Reset Session ID

Isn't it true that with session.abandon a new SessionID should be created, or is my asumption wrong? If I'm wrong, how would you go about assigning a new SessionID?

Thanx a bundle!
LVL 1
gsnAsked:
Who is Participating?
 
robbertConnect With a Mentor Commented:
Hi gsn,

"the question remains: can you reset the sessionID somehow?"

As I found out, you cannot reset Session.SessionID.

Probably, you have to think about creating, and maintaining a "home-made" SessionID, that is destroyable.

If you'ld evaluate to do it at your own, I would be happy to give comments.
0
 
robbertCommented:
Session.Abandon does not create a new SessionID, but deletes the reference to it. When you open a new page, a new Session.SessionID will be created.

Session.SessionID is read-only.

Make sure that the user accepts cookies, otherwise a new SessionID will be assigned on every page.
0
 
gsnAuthor Commented:
Adjusted points to 75
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
gsnAuthor Commented:
robbert,

sorry, your answer is ok, however it was my fault: I wasn't clear enough. Would you mind giving me an example? I just created two pages:

========================
Page1:
========================

<%
      If request.querystring("go") = "yes" Then
            session.abandon
            response.redirect("test2.asp")
      End If
%>
<html>

<head>
<title>Test Page</title>
</head>

<body>
<%= session.sessionID%><BR><BR>
<a href="test.asp?go=yes">GO</a>


</body>
</html>
========================
Page 2:
========================
<html>

<head>
<title>Test Page 2</title>
</head>

<body><%= session.sessionID%><BR><BR>
</body>
</html>
========================

Shouldn't I get a different SessionID on the second page?
(I increased the points a bit...)

Thanks again!

G.
0
 
robbertCommented:
gsn,
I am sorry; my answer was not correct, and it was good to reject it.

I found out that Session.Abandon deletes everything in Session.Contents, but the Session.SessionID will remain the same.

If you need a new SessionID, there are two ways;
- holding your own-made SessionID through querystring (or whatever)
- deleting all you bindings, refering to the existing SessionID, and, therefore, being able to regard the maintained SessionID as "new".

What's your problem, exactly?
0
 
gsnAuthor Commented:
robbert,

Here's exactly what my problem is:
People register for an event on "registration.asp" that loops through different sections of the page depending on their answers and what kind of event they register for. The first time a record is created (INSERT INTO...) with the sessionID referencing the session (obviously...) and each time the user advances to the next section it updates the particular recordset (UPDATE ... WHERE SessID = strSessID. If strSessID is "" then the program assumes a new user, adds a new recordset and starts from the beginning). If the user goes back (hits the back-button) the program reads from the db (WHERE SessID = strSessID) and displays the entries in the fields for editing. At the end the user has the chance to view all his/her entries once more and hit a final Done button which fires off an email confirming the deal and locks the recordset (it actually sets the field "MailSent" to True which prevents the recordset from being edited.) Now, since the program compares the sessionID to an existing SessID in the database and also sees that the confirmation email has been sent it will not allow the user to register an additional event (unless he/she closes all of the browser windows and starts over...) - which is intended. Does that make my problem somewhat clear... ;-)

I am sure that there are ways around, however, the question remains: can you reset the sessionID somehow?

Thanx a bundle!

G.
0
 
Yury_DelendikCommented:
You may write
<%
If request.querystring("go") = "yes" Then
session.abandon
' Because it require end of page
%>
<html><body onLoad="window.open('test2.asp', '_self');"></body></html>
<%Else%>

.... Main page ...

<%End If%>

Good luck
0
 
chackoCommented:
You need to use Hidden variables or Database to solve this type of problem. Depending on the SessionID is not a good choice. After you use Session.Abandon, the session ids are not available and is equalent to <@ENABLESESSIONSATE=false> the beginning of each page.
0
 
mmipsCommented:
robbert is 100% correct...Microsofts own info states the following:

"After storing the SessionID cookie in the user's browser, ASP reuses the same cookie to track the session, even if the user requests another .asp file, or requests an .asp file running in other application. Likewise, if the user deliberately abandons or lets the session timeout, and then proceeds to request another .asp file, ASP begins a new session using the same cookie. The only time a user receives a new SessionID cookie is when the server administrator restarts the server, thus clearing the SessionID settings stored in memory, or the user restarts the Web browser."

Microsoft states that sessionID's are not meant for tracking purposes...Therfore I agree with robbert that you must create and manage your own sessionID...FWIW

0
 
gsnAuthor Commented:
This was a somewhat obvious answer where I needed a little push in the right direction... so thanx for that "push"... I'm already working on re-designing the process with a separate unique ID. thank you for all your inputs!

G.
0
All Courses

From novice to tech pro — start learning today.