Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Session Variables

Posted on 2003-11-19
5
807 Views
Last Modified: 2008-02-01
<rogueripper>

Hi there!

Scenario:
I have 5 client machines running an ASP System inside an hta. (controlled environment)
All 5 client machines has Windows 2000 pro installed and IE 6 as the Web browser.

Whenever the clients logs onto the ASP System, their "user_id" gets stored into a session variable.

e.g:

Session("User_ID") = rst("User_ID")

Problem:
4 of the 5 machines actualy recocnizes the Session variable.
The other machine does not even pick it up! (i check for it inside a popup window)

I opened IE6, set the Security settings for Internet, Intranet and Trusted Sites to the lowest possible settings- enabling all, anonymous loggon, accept all cookies, refresh at every visit etc.

Again- 4 out of 5 machines this is working perfectly, it is just one machine (with the exact same IE security settings) that does not recocnize the Session variable.

I tested the ASP System inside the IE 6 browser (without using hta) and then the Session variable is recocnized, it is only as soon as the hta is running that it loses the Session variable.

Any specific securities I need to change for the hta, if so how do I go about doing that?

(o: aaargh! I am pulling out hair! :o)

Thanx in advance for anybody with a sollution! :o)

</rogueripper>
0
Comment
Question by:rogueripper
  • 4
5 Comments
 
LVL 21

Accepted Solution

by:
ap_sajith earned 500 total points
ID: 9785520
from a posting in the web..

 After you install security patch MS01-055 for Microsoft Internet Explorer
 5.5 or 6.0, you may encounter the following problems:
 Session variables are lost.
 Session state is not maintained between requests.
 Cookies are not set on the client system.

NOTE: These problems can also occur after you install a more recent patch  that includes the fix that is provided in security patch MS01-055.

CAUSE
Security patch MS01-055 prevents servers with improper name syntax from  setting cookies names. Domains that use cookies must use only alphanumeric  characters ("-" or ".") in the domain name and the server name. Internet  Explorer blocks cookies from a server if the server name contains other  characters, such as an underscore character ("_").
If you have an underscore in your domain name, if you are using frames,  cookies wont work in IE6 for these cases.
 
Because ASP session state and session variables rely on cookies to function,  ASP cannot maintain session state between requests if cookies cannot be set  on the client.

RESOLUTION
To work around this problem, use one of the following methods:
Rename the domain name and the server name, and use only alphanumeric  characters.
Browse to the server by using the Internet Protocol (IP) address rather than  the domain/server name.

NOTE: You may need to change the Microsoft Internet Information Server (IIS)  configuration after you rename a server

Hope this helps...
Cheers!!
0
 
LVL 21

Expert Comment

by:ap_sajith
ID: 9785539
0
 
LVL 21

Expert Comment

by:ap_sajith
ID: 9785621
more.... here is the complete article about my first post...

http://www.iisfaq.com/default.aspx?View=A508&P=1

Cheers!!
0
 

Author Comment

by:rogueripper
ID: 9795888
<rogueripper>

Hi there ap_sajith!

Your answer is 100% correct! I lose my Session Variables because of the Windows update patches. <grrrrrr>

The reason is for security issues.

I did discover a workaround though:

I create a shortcut with the following line:

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -k "http://myserver/default.asp"

Where -k = kiosk mode :o)

This works 100%

Thanx again for your speedy response!

</rogueripper>
0
 
LVL 21

Expert Comment

by:ap_sajith
ID: 9795905
Glad to have helped ... And tell you what.. I've learned something new too.. ;o)

Cheers!!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question