«

Hi,

I created a html page from which I give a link to another web site. The new
site is opened in a new window. When I opened multiple windows, they all have
the same SessionID. I want ot know how to open the windows with different
sessionID.

Thanks

Li Pang wrote:
> Hi,
>
> I created a html page from which I give a link to another web site.
> The new site is opened in a new window. When I opened multiple
> windows, they all have the same SessionID. I want ot know how to open
> the windows with different sessionID.
>
> Thanks

Put a Session.Abandon statement in the page opened in the new window.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Thanks Bob,

It works when I added Session.Abandon in the called page. Should I add it
into Global.asa in the Session_OnStart function?

"Bob Barrows [MVP]" wrote:

> Li Pang wrote:
> > Hi,
> >
> > I created a html page from which I give a link to another web site.
> > The new site is opened in a new window. When I opened multiple
> > windows, they all have the same SessionID. I want ot know how to open
> > the windows with different sessionID.
> >
> > Thanks
>
> Put a Session.Abandon statement in the page opened in the new window.
>
> Bob Barrows
> --
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so I
> don't check it very often. If you must reply off-line, then remove the
> "NO SPAM"
>
>
>

No, that will have no effect on the situation you are working with. The
session has already started ...
Li Pang wrote:
> Thanks Bob,
>
> It works when I added Session.Abandon in the called page. Should I
> add it into Global.asa in the Session_OnStart function?
>
> "Bob Barrows [MVP]" wrote:
>
>> Li Pang wrote:
>>> Hi,
>>>
>>> I created a html page from which I give a link to another web site.
>>> The new site is opened in a new window. When I opened multiple
>>> windows, they all have the same SessionID. I want ot know how to
>>> open the windows with different sessionID.
>>>
>>> Thanks
>>
>> Put a Session.Abandon statement in the page opened in the new window.
>>
>> Bob Barrows
>> --
>> Microsoft MVP - ASP/ASP.NET
>> Please reply to the newsgroup. This email account is my spam trap so
>> I don't check it very often. If you must reply off-line, then remove
>> the "NO SPAM"

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Hi Bob,

You said that “The session has already started”. Is it still true if the
calling page and the called page are located at the different servers?

How the session really works?
If the calling page A calls the called page B then the session of page B
started (from the server B).
If the calling page A calls second time the page B, how the asp or iis knows
that the session has been already started?

Is the session of page B depends on the parent page A?
Is that possible to use the javascript function “window.open” enforcing to
open a new sessions?

Thanks in advance


"Bob Barrows [MVP]" wrote:

> No, that will have no effect on the situation you are working with. The
> session has already started ...
> Li Pang wrote:
> > Thanks Bob,
> >
> > It works when I added Session.Abandon in the called page. Should I
> > add it into Global.asa in the Session_OnStart function?
> >
> > "Bob Barrows [MVP]" wrote:
> >
> >> Li Pang wrote:
> >>> Hi,
> >>>
> >>> I created a html page from which I give a link to another web site.
> >>> The new site is opened in a new window. When I opened multiple
> >>> windows, they all have the same SessionID. I want ot know how to
> >>> open the windows with different sessionID.
> >>>
> >>> Thanks
> >>
> >> Put a Session.Abandon statement in the page opened in the new window.
> >>
> >> Bob Barrows
> >> --
> >> Microsoft MVP - ASP/ASP.NET
> >> Please reply to the newsgroup. This email account is my spam trap so
> >> I don't check it very often. If you must reply off-line, then remove
> >> the "NO SPAM"
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
>
>
>

Li Pang wrote:
> Hi Bob,
>
> You said that "The session has already started". Is it still true if
> the calling page and the called page are located at the different
> servers?

If they are on different servers, then, by definition, they cannot have the
same session.
There is no point in abandoning a session in Session_OnStart because that
event only fires when a session is starting.

>
> How the session really works?
> If the calling page A calls the called page B then the session of
> page B started (from the server B).

Correct. A new session starts on server B

> If the calling page A calls second time the page B, how the asp or
> iis knows that the session has been already started?

Because the server B session cookie still exists on the user's machine.

>
> Is the session of page B depends on the parent page A?

No. the session depends on a session cookie written to the user's machine by
server B.
The session cookies remain until all browser windows are closed

> Is that possible to use the javascript function "window.open"
> enforcing to open a new sessions?
>

Only by issuing a Session.Abandon call in the server-side code of the page
being called.

You could have a SessionAbandon.asp page to which you pass a querystring
argument to control a Response.Redirect statement which is executed after
the session is abandoned ...

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Bob,

I have still an issue of session variables.

I have a web site that allows users access with different profiles
(different sets of session variables). When users start a new browser, each
login has its own set of session variables. There is an option that a user
can open multiple windows with different user’s profile (administrators), and
when the multiple windows are opened by a new browser separately, every thing
works well (i.e., no interaction between the sessions).

Now, there is an issue of session variables when users open multiple windows
from a parent page (providing a link to above web site), i.e., when open a
window with profile A, it’s OK, but when open another window with profile B,
all session variables within profile A are replaced by those of profile B.
And if a third window is opened with profile C, then all session variables in
profile A and B are replaced by those in profile C.

I put the statement “Session.Abandon” at the beginning of first page of the
web site, that changes the session ID after every login, but the interaction
between different sessions still happens.

Any ideal on that?

I appreciate your support.


"Bob Barrows [MVP]" wrote:

> Li Pang wrote:
> > Hi Bob,
> >
> > You said that "The session has already started". Is it still true if
> > the calling page and the called page are located at the different
> > servers?
>
> If they are on different servers, then, by definition, they cannot have the
> same session.
> There is no point in abandoning a session in Session_OnStart because that
> event only fires when a session is starting.
>
> >
> > How the session really works?
> > If the calling page A calls the called page B then the session of
> > page B started (from the server B).
>
> Correct. A new session starts on server B
>
> > If the calling page A calls second time the page B, how the asp or
> > iis knows that the session has been already started?
>
> Because the server B session cookie still exists on the user's machine.
>
> >
> > Is the session of page B depends on the parent page A?
>
> No. the session depends on a session cookie written to the user's machine by
> server B.
> The session cookies remain until all browser windows are closed
>
> > Is that possible to use the javascript function "window.open"
> > enforcing to open a new sessions?
> >
>
> Only by issuing a Session.Abandon call in the server-side code of the page
> being called.
>
> You could have a SessionAbandon.asp page to which you pass a querystring
> argument to control a Response.Redirect statement which is executed after
> the session is abandoned ...
>
> Bob Barrows
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
>
>
>

Bob,

I give you my testing codes as below.
To reproduce the problem, do the following:
1. start test.asp, and click on Development
2. it pops up a new window. In the Login field, it shows “lpang” then click
“Submit”
3. Apphome.asp page shows the user id
4. click on Development link on test.asp page again
5. it pops up another window. In Login field replace “lpang” by “Bob” and
click on “Submit”
6. the page shows Bob as user id, now click on “refresh”
7. The page shows “Bob” as user id
8. Go to first page click “refresh”, it shows “Bob” as well (“lpang” is
overwritten)

test.asp
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<TABLE WIDTH="100%" HEIGHT="100%">
<TR>
<TD><a target="_blank" href="../TestApp/app.asp">Development</a>
</TD>
</TR>
</TABLE>
</BODY>
</html>

App.asp
<%
Session.Abandon
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Login</th>

</tr>
<tr>
<td align="right">Login:</td>
<td><input type="text" name="login" class="ipText" size="20"
value="lpang"></td>
</tr>
<tr>
<td></td>
<td align="center"><a href="javascript:form1.submit();">Submit</a></td>
</tr>
</table>
</form>
</BODY>
</html>

Apphome.asp
<%
'Session.Abandon
session("uid") = request.form("login")
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=Apphome.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show
User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
<TR>
<TD align="center"><a href="App2.asp">refresh</a></TD>
</TR>
</table>
</form>
</BODY>
</html>

App2.asp
<%
'Session.Abandon
'session("uid") = "XXX"
%>
<html>
<head>
<meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</head>

<BODY>
<form name="form1" name=form1 action=App2.asp method=POST>

<table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
CELLPADDING="2">
<tr>
<th style='color=black' colspan="3">Home</th>

</tr>
<tr>
<td>user id: </td>
<td><B><%=session("uid")%></B></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center"><INPUT name=showinfo type=button value="Show User"
style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
onclick="alert('<%=session("uid")%>');"></td>
</tr>
</table>
</form>
</BODY>
</html>



"Bob Barrows [MVP]" wrote:

> Li Pang wrote:
> > Hi Bob,
> >
> > You said that "The session has already started". Is it still true if
> > the calling page and the called page are located at the different
> > servers?
>
> If they are on different servers, then, by definition, they cannot have the
> same session.
> There is no point in abandoning a session in Session_OnStart because that
> event only fires when a session is starting.
>
> >
> > How the session really works?
> > If the calling page A calls the called page B then the session of
> > page B started (from the server B).
>
> Correct. A new session starts on server B
>
> > If the calling page A calls second time the page B, how the asp or
> > iis knows that the session has been already started?
>
> Because the server B session cookie still exists on the user's machine.
>
> >
> > Is the session of page B depends on the parent page A?
>
> No. the session depends on a session cookie written to the user's machine by
> server B.
> The session cookies remain until all browser windows are closed
>
> > Is that possible to use the javascript function "window.open"
> > enforcing to open a new sessions?
> >
>
> Only by issuing a Session.Abandon call in the server-side code of the page
> being called.
>
> You could have a SessionAbandon.asp page to which you pass a querystring
> argument to control a Response.Redirect statement which is executed after
> the session is abandoned ...
>
> Bob Barrows
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
>
>
>

The page in which you issue Session.Abandon must immediately redirect to
another page. The Session is not destroyed until the page in which the
statement is issued finishes processing.
Li Pang wrote:
> Bob,
>
> I give you my testing codes as below.
> To reproduce the problem, do the following:
> 1. start test.asp, and click on Development
> 2. it pops up a new window. In the Login field, it shows "lpang" then
> click "Submit"
> 3. Apphome.asp page shows the user id
> 4. click on Development link on test.asp page again
> 5. it pops up another window. In Login field replace "lpang" by "Bob"
> and click on "Submit"
> 6. the page shows Bob as user id, now click on "refresh"
> 7. The page shows "Bob" as user id
> 8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
> is overwritten)
>
> test.asp
> <html>
> <head>
> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> </head>
>
> <BODY>
> <TABLE WIDTH="100%" HEIGHT="100%">
> <TR>
> <TD><a target="_blank" href="../TestApp/app.asp">Development</a>
> </TD>
> </TR>
> </TABLE>
> </BODY>
> </html>
>
> App.asp
> <%
> Session.Abandon
> %>
> <html>
> <head>
> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> </head>
>
> <BODY>
> <form name="form1" name=form1 action=Apphome.asp method=POST>
>
> <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
> CELLPADDING="2">
> <tr>
> <th style='color=black' colspan="3">Login</th>
>
> </tr>
> <tr>
> <td align="right">Login:</td>
> <td><input type="text" name="login" class="ipText" size="20"
> value="lpang"></td>
> </tr>
> <tr>
> <td></td>
> <td align="center"><a
> href="javascript:form1.submit();">Submit</a></td> </tr>
> </table>
> </form>
> </BODY>
> </html>
>
> Apphome.asp
> <%
> 'Session.Abandon
> session("uid") = request.form("login")
> %>
> <html>
> <head>
> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> </head>
>
> <BODY>
> <form name="form1" name=form1 action=Apphome.asp method=POST>
>
> <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
> CELLPADDING="2">
> <tr>
> <th style='color=black' colspan="3">Home</th>
>
> </tr>
> <tr>
> <td>user id: </td>
> <td><B><%=session("uid")%></B></td>
> </tr>
> <tr>
> <td></td>
> <td></td>
> </tr>
> <tr>
> <td></td>
> <td align="center"><INPUT name=showinfo type=button value="Show
> User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
> onclick="alert('<%=session("uid")%>');"></td>
> </tr>
> <TR>
> <TD align="center"><a href="App2.asp">refresh</a></TD>
> </TR>
> </table>
> </form>
> </BODY>
> </html>
>
> App2.asp
> <%
> 'Session.Abandon
> 'session("uid") = "XXX"
> %>
> <html>
> <head>
> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> </head>
>
> <BODY>
> <form name="form1" name=form1 action=App2.asp method=POST>
>
> <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
> CELLPADDING="2">
> <tr>
> <th style='color=black' colspan="3">Home</th>
>
> </tr>
> <tr>
> <td>user id: </td>
> <td><B><%=session("uid")%></B></td>
> </tr>
> <tr>
> <td></td>
> <td></td>
> </tr>
> <tr>
> <td></td>
> <td align="center"><INPUT name=showinfo type=button value="Show User"
> style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
> onclick="alert('<%=session("uid")%>');"></td>
> </tr>
> </table>
> </form>
> </BODY>
> </html>
>
>
>
> "Bob Barrows [MVP]" wrote:
>
>> Li Pang wrote:
>>> Hi Bob,
>>>
>>> You said that "The session has already started". Is it still true if
>>> the calling page and the called page are located at the different
>>> servers?
>>
>> If they are on different servers, then, by definition, they cannot
>> have the same session.
>> There is no point in abandoning a session in Session_OnStart because
>> that event only fires when a session is starting.
>>
>>>
>>> How the session really works?
>>> If the calling page A calls the called page B then the session of
>>> page B started (from the server B).
>>
>> Correct. A new session starts on server B
>>
>>> If the calling page A calls second time the page B, how the asp or
>>> iis knows that the session has been already started?
>>
>> Because the server B session cookie still exists on the user's
>> machine.
>>
>>>
>>> Is the session of page B depends on the parent page A?
>>
>> No. the session depends on a session cookie written to the user's
>> machine by server B.
>> The session cookies remain until all browser windows are closed
>>
>>> Is that possible to use the javascript function "window.open"
>>> enforcing to open a new sessions?
>>>
>>
>> Only by issuing a Session.Abandon call in the server-side code of
>> the page being called.
>>
>> You could have a SessionAbandon.asp page to which you pass a
>> querystring argument to control a Response.Redirect statement which
>> is executed after the session is abandoned ...
>>
>> Bob Barrows
>>
>> --
>> Microsoft MVP -- ASP/ASP.NET
>> Please reply to the newsgroup. The email account listed in my From
>> header is my spam trap, so I don't check it very often. You will get
>> a quicker response by posting to the newsgroup.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Bob,

In reality, I don't want to kill any sessions. My concern is to keep every
set of session within its own window. There is an issue of session shared
within multiple windows. My filling is that the server checks the IE instance
or id of client, as long as the same parameter found, it uses the same set of
session. I can't find the reason that IE does that.

"Bob Barrows [MVP]" wrote:

> The page in which you issue Session.Abandon must immediately redirect to
> another page. The Session is not destroyed until the page in which the
> statement is issued finishes processing.
> Li Pang wrote:
> > Bob,
> >
> > I give you my testing codes as below.
> > To reproduce the problem, do the following:
> > 1. start test.asp, and click on Development
> > 2. it pops up a new window. In the Login field, it shows "lpang" then
> > click "Submit"
> > 3. Apphome.asp page shows the user id
> > 4. click on Development link on test.asp page again
> > 5. it pops up another window. In Login field replace "lpang" by "Bob"
> > and click on "Submit"
> > 6. the page shows Bob as user id, now click on "refresh"
> > 7. The page shows "Bob" as user id
> > 8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
> > is overwritten)
> >
> > test.asp
> > <html>
> > <head>
> > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> > </head>
> >
> > <BODY>
> > <TABLE WIDTH="100%" HEIGHT="100%">
> > <TR>
> > <TD><a target="_blank" href="../TestApp/app.asp">Development</a>
> > </TD>
> > </TR>
> > </TABLE>
> > </BODY>
> > </html>
> >
> > App.asp
> > <%
> > Session.Abandon
> > %>
> > <html>
> > <head>
> > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> > </head>
> >
> > <BODY>
> > <form name="form1" name=form1 action=Apphome.asp method=POST>
> >
> > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
> > CELLPADDING="2">
> > <tr>
> > <th style='color=black' colspan="3">Login</th>
> >
> > </tr>
> > <tr>
> > <td align="right">Login:</td>
> > <td><input type="text" name="login" class="ipText" size="20"
> > value="lpang"></td>
> > </tr>
> > <tr>
> > <td></td>
> > <td align="center"><a
> > href="javascript:form1.submit();">Submit</a></td> </tr>
> > </table>
> > </form>
> > </BODY>
> > </html>
> >
> > Apphome.asp
> > <%
> > 'Session.Abandon
> > session("uid") = request.form("login")
> > %>
> > <html>
> > <head>
> > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> > </head>
> >
> > <BODY>
> > <form name="form1" name=form1 action=Apphome.asp method=POST>
> >
> > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
> > CELLPADDING="2">
> > <tr>
> > <th style='color=black' colspan="3">Home</th>
> >
> > </tr>
> > <tr>
> > <td>user id: </td>
> > <td><B><%=session("uid")%></B></td>
> > </tr>
> > <tr>
> > <td></td>
> > <td></td>
> > </tr>
> > <tr>
> > <td></td>
> > <td align="center"><INPUT name=showinfo type=button value="Show
> > User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
> > onclick="alert('<%=session("uid")%>');"></td>
> > </tr>
> > <TR>
> > <TD align="center"><a href="App2.asp">refresh</a></TD>
> > </TR>
> > </table>
> > </form>
> > </BODY>
> > </html>
> >
> > App2.asp
> > <%
> > 'Session.Abandon
> > 'session("uid") = "XXX"
> > %>
> > <html>
> > <head>
> > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
> > </head>
> >
> > <BODY>
> > <form name="form1" name=form1 action=App2.asp method=POST>
> >
> > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
> > CELLPADDING="2">
> > <tr>
> > <th style='color=black' colspan="3">Home</th>
> >
> > </tr>
> > <tr>
> > <td>user id: </td>
> > <td><B><%=session("uid")%></B></td>
> > </tr>
> > <tr>
> > <td></td>
> > <td></td>
> > </tr>
> > <tr>
> > <td></td>
> > <td align="center"><INPUT name=showinfo type=button value="Show User"
> > style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
> > onclick="alert('<%=session("uid")%>');"></td>
> > </tr>
> > </table>
> > </form>
> > </BODY>
> > </html>
> >
> >
> >
> > "Bob Barrows [MVP]" wrote:
> >
> >> Li Pang wrote:
> >>> Hi Bob,
> >>>
> >>> You said that "The session has already started". Is it still true if
> >>> the calling page and the called page are located at the different
> >>> servers?
> >>
> >> If they are on different servers, then, by definition, they cannot
> >> have the same session.
> >> There is no point in abandoning a session in Session_OnStart because
> >> that event only fires when a session is starting.
> >>
> >>>
> >>> How the session really works?
> >>> If the calling page A calls the called page B then the session of
> >>> page B started (from the server B).
> >>
> >> Correct. A new session starts on server B
> >>
> >>> If the calling page A calls second time the page B, how the asp or
> >>> iis knows that the session has been already started?
> >>
> >> Because the server B session cookie still exists on the user's
> >> machine.
> >>
> >>>
> >>> Is the session of page B depends on the parent page A?
> >>
> >> No. the session depends on a session cookie written to the user's
> >> machine by server B.
> >> The session cookies remain until all browser windows are closed
> >>
> >>> Is that possible to use the javascript function "window.open"
> >>> enforcing to open a new sessions?
> >>>
> >>
> >> Only by issuing a Session.Abandon call in the server-side code of
> >> the page being called.
> >>
> >> You could have a SessionAbandon.asp page to which you pass a
> >> querystring argument to control a Response.Redirect statement which
> >> is executed after the session is abandoned ...
> >>
> >> Bob Barrows
> >>
> >> --
> >> Microsoft MVP -- ASP/ASP.NET
> >> Please reply to the newsgroup. The email account listed in my From
> >> header is my spam trap, so I don't check it very often. You will get
> >> a quicker response by posting to the newsgroup.
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
>
>
>