Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old August 2nd, 2007, 06:20 AM
Registered User
 
Join Date: Aug 2007
Location: Amsterdam, , Netherlands.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Session cookies in global.asa

I am trying to figure out how various browsers (notably IE and Firefox) treat session cookies. My findings amaze me and I would like to check with others if they maybe observed similar results.

1) When I set Firefox (v. 2.0.0.6) to "no cookies" I first thought it indeed did not accept any session cookies, for every session variable I put in is lost upon return. (DEPLORABLE since this is Firefox' default setting!)But then it struck me that the session.lcid seemed to be preserved. As, for my site, this is set in the global.asa file's OnSession handler, I tried setting other session variables in global.asa as well - and it works, they are preserved!
So, I guess my question is: what is so special about global.asa session cookies?

2) IE (v. 6.0 and higher) seemed to me at first to be totally erratic with session cookies, but after much ado I sort of gathered this:
Up till the standard privacy setting of "Normal (high)" IE makes no trouble for session cookies under normal circumstances. However, suppose you have a 2 servers: server1 contains a page with a frame; the content of the frame comes from server 2. (Like when an amateur owns a domain name, but not a server; the domain name then points to some home-page on the ISP's server).
In that case, It seems to me, IE does not preserve session cookies.
Anyone else observed that?
Hans
Reply With Quote
  #2 (permalink)  
Old August 2nd, 2007, 07:14 PM
Friend of Wrox
Points: 6,664, Level: 34
Points: 6,664, Level: 34 Points: 6,664, Level: 34 Points: 6,664, Level: 34
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2004
Location: Sydney, NSW, Australia.
Posts: 1,870
Thanks: 12
Thanked 20 Times in 20 Posts
Send a message via AIM to mat41
Default

If the global.asa file is not at the root of your web server you need to make the app's root dir virtual inside IIS for them to work. you can have multiple global.asa's on a web server but if they are out side its root you need to tell IIS thisfor them to behave as you expect them to.

Temporary session variables set inside the global.asa file are nothing special as far as Im aware.

Wind is your friend
Matt
Reply With Quote
  #3 (permalink)  
Old August 3rd, 2007, 08:51 AM
Registered User
 
Join Date: Aug 2007
Location: Amsterdam, , Netherlands.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Matt, thanks for your answer.
You say session cookies set inside global.asa are nothing special - but how then, do you explain the behaviour of Firefox I described? Or can't you replicate that?
Maybe I should describe it more clearly:
On the server side, I set two self made session variables: one in global.asa and one in some other asp-page.
On the client side, I use Firefox v. 2.0.0.6. to call some testpage which displays for me both session variables.
Now, with Firefox, I go to the "privacy" section of the Optiondialogue box and clear the tickmark before "Accept cookies from sites". After that, only the session variable which has been set in global.asa is displayed on my testpage.
Can you reproduce this behaviour? Is'nt it odd?
Reply With Quote
  #4 (permalink)  
Old August 3rd, 2007, 08:57 AM
Imar's Avatar
Wrox Author
Points: 72,045, Level: 100
Points: 72,045, Level: 100 Points: 72,045, Level: 100 Points: 72,045, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,083
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

I'd say this is expected behavior.

If you disable cookies in FireFox, you effectively break your Session state engine. Normally, session work by using cookies that keep track of the ID of your session.

If you disable cookies in FF, you can't get a Session cookie. So what happens is that on each new request to the site, Session_OnStart fires which sets your custom variable. For the duration of the page request, this variable remains available. However, on subsequent requests it gets lost, but when you revisit a page, Session_OnStart fires again and you get a new value.

To see what I mean, append Date() to the initial session value you set in Global.asa. You'll see it gets updated on each page request.

HtH,

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #5 (permalink)  
Old August 3rd, 2007, 09:10 AM
Registered User
 
Join Date: Aug 2007
Location: Amsterdam, , Netherlands.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks a lot Imar; you're right of course; I feel very stupid after reading your answer.
My other question is still open; any ideas on that too?
Hans




Reply With Quote
  #6 (permalink)  
Old August 3rd, 2007, 09:46 AM
Imar's Avatar
Wrox Author
Points: 72,045, Level: 100
Points: 72,045, Level: 100 Points: 72,045, Level: 100 Points: 72,045, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,083
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

No, I don't.

AFAIK, the inner frame page should get its own session from the server the page is being served from....

Do you have any reproducible steps for this?

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #7 (permalink)  
Old August 4th, 2007, 06:58 AM
Registered User
 
Join Date: Aug 2007
Location: Amsterdam, , Netherlands.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Imar,
I made a few pages to demonstrate what I mean.
Part 1: with IE in privacymode "normal" or "normal (high)", go to this page: http://www.mabelis.nl/artdb/session

You get an input box there and are invited to type a word. After submit, you should see a line that your word is received, and a link to another page (test2.asp), where, once again, your word should be reproduced. Whenever you return to this page during the next 20 minutes, you'll see the word you typed.

Now part two of the experiment: go to www.deadartistsgallery.eu
You'll see the same page as before; that's not amazing as it IS the same page - there's just a frame around it, which runs on a different server, as you can readily verify. However, if you fill in your word, the page test2 will give you the text: "Found nothing in the sessioncookie".
However, the only difference with the first situation is that there is a frame around it which runs on a different server.
Hans

Hans

Reply With Quote
  #8 (permalink)  
Old August 4th, 2007, 07:48 AM
Imar's Avatar
Wrox Author
Points: 72,045, Level: 100
Points: 72,045, Level: 100 Points: 72,045, Level: 100 Points: 72,045, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,083
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Yeah, with Privacy set to Medium High (IE 7 on Vista). the direct page works, the frameset doesn't.

Not sure why; may have to do with what IE sees as "third parties"....

Imar


---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
global.asa samwisegamgee16 Classic ASP Basics 1 September 25th, 2007 05:31 AM
Global.asa gmoney060 Classic ASP Basics 3 September 25th, 2004 09:11 AM
GLOBAL.ASA zaeem Classic ASP Databases 3 November 4th, 2003 09:13 AM



All times are GMT -4. The time now is 09:06 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.