Solved

Multiple screens with Session Cookies

Posted on 2006-07-18
13
298 Views
Last Modified: 2012-06-21
Okay I know this seems dumb and I've tried to find this code in my personal library, but I just can't seem to make it work.

My problem is very simple.  I have a screen with a username and password.  Both are passed to a ASP process page that verifies the login information to a SQL database.  If the login is a sucessful one, then the following Session variables are set

Session("UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session("SessionID") = From another fuction

Once John Smith logs into the system, his browser is set with 2 session variables, UserID and SessionID.  Here's how it works, the UserID is the User Idenfication to the login, but the SessionID is the Idenfication to this particular session.  

Here's the scenero...I open the 1st IE window and login with Smith / Smith as the username and password everything works perfect.  
Problem.. When I open an additional window (with the 1st IE window still open) and login with Smith / Smith, the Session variable (SessionID) of the 1st (IE) screen is updated to the the 2nd Session variable.  

Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.
0
Comment
Question by:Mach03
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 25

Expert Comment

by:kevp75
ID: 17129743
I may be a bit confused here....

Are you using the SessionID and UserID to determine what pages Smith can view?
Is SessionID some random string?

Basically, everytime you fire up the browser and go to a site, you start a new session.  A good way you can test it is try something like this at the top of the page you are opening:

<%
if Session("UserID") <> "" then
   response.write "Not Logged In"
   'display the login form...
   'then login, and open another browser window to go to this page
   'if Not Logged In is displayed than the new session has started....
else
   response.write "Logged In"
end if
%>
0
 
LVL 5

Expert Comment

by:Willibob
ID: 17129901
Off the top of my head, the only way I can think of to acheive this is to generate your own unique session IDs (you won't be able to use Session.SessionID) each time a successful login occurs and pass that back with the UserID. You'd then have to either add this generated session ID to the querystring of each link on the page.

Then whenever you needed to know which 'session' you were processing for you would use the Request.QueryString("Session_ID").

Does this sound like what you are after?

Bill



0
 
LVL 7

Expert Comment

by:SimonBlake
ID: 17130123
How are you opening the second window (file -> new window from IE, CTRL+N) or starting a new IE from the desktop
--- It does make a difference! as starting a new window basically inherits "stuff" from the parent that created it including sessions as it runs in the same memory space.

Try starting a new one from the start menu and it should be ok then.

S.
0
 
LVL 15

Expert Comment

by:joeposter649
ID: 17130225
You could use Session.SessionID to create distinct session variables...

Session(Session.SessionID & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session(Session.SessionID & "SessionID") = From another fuction
.
.
.
response.write "your userid is:" & Session(Session.SessionID & "UserID")
0
 
LVL 15

Expert Comment

by:joeposter649
ID: 17130271
Strike that. I guess you would need to use your custom Session("SessionID") to create them...

Session( Session("SessionID") & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table

response.write "your userid is:" & Session(Session("SessionID")& "UserID")
0
 
LVL 5

Expert Comment

by:Willibob
ID: 17130393
joeposter649, the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate. There would only be one Session("SessionID") per Session.

The easiest way to do it is to ensure that a new instance of IE is lauched for each required session (as previously stated by SimonBlake) because no further modification to the code would be necessary. If that's not possible then I'd still look at using the querystring method.

Bill
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 15

Expert Comment

by:joeposter649
ID: 17134306
<<the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate.>>
That's the problem with my first post but apparently they already have a unique id...
Session("SessionID") = From another fuction

Whatever a fuction is...:)
0
 
LVL 22

Expert Comment

by:WMIF
ID: 17134712
>>Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.

try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.
0
 
LVL 5

Expert Comment

by:Willibob
ID: 17136375
>>try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.

That's not strictly true. If you have an instance of IE running and then use CTL+N then your newly created instance WILL share session variables with the first instance but if you launch a new instance of IE (using a method other than CTL+N) then it will get its own Session.SessionID and therefore WILL NOT share session variables with the first session.

The crucial aspect is how you launch subsequent instances of IE.

Bill
0
 

Author Comment

by:Mach03
ID: 17143713
WOW!

I didn't realize how much information I would receive.  I do appologize for my unclear posting.

The Session("User")  is the user identication of the login.
The Session("SessionID") is a different ID each time the same user logs into the system.  As SimonBlake and Willibob mentioned, if I use the CTRL+N command (which I did) the session variables are carried over.  When I tried opening a few window from the start menu, the session variables didn't carry over.

I think i know the answer because I know MS, but is there a way to stop the session passing when using CTRL +N?

Thanks guys
0
 
LVL 5

Accepted Solution

by:
Willibob earned 250 total points
ID: 17144223
If you use CTRL+N then the session variables will be shared. I don't know of any way to stop this.

Therefore you can't use session variables if you need to spawn new windows with CTRL+N.

If you used the QueryString method then you would have to pass everything from page to page using it. It would only be practical for a small application I think.

Bill
0
 
LVL 7

Assisted Solution

by:SimonBlake
SimonBlake earned 250 total points
ID: 17144412
Or a hidden form post (is the other way to do it) but then you would have to write special code into every url on your site...

You can't prevent the new window function either, even if you hide the menu on a second page as tabbed browsers will override this function.

S.
0
 

Author Comment

by:Mach03
ID: 17144587
Thanks guys you have been a big help...
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Syntax Help on SP 4 52
Prevent URL from printing on header 5 60
ASP Classic - Load test 2 33
asp syntax 3 22
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now