Reset Session ID

Isn't it true that with session.abandon a new SessionID should be created, or is my asumption wrong? If I'm wrong, how would you go about assigning a new SessionID?

Thanx a bundle!
LVL 1
gsnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

robbertCommented:
Session.Abandon does not create a new SessionID, but deletes the reference to it. When you open a new page, a new Session.SessionID will be created.

Session.SessionID is read-only.

Make sure that the user accepts cookies, otherwise a new SessionID will be assigned on every page.
0
gsnAuthor Commented:
Adjusted points to 75
0
gsnAuthor Commented:
robbert,

sorry, your answer is ok, however it was my fault: I wasn't clear enough. Would you mind giving me an example? I just created two pages:

========================
Page1:
========================

<%
      If request.querystring("go") = "yes" Then
            session.abandon
            response.redirect("test2.asp")
      End If
%>
<html>

<head>
<title>Test Page</title>
</head>

<body>
<%= session.sessionID%><BR><BR>
<a href="test.asp?go=yes">GO</a>


</body>
</html>
========================
Page 2:
========================
<html>

<head>
<title>Test Page 2</title>
</head>

<body><%= session.sessionID%><BR><BR>
</body>
</html>
========================

Shouldn't I get a different SessionID on the second page?
(I increased the points a bit...)

Thanks again!

G.
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

robbertCommented:
gsn,
I am sorry; my answer was not correct, and it was good to reject it.

I found out that Session.Abandon deletes everything in Session.Contents, but the Session.SessionID will remain the same.

If you need a new SessionID, there are two ways;
- holding your own-made SessionID through querystring (or whatever)
- deleting all you bindings, refering to the existing SessionID, and, therefore, being able to regard the maintained SessionID as "new".

What's your problem, exactly?
0
gsnAuthor Commented:
robbert,

Here's exactly what my problem is:
People register for an event on "registration.asp" that loops through different sections of the page depending on their answers and what kind of event they register for. The first time a record is created (INSERT INTO...) with the sessionID referencing the session (obviously...) and each time the user advances to the next section it updates the particular recordset (UPDATE ... WHERE SessID = strSessID. If strSessID is "" then the program assumes a new user, adds a new recordset and starts from the beginning). If the user goes back (hits the back-button) the program reads from the db (WHERE SessID = strSessID) and displays the entries in the fields for editing. At the end the user has the chance to view all his/her entries once more and hit a final Done button which fires off an email confirming the deal and locks the recordset (it actually sets the field "MailSent" to True which prevents the recordset from being edited.) Now, since the program compares the sessionID to an existing SessID in the database and also sees that the confirmation email has been sent it will not allow the user to register an additional event (unless he/she closes all of the browser windows and starts over...) - which is intended. Does that make my problem somewhat clear... ;-)

I am sure that there are ways around, however, the question remains: can you reset the sessionID somehow?

Thanx a bundle!

G.
0
robbertCommented:
Hi gsn,

"the question remains: can you reset the sessionID somehow?"

As I found out, you cannot reset Session.SessionID.

Probably, you have to think about creating, and maintaining a "home-made" SessionID, that is destroyable.

If you'ld evaluate to do it at your own, I would be happy to give comments.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Yury_DelendikCommented:
You may write
<%
If request.querystring("go") = "yes" Then
session.abandon
' Because it require end of page
%>
<html><body onLoad="window.open('test2.asp', '_self');"></body></html>
<%Else%>

.... Main page ...

<%End If%>

Good luck
0
chackoCommented:
You need to use Hidden variables or Database to solve this type of problem. Depending on the SessionID is not a good choice. After you use Session.Abandon, the session ids are not available and is equalent to <@ENABLESESSIONSATE=false> the beginning of each page.
0
mmipsCommented:
robbert is 100% correct...Microsofts own info states the following:

"After storing the SessionID cookie in the user's browser, ASP reuses the same cookie to track the session, even if the user requests another .asp file, or requests an .asp file running in other application. Likewise, if the user deliberately abandons or lets the session timeout, and then proceeds to request another .asp file, ASP begins a new session using the same cookie. The only time a user receives a new SessionID cookie is when the server administrator restarts the server, thus clearing the SessionID settings stored in memory, or the user restarts the Web browser."

Microsoft states that sessionID's are not meant for tracking purposes...Therfore I agree with robbert that you must create and manage your own sessionID...FWIW

0
gsnAuthor Commented:
This was a somewhat obvious answer where I needed a little push in the right direction... so thanx for that "push"... I'm already working on re-designing the process with a separate unique ID. thank you for all your inputs!

G.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.