Link to home
Start Free TrialLog in
Avatar of AnitaP
AnitaP

asked on

Abandon Session.SessionID ?

I have a web site that uses the Session.SessionId (ASP) as a unique code for a client. I need to change this sessionID once the user on the other hand has finished his/her  shopping. (for each shopper there is a unique code which is the SessionId) I am inserting this code into my access table. Once I have no need of it I need to assign a different sessionId number. Think of it as if I had to send two different purchase order bills t the same person. hope someone has an idea. Thanks.
Avatar of mouatts
mouatts

Firstly don't use the session id as your key. According to Microsofts documentation once the server is restarted it could utilise the same numbers (they also advise that you don't use it).

Instead at session start obtain an id from you database which you know is unique and store this within the session. Then when you want to change the id you simply need to get the next id from the database and store this within their session.

I know Access contains automatic fields so you could use one of these within its own table to hold your ids. Alternatively the old fashion method would be to have a table called IDS for example which would have a single field perhaps called NEXT_ID and a single record initially with 1 in it.

Each time you need to get an ID do a

sqlstmt="SELECT NEXT_ID FROM IDS"
SET ResultsSet=connection.execute(sqlstmt);
Session("user_id")=ResultsSet("NEXT_ID")
sqlstmt="UPDATE IDS SET NEXT_ID="&ResultSet("NEXT_ID")+1
Connection.execute(sqlstmt)

The obvious place to establish the id in the session is either within the session_start routine of global.asa or the first time that you come to write a shopping basket entry to the database.

There after extracting the id would be simply be a case of accessing Session("user_id")

Steve
Avatar of sybe
mouatts is right that it's better to use an autonumber from a database as an unique ID.

But if you want to destroy a user's session, then the title of your question is almost the answer:

<%Session.abandon%>

will kill all sessionvariables and the SessionID

Avatar of AnitaP

ASKER

Steve : you have explained to me how to create a unique ID. That part is already processed. I do not need to know that. My question was how do I get rid of my present Session.SessionID variable and replace it with a new ID. I have tried <% Session.Adandon %> but when I display the value just after that statement, It still contains the same value. I have read that the session is abandoned once that page (that script) is finished. Well, it doesn't work.

What I want to do is when a client finishes and submits his/her purchase order I want to assign a different purchase order number. Hope this is more clear. Thanks
If you use the approach that I mentioned then you can re-initialise the user_id either by selecting a new one or by setting it to a null value eg

Session("user_id")=Null

If you must use the Session ID then you can use abandon or you can reset the session cookie (ASPSESSIONID) using
Response.Cookies("ASPSESSIONID").Expires = "January 1, 1998"

Avatar of AnitaP

ASKER

STEVE : After I insert the the clients purchase order in my table I have added the following line in my asp file to get rid of the SessionID number:

commandResponse.Cookies("ASPSESSIONID").Expires = now()

I have also diplayed the value of Session.sessionID in a subsequent asp file to see if it did delete the sessionID. It did not. It always has the same Session.SessionID number. Is there a way to get rid ot it ?
Avatar of AnitaP

ASKER

It is giving me an error saying that :

Cookies object error 'ASP 0162 : 80004005'
Cannot Modify Cookie
/scripts/lingerie/fr/Cmd2Items.asp, line 125
The cookie 'ASPSessionID' cannot be modified. It is a reserved cookie name.

Avatar of AnitaP

ASKER

Does anyone else have a suggestion?
Session.Timeout=0
Avatar of AnitaP

ASKER

Sybe : It still doesn't work. I have still the same SessionId number when I go to my main page another page. (I am setting the Session.Timeout=0 in my last page where the user purchases all the items and sends in all of his/her credit card information)
Here is another approach (although I will repeat you shouldn't be using the session id in your database and if you change this you can avoid this problem as I explained before).

Anyhow create a new virtual directory which points a different directory to your main or home one (ie the one with all the current code in).

When you want to change sessions access a page in this new directory. This page should perform a redirection to the page that you actually want displayed.

It is important within this that the references to the different directories are made via there virtual name and not via a relative url.

The reason why this should work is that when you access a new virtual root it is considered to be a different Application and by deffinition a new session thus a new session id is created. By doing the redirect you are changing session and thus a new cookie is sent out (in fact two one when you access the page doing the redirection and one when you are actually redirected).

Steve
Avatar of AnitaP

ASKER

ok I decided to change my user id, to another unique number other than the sessionid #. I have concatenated the session.sessionID and the date and time to a string called userid, which i will afterwards insert into my table.  

Now, when I enter my default.asp page, I want to insert this value(sessionid+date+time) into a cookie called UserID. Unfortunatly I am not advanced into cookies yet. Can someone help me a bit, and tell me how can I insert a session cookie called UserID and then in another asp page retrieve this value to insert it into my table. Thanks.
ASKER CERTIFIED SOLUTION
Avatar of mouatts
mouatts

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AnitaP

ASKER

Yes. and thank you for your patience.