Solved

Abandon Session.SessionID ?

Posted on 1998-10-13
13
171 Views
Last Modified: 2013-12-25
I have a web site that uses the Session.SessionId (ASP) as a unique code for a client. I need to change this sessionID once the user on the other hand has finished his/her  shopping. (for each shopper there is a unique code which is the SessionId) I am inserting this code into my access table. Once I have no need of it I need to assign a different sessionId number. Think of it as if I had to send two different purchase order bills t the same person. hope someone has an idea. Thanks.
0
Comment
Question by:AnitaP
  • 7
  • 4
  • 2
13 Comments
 
LVL 11

Expert Comment

by:mouatts
ID: 1829044
Firstly don't use the session id as your key. According to Microsofts documentation once the server is restarted it could utilise the same numbers (they also advise that you don't use it).

Instead at session start obtain an id from you database which you know is unique and store this within the session. Then when you want to change the id you simply need to get the next id from the database and store this within their session.

I know Access contains automatic fields so you could use one of these within its own table to hold your ids. Alternatively the old fashion method would be to have a table called IDS for example which would have a single field perhaps called NEXT_ID and a single record initially with 1 in it.

Each time you need to get an ID do a

sqlstmt="SELECT NEXT_ID FROM IDS"
SET ResultsSet=connection.execute(sqlstmt);
Session("user_id")=ResultsSet("NEXT_ID")
sqlstmt="UPDATE IDS SET NEXT_ID="&ResultSet("NEXT_ID")+1
Connection.execute(sqlstmt)

The obvious place to establish the id in the session is either within the session_start routine of global.asa or the first time that you come to write a shopping basket entry to the database.

There after extracting the id would be simply be a case of accessing Session("user_id")

Steve
0
 
LVL 28

Expert Comment

by:sybe
ID: 1829045
mouatts is right that it's better to use an autonumber from a database as an unique ID.

But if you want to destroy a user's session, then the title of your question is almost the answer:

<%Session.abandon%>

will kill all sessionvariables and the SessionID

0
 

Author Comment

by:AnitaP
ID: 1829046
Steve : you have explained to me how to create a unique ID. That part is already processed. I do not need to know that. My question was how do I get rid of my present Session.SessionID variable and replace it with a new ID. I have tried <% Session.Adandon %> but when I display the value just after that statement, It still contains the same value. I have read that the session is abandoned once that page (that script) is finished. Well, it doesn't work.

What I want to do is when a client finishes and submits his/her purchase order I want to assign a different purchase order number. Hope this is more clear. Thanks
0
 
LVL 11

Expert Comment

by:mouatts
ID: 1829047
If you use the approach that I mentioned then you can re-initialise the user_id either by selecting a new one or by setting it to a null value eg

Session("user_id")=Null

If you must use the Session ID then you can use abandon or you can reset the session cookie (ASPSESSIONID) using
Response.Cookies("ASPSESSIONID").Expires = "January 1, 1998"

0
 

Author Comment

by:AnitaP
ID: 1829048
STEVE : After I insert the the clients purchase order in my table I have added the following line in my asp file to get rid of the SessionID number:

commandResponse.Cookies("ASPSESSIONID").Expires = now()

I have also diplayed the value of Session.sessionID in a subsequent asp file to see if it did delete the sessionID. It did not. It always has the same Session.SessionID number. Is there a way to get rid ot it ?
0
 

Author Comment

by:AnitaP
ID: 1829049
It is giving me an error saying that :

Cookies object error 'ASP 0162 : 80004005'
Cannot Modify Cookie
/scripts/lingerie/fr/Cmd2Items.asp, line 125
The cookie 'ASPSessionID' cannot be modified. It is a reserved cookie name.

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:AnitaP
ID: 1829050
Does anyone else have a suggestion?
0
 
LVL 28

Expert Comment

by:sybe
ID: 1829051
Session.Timeout=0
0
 

Author Comment

by:AnitaP
ID: 1829052
Sybe : It still doesn't work. I have still the same SessionId number when I go to my main page another page. (I am setting the Session.Timeout=0 in my last page where the user purchases all the items and sends in all of his/her credit card information)
0
 
LVL 11

Expert Comment

by:mouatts
ID: 1829053
Here is another approach (although I will repeat you shouldn't be using the session id in your database and if you change this you can avoid this problem as I explained before).

Anyhow create a new virtual directory which points a different directory to your main or home one (ie the one with all the current code in).

When you want to change sessions access a page in this new directory. This page should perform a redirection to the page that you actually want displayed.

It is important within this that the references to the different directories are made via there virtual name and not via a relative url.

The reason why this should work is that when you access a new virtual root it is considered to be a different Application and by deffinition a new session thus a new session id is created. By doing the redirect you are changing session and thus a new cookie is sent out (in fact two one when you access the page doing the redirection and one when you are actually redirected).

Steve
0
 

Author Comment

by:AnitaP
ID: 1829054
ok I decided to change my user id, to another unique number other than the sessionid #. I have concatenated the session.sessionID and the date and time to a string called userid, which i will afterwards insert into my table.  

Now, when I enter my default.asp page, I want to insert this value(sessionid+date+time) into a cookie called UserID. Unfortunatly I am not advanced into cookies yet. Can someone help me a bit, and tell me how can I insert a session cookie called UserID and then in another asp page retrieve this value to insert it into my table. Thanks.
0
 
LVL 11

Accepted Solution

by:
mouatts earned 40 total points
ID: 1829055
Two ways

response.cookie(userid)=session.sessionID&now

or

response.cookie(userid)(id)=session.sessionID
response.cookie(userid)(TandD)=now

Can we close this one now?
0
 

Author Comment

by:AnitaP
ID: 1829056
Yes. and thank you for your patience.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

In this tutorial I will aim to show you how simple is making a small application in WhizBase, how to add, remove and update data in the DB. I will make a small address book application where you can add, browse, update and remove addresses. I wi…
Recently I have been answering a lot of questions like this in IT forums that I frequent. The question posed is usually something along the lines of "We have software X installed and need to uninstall it for reason Y" or some other variant of the sa…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now