Wrox Programmer Forums
|
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old August 2nd, 2007, 06:20 AM
Registered User
 
Join Date: Aug 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Session cookies in global.asa

I am trying to figure out how various browsers (notably IE and Firefox) treat session cookies. My findings amaze me and I would like to check with others if they maybe observed similar results.

1) When I set Firefox (v. 2.0.0.6) to "no cookies" I first thought it indeed did not accept any session cookies, for every session variable I put in is lost upon return. (DEPLORABLE since this is Firefox' default setting!)But then it struck me that the session.lcid seemed to be preserved. As, for my site, this is set in the global.asa file's OnSession handler, I tried setting other session variables in global.asa as well - and it works, they are preserved!
So, I guess my question is: what is so special about global.asa session cookies?

2) IE (v. 6.0 and higher) seemed to me at first to be totally erratic with session cookies, but after much ado I sort of gathered this:
Up till the standard privacy setting of "Normal (high)" IE makes no trouble for session cookies under normal circumstances. However, suppose you have a 2 servers: server1 contains a page with a frame; the content of the frame comes from server 2. (Like when an amateur owns a domain name, but not a server; the domain name then points to some home-page on the ISP's server).
In that case, It seems to me, IE does not preserve session cookies.
Anyone else observed that?
Hans
 
Old August 2nd, 2007, 07:14 PM
Friend of Wrox
 
Join Date: Jan 2004
Posts: 1,870
Thanks: 12
Thanked 20 Times in 20 Posts
Send a message via AIM to mat41
Default

If the global.asa file is not at the root of your web server you need to make the app's root dir virtual inside IIS for them to work. you can have multiple global.asa's on a web server but if they are out side its root you need to tell IIS thisfor them to behave as you expect them to.

Temporary session variables set inside the global.asa file are nothing special as far as Im aware.

Wind is your friend
Matt
 
Old August 3rd, 2007, 08:51 AM
Registered User
 
Join Date: Aug 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Matt, thanks for your answer.
You say session cookies set inside global.asa are nothing special - but how then, do you explain the behaviour of Firefox I described? Or can't you replicate that?
Maybe I should describe it more clearly:
On the server side, I set two self made session variables: one in global.asa and one in some other asp-page.
On the client side, I use Firefox v. 2.0.0.6. to call some testpage which displays for me both session variables.
Now, with Firefox, I go to the "privacy" section of the Optiondialogue box and clear the tickmark before "Accept cookies from sites". After that, only the session variable which has been set in global.asa is displayed on my testpage.
Can you reproduce this behaviour? Is'nt it odd?
 
Old August 3rd, 2007, 08:57 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

I'd say this is expected behavior.

If you disable cookies in FireFox, you effectively break your Session state engine. Normally, session work by using cookies that keep track of the ID of your session.

If you disable cookies in FF, you can't get a Session cookie. So what happens is that on each new request to the site, Session_OnStart fires which sets your custom variable. For the duration of the page request, this variable remains available. However, on subsequent requests it gets lost, but when you revisit a page, Session_OnStart fires again and you get a new value.

To see what I mean, append Date() to the initial session value you set in Global.asa. You'll see it gets updated on each page request.

HtH,

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
 
Old August 3rd, 2007, 09:10 AM
Registered User
 
Join Date: Aug 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks a lot Imar; you're right of course; I feel very stupid after reading your answer.
My other question is still open; any ideas on that too?
Hans




 
Old August 3rd, 2007, 09:46 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

No, I don't.

AFAIK, the inner frame page should get its own session from the server the page is being served from....

Do you have any reproducible steps for this?

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
 
Old August 4th, 2007, 06:58 AM
Registered User
 
Join Date: Aug 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Imar,
I made a few pages to demonstrate what I mean.
Part 1: with IE in privacymode "normal" or "normal (high)", go to this page: http://www.mabelis.nl/artdb/session

You get an input box there and are invited to type a word. After submit, you should see a line that your word is received, and a link to another page (test2.asp), where, once again, your word should be reproduced. Whenever you return to this page during the next 20 minutes, you'll see the word you typed.

Now part two of the experiment: go to www.deadartistsgallery.eu
You'll see the same page as before; that's not amazing as it IS the same page - there's just a frame around it, which runs on a different server, as you can readily verify. However, if you fill in your word, the page test2 will give you the text: "Found nothing in the sessioncookie".
However, the only difference with the first situation is that there is a frame around it which runs on a different server.
Hans

Hans

 
Old August 4th, 2007, 07:48 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Yeah, with Privacy set to Medium High (IE 7 on Vista). the direct page works, the frameset doesn't.

Not sure why; may have to do with what IE sees as "third parties"....

Imar


---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004





Similar Threads
Thread Thread Starter Forum Replies Last Post
global.asa samwisegamgee16 Classic ASP Basics 1 September 25th, 2007 05:31 AM
Global.asa gmoney060 Classic ASP Basics 3 September 25th, 2004 09:11 AM
GLOBAL.ASA zaeem Classic ASP Databases 3 November 4th, 2003 09:13 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.