Multiple screens with Session Cookies

Okay I know this seems dumb and I've tried to find this code in my personal library, but I just can't seem to make it work.

My problem is very simple.  I have a screen with a username and password.  Both are passed to a ASP process page that verifies the login information to a SQL database.  If the login is a sucessful one, then the following Session variables are set

Session("UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session("SessionID") = From another fuction

Once John Smith logs into the system, his browser is set with 2 session variables, UserID and SessionID.  Here's how it works, the UserID is the User Idenfication to the login, but the SessionID is the Idenfication to this particular session.  

Here's the scenero...I open the 1st IE window and login with Smith / Smith as the username and password everything works perfect.  
Problem.. When I open an additional window (with the 1st IE window still open) and login with Smith / Smith, the Session variable (SessionID) of the 1st (IE) screen is updated to the the 2nd Session variable.  

Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.
Mach03Asked:
Who is Participating?
 
WillibobConnect With a Mentor Commented:
If you use CTRL+N then the session variables will be shared. I don't know of any way to stop this.

Therefore you can't use session variables if you need to spawn new windows with CTRL+N.

If you used the QueryString method then you would have to pass everything from page to page using it. It would only be practical for a small application I think.

Bill
0
 
kevp75Commented:
I may be a bit confused here....

Are you using the SessionID and UserID to determine what pages Smith can view?
Is SessionID some random string?

Basically, everytime you fire up the browser and go to a site, you start a new session.  A good way you can test it is try something like this at the top of the page you are opening:

<%
if Session("UserID") <> "" then
   response.write "Not Logged In"
   'display the login form...
   'then login, and open another browser window to go to this page
   'if Not Logged In is displayed than the new session has started....
else
   response.write "Logged In"
end if
%>
0
 
WillibobCommented:
Off the top of my head, the only way I can think of to acheive this is to generate your own unique session IDs (you won't be able to use Session.SessionID) each time a successful login occurs and pass that back with the UserID. You'd then have to either add this generated session ID to the querystring of each link on the page.

Then whenever you needed to know which 'session' you were processing for you would use the Request.QueryString("Session_ID").

Does this sound like what you are after?

Bill



0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
SimonBlakeCommented:
How are you opening the second window (file -> new window from IE, CTRL+N) or starting a new IE from the desktop
--- It does make a difference! as starting a new window basically inherits "stuff" from the parent that created it including sessions as it runs in the same memory space.

Try starting a new one from the start menu and it should be ok then.

S.
0
 
joeposter649Commented:
You could use Session.SessionID to create distinct session variables...

Session(Session.SessionID & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session(Session.SessionID & "SessionID") = From another fuction
.
.
.
response.write "your userid is:" & Session(Session.SessionID & "UserID")
0
 
joeposter649Commented:
Strike that. I guess you would need to use your custom Session("SessionID") to create them...

Session( Session("SessionID") & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table

response.write "your userid is:" & Session(Session("SessionID")& "UserID")
0
 
WillibobCommented:
joeposter649, the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate. There would only be one Session("SessionID") per Session.

The easiest way to do it is to ensure that a new instance of IE is lauched for each required session (as previously stated by SimonBlake) because no further modification to the code would be necessary. If that's not possible then I'd still look at using the querystring method.

Bill
0
 
joeposter649Commented:
<<the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate.>>
That's the problem with my first post but apparently they already have a unique id...
Session("SessionID") = From another fuction

Whatever a fuction is...:)
0
 
WMIFCommented:
>>Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.

try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.
0
 
WillibobCommented:
>>try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.

That's not strictly true. If you have an instance of IE running and then use CTL+N then your newly created instance WILL share session variables with the first instance but if you launch a new instance of IE (using a method other than CTL+N) then it will get its own Session.SessionID and therefore WILL NOT share session variables with the first session.

The crucial aspect is how you launch subsequent instances of IE.

Bill
0
 
Mach03Author Commented:
WOW!

I didn't realize how much information I would receive.  I do appologize for my unclear posting.

The Session("User")  is the user identication of the login.
The Session("SessionID") is a different ID each time the same user logs into the system.  As SimonBlake and Willibob mentioned, if I use the CTRL+N command (which I did) the session variables are carried over.  When I tried opening a few window from the start menu, the session variables didn't carry over.

I think i know the answer because I know MS, but is there a way to stop the session passing when using CTRL +N?

Thanks guys
0
 
SimonBlakeConnect With a Mentor Commented:
Or a hidden form post (is the other way to do it) but then you would have to write special code into every url on your site...

You can't prevent the new window function either, even if you hide the menu on a second page as tabbed browsers will override this function.

S.
0
 
Mach03Author Commented:
Thanks guys you have been a big help...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.