Solved

Abandon Session.SessionID ?

Posted on 1998-10-13
13
176 Views
Last Modified: 2013-12-25
I have a web site that uses the Session.SessionId (ASP) as a unique code for a client. I need to change this sessionID once the user on the other hand has finished his/her  shopping. (for each shopper there is a unique code which is the SessionId) I am inserting this code into my access table. Once I have no need of it I need to assign a different sessionId number. Think of it as if I had to send two different purchase order bills t the same person. hope someone has an idea. Thanks.
0
Comment
Question by:AnitaP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
13 Comments
 
LVL 11

Expert Comment

by:mouatts
ID: 1829044
Firstly don't use the session id as your key. According to Microsofts documentation once the server is restarted it could utilise the same numbers (they also advise that you don't use it).

Instead at session start obtain an id from you database which you know is unique and store this within the session. Then when you want to change the id you simply need to get the next id from the database and store this within their session.

I know Access contains automatic fields so you could use one of these within its own table to hold your ids. Alternatively the old fashion method would be to have a table called IDS for example which would have a single field perhaps called NEXT_ID and a single record initially with 1 in it.

Each time you need to get an ID do a

sqlstmt="SELECT NEXT_ID FROM IDS"
SET ResultsSet=connection.execute(sqlstmt);
Session("user_id")=ResultsSet("NEXT_ID")
sqlstmt="UPDATE IDS SET NEXT_ID="&ResultSet("NEXT_ID")+1
Connection.execute(sqlstmt)

The obvious place to establish the id in the session is either within the session_start routine of global.asa or the first time that you come to write a shopping basket entry to the database.

There after extracting the id would be simply be a case of accessing Session("user_id")

Steve
0
 
LVL 28

Expert Comment

by:sybe
ID: 1829045
mouatts is right that it's better to use an autonumber from a database as an unique ID.

But if you want to destroy a user's session, then the title of your question is almost the answer:

<%Session.abandon%>

will kill all sessionvariables and the SessionID

0
 

Author Comment

by:AnitaP
ID: 1829046
Steve : you have explained to me how to create a unique ID. That part is already processed. I do not need to know that. My question was how do I get rid of my present Session.SessionID variable and replace it with a new ID. I have tried <% Session.Adandon %> but when I display the value just after that statement, It still contains the same value. I have read that the session is abandoned once that page (that script) is finished. Well, it doesn't work.

What I want to do is when a client finishes and submits his/her purchase order I want to assign a different purchase order number. Hope this is more clear. Thanks
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 11

Expert Comment

by:mouatts
ID: 1829047
If you use the approach that I mentioned then you can re-initialise the user_id either by selecting a new one or by setting it to a null value eg

Session("user_id")=Null

If you must use the Session ID then you can use abandon or you can reset the session cookie (ASPSESSIONID) using
Response.Cookies("ASPSESSIONID").Expires = "January 1, 1998"

0
 

Author Comment

by:AnitaP
ID: 1829048
STEVE : After I insert the the clients purchase order in my table I have added the following line in my asp file to get rid of the SessionID number:

commandResponse.Cookies("ASPSESSIONID").Expires = now()

I have also diplayed the value of Session.sessionID in a subsequent asp file to see if it did delete the sessionID. It did not. It always has the same Session.SessionID number. Is there a way to get rid ot it ?
0
 

Author Comment

by:AnitaP
ID: 1829049
It is giving me an error saying that :

Cookies object error 'ASP 0162 : 80004005'
Cannot Modify Cookie
/scripts/lingerie/fr/Cmd2Items.asp, line 125
The cookie 'ASPSessionID' cannot be modified. It is a reserved cookie name.

0
 

Author Comment

by:AnitaP
ID: 1829050
Does anyone else have a suggestion?
0
 
LVL 28

Expert Comment

by:sybe
ID: 1829051
Session.Timeout=0
0
 

Author Comment

by:AnitaP
ID: 1829052
Sybe : It still doesn't work. I have still the same SessionId number when I go to my main page another page. (I am setting the Session.Timeout=0 in my last page where the user purchases all the items and sends in all of his/her credit card information)
0
 
LVL 11

Expert Comment

by:mouatts
ID: 1829053
Here is another approach (although I will repeat you shouldn't be using the session id in your database and if you change this you can avoid this problem as I explained before).

Anyhow create a new virtual directory which points a different directory to your main or home one (ie the one with all the current code in).

When you want to change sessions access a page in this new directory. This page should perform a redirection to the page that you actually want displayed.

It is important within this that the references to the different directories are made via there virtual name and not via a relative url.

The reason why this should work is that when you access a new virtual root it is considered to be a different Application and by deffinition a new session thus a new session id is created. By doing the redirect you are changing session and thus a new cookie is sent out (in fact two one when you access the page doing the redirection and one when you are actually redirected).

Steve
0
 

Author Comment

by:AnitaP
ID: 1829054
ok I decided to change my user id, to another unique number other than the sessionid #. I have concatenated the session.sessionID and the date and time to a string called userid, which i will afterwards insert into my table.  

Now, when I enter my default.asp page, I want to insert this value(sessionid+date+time) into a cookie called UserID. Unfortunatly I am not advanced into cookies yet. Can someone help me a bit, and tell me how can I insert a session cookie called UserID and then in another asp page retrieve this value to insert it into my table. Thanks.
0
 
LVL 11

Accepted Solution

by:
mouatts earned 40 total points
ID: 1829055
Two ways

response.cookie(userid)=session.sessionID&now

or

response.cookie(userid)(id)=session.sessionID
response.cookie(userid)(TandD)=now

Can we close this one now?
0
 

Author Comment

by:AnitaP
ID: 1829056
Yes. and thank you for your patience.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question