Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

Multiple screens with Session Cookies

Okay I know this seems dumb and I've tried to find this code in my personal library, but I just can't seem to make it work.

My problem is very simple.  I have a screen with a username and password.  Both are passed to a ASP process page that verifies the login information to a SQL database.  If the login is a sucessful one, then the following Session variables are set

Session("UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session("SessionID") = From another fuction

Once John Smith logs into the system, his browser is set with 2 session variables, UserID and SessionID.  Here's how it works, the UserID is the User Idenfication to the login, but the SessionID is the Idenfication to this particular session.  

Here's the scenero...I open the 1st IE window and login with Smith / Smith as the username and password everything works perfect.  
Problem.. When I open an additional window (with the 1st IE window still open) and login with Smith / Smith, the Session variable (SessionID) of the 1st (IE) screen is updated to the the 2nd Session variable.  

Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.
0
Mach03
Asked:
Mach03
  • 4
  • 3
  • 2
  • +3
2 Solutions
 
kevp75Commented:
I may be a bit confused here....

Are you using the SessionID and UserID to determine what pages Smith can view?
Is SessionID some random string?

Basically, everytime you fire up the browser and go to a site, you start a new session.  A good way you can test it is try something like this at the top of the page you are opening:

<%
if Session("UserID") <> "" then
   response.write "Not Logged In"
   'display the login form...
   'then login, and open another browser window to go to this page
   'if Not Logged In is displayed than the new session has started....
else
   response.write "Logged In"
end if
%>
0
 
WillibobCommented:
Off the top of my head, the only way I can think of to acheive this is to generate your own unique session IDs (you won't be able to use Session.SessionID) each time a successful login occurs and pass that back with the UserID. You'd then have to either add this generated session ID to the querystring of each link on the page.

Then whenever you needed to know which 'session' you were processing for you would use the Request.QueryString("Session_ID").

Does this sound like what you are after?

Bill



0
 
SimonBlakeCommented:
How are you opening the second window (file -> new window from IE, CTRL+N) or starting a new IE from the desktop
--- It does make a difference! as starting a new window basically inherits "stuff" from the parent that created it including sessions as it runs in the same memory space.

Try starting a new one from the start menu and it should be ok then.

S.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
joeposter649Commented:
You could use Session.SessionID to create distinct session variables...

Session(Session.SessionID & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table
Session(Session.SessionID & "SessionID") = From another fuction
.
.
.
response.write "your userid is:" & Session(Session.SessionID & "UserID")
0
 
joeposter649Commented:
Strike that. I guess you would need to use your custom Session("SessionID") to create them...

Session( Session("SessionID") & "UserID") = rs("zUserID") <-- Returns the primary key from the Users Table

response.write "your userid is:" & Session(Session("SessionID")& "UserID")
0
 
WillibobCommented:
joeposter649, the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate. There would only be one Session("SessionID") per Session.

The easiest way to do it is to ensure that a new instance of IE is lauched for each required session (as previously stated by SimonBlake) because no further modification to the code would be necessary. If that's not possible then I'd still look at using the querystring method.

Bill
0
 
joeposter649Commented:
<<the problem is that if the windows are both sharing the same Session.SessionID then you can't use session variables to differentiate.>>
That's the problem with my first post but apparently they already have a unique id...
Session("SessionID") = From another fuction

Whatever a fuction is...:)
0
 
WMIFCommented:
>>Basically what I want is if I have multiple logins with Internet Explorer (or others browsers) I don't want the Session Cookies from one session to talk to another sessoin.

try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.
0
 
WillibobCommented:
>>try using firefox and IE then for seperate sessions, because IE will always share the same session when going to the same url.

That's not strictly true. If you have an instance of IE running and then use CTL+N then your newly created instance WILL share session variables with the first instance but if you launch a new instance of IE (using a method other than CTL+N) then it will get its own Session.SessionID and therefore WILL NOT share session variables with the first session.

The crucial aspect is how you launch subsequent instances of IE.

Bill
0
 
Mach03Author Commented:
WOW!

I didn't realize how much information I would receive.  I do appologize for my unclear posting.

The Session("User")  is the user identication of the login.
The Session("SessionID") is a different ID each time the same user logs into the system.  As SimonBlake and Willibob mentioned, if I use the CTRL+N command (which I did) the session variables are carried over.  When I tried opening a few window from the start menu, the session variables didn't carry over.

I think i know the answer because I know MS, but is there a way to stop the session passing when using CTRL +N?

Thanks guys
0
 
WillibobCommented:
If you use CTRL+N then the session variables will be shared. I don't know of any way to stop this.

Therefore you can't use session variables if you need to spawn new windows with CTRL+N.

If you used the QueryString method then you would have to pass everything from page to page using it. It would only be practical for a small application I think.

Bill
0
 
SimonBlakeCommented:
Or a hidden form post (is the other way to do it) but then you would have to write special code into every url on your site...

You can't prevent the new window function either, even if you hide the menu on a second page as tabbed browsers will override this function.

S.
0
 
Mach03Author Commented:
Thanks guys you have been a big help...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now