Bob Barrows [MVP] wrote:
> wrote:
> > I have an ASP page that is using an XMLHTTP object to request various
> > pages from my server.
> Is this being done in client-side code? or are you really using the
> XMLHTTPServer object?
>
> > I keep a single session throughout the
> > XMLHTTP requests by bassing the ASPSESSIONID cookie through the
> > XMLHTTP object.
>
> If using XMLHTTP from client-side code, I do not believe this is
> necessary.
> >
> > However, when the page requested through the XML object makes a
> > <%Response.Redirect()%>
>
> > call, a new session is created each time.
> >
> This test fails to duplicate your behavior:
>
> xmlhttp_session.asp:
> <%
> session("test")="Z"
> %>
> <HTML>
> <HEAD>
> <script type="text/javascript">
> function test()
> {
> var oHTTP = new ActiveXObject("Microsoft.XMLHTTP");
> oHTTP.open("POST","getsessionval.asp", false);
> oHTTP.send();
> alert(oHTTP.responseText)
> }
> </script>
> </HEAD>
> <BODY>
> <INPUT type="button" value="Button" id=button1 name=button1
> onclick="test();">
> </BODY>
> </HTML>
>
>
> getsessionval.asp:
> <%response.redirect "getsessionval2.asp"%>
>
> getsessionval2.asp:
> <%response.write session("test")%>
>
> Clicking the button results in "Z" being alerted.
>
> Have I just wasted my time? Are you really using XMLHTTPServer in
> server-side code?
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
Bob, I apologize for not making myself more clear. I am indeed using
ServerXMLHTTP.
Setting up an example isn't necessarily simple, but I'll give it a
shot.
Page1.asp:
<%
<!--#include file="includes/classes/cookie.asp" -->
Function ProcessResponseHeaders(sHeaders)
Set reCookies = New RegExp
reCookies.IgnoreCase = true
reCookies.Global = true
reCookies.Pattern = "Set-Cookie: [^\n]*\n"
Set oMatches = reCookies.Execute(sHeaders)
for each oMatch in oMatches
Set oCookie = New Cookie
oCookie.ParseCookieHeader(oMatch.Value)
if(oCookie.IsSessionCookie)then
Session("CookieName") = oCookie.Name
Session("CookieValue") = oCookie.Value
else
oCookie.WriteToResponse()
end if
next
End Function
sSessionCookie = Session("CookieName")
sSessionCookieValue = Session("CookieValue")
Set oHTTPpost = Server.CreateObject("Msxml2.ServerXMLHTTP")
oHTTPpost.open "GET", "http:/url.tld/testsession.asp" , false
oHTTPpost.SetRequestHeader "Cookie", sSessionCookie & "=" &
sSessionCookieValue
oHTTPpost.send(null)
sReturnValue = oHTTPpost.responseText
ProcessResponseHeaders(oHTTPPost.GetAllResponseHea ders)
Response.Write(sReturnValue)
%>
testsession.asp
<%
Response.Redirect("redirecttarget.asp")
Response.Write(Session.SessionID)
%>
redirecttarget.asp
<%
Response.Write(Session.SessionID)
%>
cookie.asp:
<%
Class Cookie
Public Name
Public Value
Public Expires
Public Path
Private Sub Class_Initialize
Me.Name = ""
Me.Value = ""
Me.Expires = ""
Me.Path = ""
End Sub
Private Sub Class_Terminate
End Sub
Public Function ParseCookieHeader(sHeader)
Set reCookie = New RegExp
reCookie.IgnoreCase = true
reCookie.Global = true
reCookie.Pattern = "[^\s]*=[^\n;]*"
Set oMatches = reCookie.Execute(sHeader)
for each oMatch in oMatches
a_sMatch = split(oMatch.value,"=")
sName = a_sMatch(0)
sValue = a_sMatch(1)
select case lcase(sName)
case "path": Me.Path = URLDecode(sValue)
case "expires": Me.Expires = URLDecode(sValue)
case else: Me.Name = URLDecode(sName)
Me.Value = URLDecode(sValue)
end select
next
End Function
Public Function WriteToResponse()
if(Me.Name <> "")then
Response.Cookies(Me.Name) = Me.Value
if(Me.Path <> "")then
Response.Cookies(Me.Name).Path = Me.Path
end if
if(Me.Expires <> "")then
Response.Cookies(Me.Name).Expires = Me.Expires
end if
end if
End Function
Function URLDecode(sConvert)
Dim aSplit
Dim sOutput
Dim I
If IsNull(sConvert) Then
URLDecode = ""
Exit Function
End If
' convert all pluses to spaces
sOutput = REPLACE(sConvert, "+", " ")
' next convert %hexdigits to the character
aSplit = Split(sOutput, "%")
If IsArray(aSplit) Then
sOutput = aSplit(0)
For I = 0 to UBound(aSplit) - 1
sOutput = sOutput & _
Chr("&H" & Left(aSplit(i + 1), 2)) &_
Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
Next
End If
URLDecode = sOutput
End Function
End Class
%>
So, in this example, page1.asp requests testsession.asp via the
ServerXMLTTP object. page1.asp maintains the ASP session ID by passing
the ASPSESSIONID cookie to through the ServerXMLHTTP object.
ProcessFunctionHeaders and the cookie class are responsible for this.
Once requested, testsession.asp writes a redirect header to the client
(in this case the ServerXMLHTTP object). The client then redirects to
redirecttarget.asp, which prints the current session id.) As you will
see, the value printed by page1.asp will increment with ever refresh of
page1.asp. Commenting the first line of testsession.asp (commenting out
the redirect) causes the sessionid to remain constant with every
refresh of page1.asp.
This leads me to believe that the ServerXMLHTTP object fails to pass
the cookies to the server if the server has responded with a 302
redirect header (issued by response.redirect). Can anyone confirm or
deny this issue?
Many thanks.
Mike Biang
Software Developmer
Cramer Development
Similar Threads
