Solved

Multiple screens with Session Cookies

Posted on 2006-07-18
13
300 Views
Last Modified: 2012-06-21
Okay I know this seems dumb and I've tried to find this code in my personal library, but I just can't seem to make it work.

My problem is very simple.  I have a screen with a username and password.  Both are passed to a ASP process page that verifies the login information to a SQL database.  If the login is a sucessful one, then the following Session variables are set

Session("UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session("SessionID") = From another fuction

Once John Smith logs into the system, his browser is set with 2 session variables, UserID and SessionID.  Here's how it works, the UserID is the User Idenfication to the login, but the SessionID is the Idenfication to this particular session.  

Here's the scenero...I open the 1st IE window and login with Smith / Smith as the username and password everything works perfect.  
Problem.. When I open an additional window (with the 1st IE window still open) and login with Smith / Smith, the Session variable (SessionID) of the 1st (IE) screen is updated to the the 2nd Session variable.  

Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.
0
Comment
Question by:Mach03
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 25

Expert Comment

by:kevp75
ID: 17129743
I may be a bit confused here....

Are you using the SessionID and UserID to determine what pages Smith can view?
Is SessionID some random string?

Basically, everytime you fire up the browser and go to a site, you start a new session.  A good way you can test it is try something like this at the top of the page you are opening:

<%
if Session("UserID") <> "" then
   response.write "Not Logged In"
   'display the login form...
   'then login, and open another browser window to go to this page
   'if Not Logged In is displayed than the new session has started....
else
   response.write "Logged In"
end if
%>
0
 
LVL 5

Expert Comment

by:Willibob
ID: 17129901
Off the top of my head, the only way I can think of to acheive this is to generate your own unique session IDs (you won't be able to use Session.SessionID) each time a successful login occurs and pass that back with the UserID. You'd then have to either add this generated session ID to the querystring of each link on the page.

Then whenever you needed to know which 'session' you were processing for you would use the Request.QueryString("Session_ID").

Does this sound like what you are after?

Bill



0
 
LVL 7

Expert Comment

by:SimonBlake
ID: 17130123
How are you opening the second window (file -> new window from IE, CTRL+N) or starting a new IE from the desktop
--- It does make a difference! as starting a new window basically inherits "stuff" from the parent that created it including sessions as it runs in the same memory space.

Try starting a new one from the start menu and it should be ok then.

S.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 15

Expert Comment

by:joeposter649
ID: 17130225
You could use Session.SessionID to create distinct session variables...

Session(Session.SessionID & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session(Session.SessionID & "SessionID") = From another fuction
.
.
.
response.write "your userid is:" & Session(Session.SessionID & "UserID")
0
 
LVL 15

Expert Comment

by:joeposter649
ID: 17130271
Strike that. I guess you would need to use your custom Session("SessionID") to create them...

Session( Session("SessionID") & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table

response.write "your userid is:" & Session(Session("SessionID")& "UserID")
0
 
LVL 5

Expert Comment

by:Willibob
ID: 17130393
joeposter649, the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate. There would only be one Session("SessionID") per Session.

The easiest way to do it is to ensure that a new instance of IE is lauched for each required session (as previously stated by SimonBlake) because no further modification to the code would be necessary. If that's not possible then I'd still look at using the querystring method.

Bill
0
 
LVL 15

Expert Comment

by:joeposter649
ID: 17134306
<<the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate.>>
That's the problem with my first post but apparently they already have a unique id...
Session("SessionID") = From another fuction

Whatever a fuction is...:)
0
 
LVL 22

Expert Comment

by:WMIF
ID: 17134712
>>Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.

try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.
0
 
LVL 5

Expert Comment

by:Willibob
ID: 17136375
>>try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.

That's not strictly true. If you have an instance of IE running and then use CTL+N then your newly created instance WILL share session variables with the first instance but if you launch a new instance of IE (using a method other than CTL+N) then it will get its own Session.SessionID and therefore WILL NOT share session variables with the first session.

The crucial aspect is how you launch subsequent instances of IE.

Bill
0
 

Author Comment

by:Mach03
ID: 17143713
WOW!

I didn't realize how much information I would receive.  I do appologize for my unclear posting.

The Session("User")  is the user identication of the login.
The Session("SessionID") is a different ID each time the same user logs into the system.  As SimonBlake and Willibob mentioned, if I use the CTRL+N command (which I did) the session variables are carried over.  When I tried opening a few window from the start menu, the session variables didn't carry over.

I think i know the answer because I know MS, but is there a way to stop the session passing when using CTRL +N?

Thanks guys
0
 
LVL 5

Accepted Solution

by:
Willibob earned 250 total points
ID: 17144223
If you use CTRL+N then the session variables will be shared. I don't know of any way to stop this.

Therefore you can't use session variables if you need to spawn new windows with CTRL+N.

If you used the QueryString method then you would have to pass everything from page to page using it. It would only be practical for a small application I think.

Bill
0
 
LVL 7

Assisted Solution

by:SimonBlake
SimonBlake earned 250 total points
ID: 17144412
Or a hidden form post (is the other way to do it) but then you would have to write special code into every url on your site...

You can't prevent the new window function either, even if you hide the menu on a second page as tabbed browsers will override this function.

S.
0
 

Author Comment

by:Mach03
ID: 17144587
Thanks guys you have been a big help...
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question