you call an application, but you certainly have a
single session, so the session variables are shared.


> Right now I'm having a problem when I do a Session.Abandon from one set
> of scripts it also kills the session for the other set of scripts


No, you have only one session, it shows.

> (I believe they are both using the exact same session).


Why would they use different sessions?

As long as they are in the same domain, they share the same session-id
cookie.

> Is there some way I can make sure this doesn't happen?


There is no reason why a session would be different in different
directories of the same domain. Browsers will only return a different
session-id, if the domain is different.

So use different domains.

--
Evertjan.
The Netherlands.
(Replace all crosses with dots in my emailaddress)

 
Reply With Quote
 
 
 
 
Tom Cat
Guest
Posts: n/a
 
      02-16-2005
Evertjan. wrote:
> wrote on 16 feb 2005 in microsoft.public.inetserver.asp.general:
> > I've got two different sets of ASP scripts on my server. Each set

is
> > kept in their own directory. Both sets of scripts use sessions. I
> > want to make sure that the sessions are not accidentially shared
> > between the two sets as they are both different applications.

>
> I don't know about what you call an application, but you certainly

have a
> single session, so the session variables are shared.
>


Each set of scripts is a different application.

> > (I believe they are both using the exact same session).

>
> Why would they use different sessions?
>


Because they are different applications.

> There is no reason why a session would be different in different
> directories of the same domain. Browsers will only return a different


> session-id, if the domain is different.
>
> So use different domains.


This isn't an option. Are there any other workarounds for this
behavior?

 
Reply With Quote
 
Evertjan.
Guest
Posts: n/a
 
      02-16-2005
Tom Cat wrote on 16 feb 2005 in microsoft.public.inetserver.asp.general:

> Evertjan. wrote:
>> wrote on 16 feb 2005 in microsoft.public.inetserver.asp.general:
>> > I've got two different sets of ASP scripts on my server. Each set

> is
>> > kept in their own directory. Both sets of scripts use sessions. I
>> > want to make sure that the sessions are not accidentially shared
>> > between the two sets as they are both different applications.

>>
>> I don't know about what you call an application, but you certainly

> have a
>> single session, so the session variables are shared.
>>

>
> Each set of scripts is a different application.


Application is only a word, unless you explain that in asp terms.

Perhaps you think of visual basic applications,
but that does not mean a thing under asp, not even under asp/vbscript.

>> > (I believe they are both using the exact same session).

>>
>> Why would they use different sessions?
>>

>
> Because they are different applications.


No, as I showed you, sessions are only devided
by different asp-servers or different domains.

>> There is no reason why a session would be different in different
>> directories of the same domain. Browsers will only return a different

>
>> session-id, if the domain is different.
>>
>> So use different domains.

>
> This isn't an option. Are there any other workarounds for this
> behavior?


Sure: you start with the wrong idea's.

Programming is all about having it your way by making smart code,
not by wanting the engine to have different behavour than you wished for.

So you could rename all session variables from application 1
by appending -A1 to the name and the other by appending -A2.

There are however miriads of other possiblilities.

--
Evertjan.
The Netherlands.
(Replace all crosses with dots in my emailaddress)

 
Reply With Quote
 
Dave Anderson
Guest
Posts: n/a
 
      02-16-2005
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I've got two different sets of ASP scripts on my server. Each set is
> kept in their own directory. Both sets of scripts use sessions. I
> want to make sure that the sessions are not accidentially shared
> between the two sets as they are both different applications.


Not sure I understand this one. If you are concerned about one application
stepping on another's variables you can resort to meaningful naming.
Otherwise, what exactly is the point?



> Right now I'm having a problem when I do a Session.Abandon from one
> set of scripts it also kills the session for the other set of scripts
> (I believe they are both using the exact same session). Is there
> some way I can make sure this doesn't happen?


Build your own session architecture with a DB backend, perhaps? We actually
do this in order to BROADEN our session scope (span servers), but I suppose
it could be used to NARROW that scope.


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.


 
Reply With Quote
 
Mark Schupp
Guest
Posts: n/a
 
      02-16-2005
In IIS administrator right-click on each directory and select properties.
On the "directory" tab click on the "Create" button this will make that
directory a separate "application" for IIS and ASP will create a separate
session for that directory.

The icon in IIS administrator should change from a folder to a box with an
activeX ball in it.

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hello,
>
> I've got two different sets of ASP scripts on my server. Each set is
> kept in their own directory. Both sets of scripts use sessions. I
> want to make sure that the sessions are not accidentially shared
> between the two sets as they are both different applications.
>
> Right now I'm having a problem when I do a Session.Abandon from one set
> of scripts it also kills the session for the other set of scripts (I
> believe they are both using the exact same session). Is there some way
> I can make sure this doesn't happen?
>
> Thanks,
>
> -Tom
>



 
Reply With Quote
 
io
Guest
Posts: n/a
 
      02-17-2005
G'day Tom,

There is only one scenario I can think of that may lead to such problem -
it's when your browser spawns a new window (i.e. window.open(...)) that
loads/opens new "application" page(s). In this case both browser windows
will share same process including in-memory session cookie. If you start
your browser as a separate process and navigate to the other application you
shouldn't have this problem.

Cheers

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hello,
>
> I've got two different sets of ASP scripts on my server. Each set is
> kept in their own directory. Both sets of scripts use sessions. I
> want to make sure that the sessions are not accidentially shared
> between the two sets as they are both different applications.
>
> Right now I'm having a problem when I do a Session.Abandon from one set
> of scripts it also kills the session for the other set of scripts (I
> believe they are both using the exact same session). Is there some way
> I can make sure this doesn't happen?
>
> Thanks,
>
> -Tom
>



 
Reply With Quote
 
Evertjan.
Guest
Posts: n/a
 
      02-17-2005
io wrote on 17 feb 2005 in microsoft.public.inetserver.asp.general:
> There is only one scenario I can think of that may lead to such
> problem - it's when your browser spawns a new window (i.e.
> window.open(...)) that loads/opens new "application" page(s). In this
> case both browser windows will share same process including in-memory
> session cookie. If you start your browser as a separate process and
> navigate to the other application you shouldn't have this problem.
>


But what if you <a href=.. link to the other "application"?

That will give you the same session too.

--
Evertjan.
The Netherlands.
(Replace all crosses with dots in my emailaddress)

 
Reply With Quote
 
Mark Schupp
Guest
Posts: n/a
 
      02-17-2005
Lets clear this up with a little experimentation. Take 2 asp files:

c:\temp\app1\app1.asp
--------------------------------
<%@ LANGUAGE="VBSCRIPT"%>

<html>
<body>
This is app1<br>
Session ID=<%=session.SessionID%><br>
Setting Application("appvar") to "app1"<br>
Setting Session("sesvar") to "app1"<br>
<%
Application("appvar")="app1"
Session("sesvar")="app1"
%>
<a href="/app2/app2.asp">Jump to app2</a>
</body>
</html>
---------------------------

c:\temp\app2\app2.asp
----------------------------------------
<%@ LANGUAGE="VBSCRIPT"%>

<html>
<body>
This is app2<br>
Session ID=<%=session.SessionID%><br>
Application("appvar")="<%=Application("appvar")%>" <br>
Session("sesvar")="<%=Session("sesvar")%>"<br>
</body>
</html>
----------------------

Now create 2 virtual directories under the default web site in IIS
administrator. Make sure that they are set up as "applications" (should have
an activeX ball in a box icon instead of a folder icon).

app1 - pointed at c:\temp\app1\
app2 - pointed at c:\temp\app2\

Launch IE and enter http://localhost/app1/app1.asp. The result is:
-------------------------
This is app1
Session ID=642399021
Setting Application("appvar") to "app1"
Setting Session("sesvar") to "app1"
Jump to app2
--------------------

click on the "jump to app2" link. the result is:
----------------------------------------------
This is app2
Session ID=642399022
Application("appvar")=""
Session("sesvar")=""
------------------------------------

Note that the session id is different and the application and session
variables are not shared.

The key point is that the application directories must be created as virtual
directories in IIS and as applications. If the virtual directories are not
set to be applications then they will share a session.

Go into IIS properties for each of the above directories and click the
"remove" button and re-try the pages.

from app1
----------------------------
This is app1
Session ID=643781585
Setting Application("appvar") to "app1"
Setting Session("sesvar") to "app1"
Jump to app2
-----------------------------------------------

from app2
----------------------------------------------
This is app2
Session ID=643781585
Application("appvar")="app1"
Session("sesvar")="app1"
------------------------------------------

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com


"Evertjan." <(E-Mail Removed)> wrote in message
news:Xns9600717BF8EAeejj99@194.109.133.29...
> io wrote on 17 feb 2005 in microsoft.public.inetserver.asp.general:
> > There is only one scenario I can think of that may lead to such
> > problem - it's when your browser spawns a new window (i.e.
> > window.open(...)) that loads/opens new "application" page(s). In this
> > case both browser windows will share same process including in-memory
> > session cookie. If you start your browser as a separate process and
> > navigate to the other application you shouldn't have this problem.
> >

>
> But what if you <a href=.. link to the other "application"?
>
> That will give you the same session too.
>
> --
> Evertjan.
> The Netherlands.
> (Replace all crosses with dots in my emailaddress)
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving from ASP Sessions to Database Sessions Bookham Measures ASP General 19 08-23-2007 03:51 PM
Cookieless Sessions (Sessions Without Cookies) and Security scottymo ASP .Net Security 3 09-29-2006 11:00 PM
ASP vs ASP.NET sessions (2nd post) Bruno Alexandre ASP .Net 1 08-18-2003 12:39 PM
sessions in ASP.NET vs ASP Bruno Alexandre ASP .Net 4 08-18-2003 12:05 PM
Re: Relationship between IIS Sessions and ASP.NET Sessions? Ken Cox [Microsoft MVP] ASP .Net 1 08-08-2003 03:22 PM



Advertisments