We help IT Professionals succeed at work.

Session_OnStart problems in Global.asa

traigo
traigo asked
on
Medium Priority
323 Views
Last Modified: 2008-01-09
I am using some Ajax to check things like if the username already exists.  If a session times out, instead of getting nothing or the correct return in my <span>, I get the login page.  Also, if a user sits at the login screen for longer than the session timeout, when they go to login, it will just redirect them back to the login page.  If they then login again, it will work.  What do I do about these?

My Session_OnStart has:
  If Application("START_PAGE") <> request.servervariables("SCRIPT_NAME") or _
     Request.ServerVariables("SCRIPT_NAME") <> (Application("ROOT_DIR") & "loginverify.asp") then
    RESPONSE.REDIRECT Application("START_PAGE")
  End If

Thanks,

Traigo
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
That is more of a business decision that technical one. Do you want the user to never expire the session? If so you could have an image getting refreshed in Javascript or have a hidden frame getting refreshed every 5 minutes or so to keep the session alive.

Author

Commented:
I would like sessions to expire.  In the page headers, I have meta http-equiv="refresh" to logout the users at a specified interval.  The problem is both the register.asp (which uses the ajax) and the login page are not behind authentication.  So anyone could open a session by going to one of those pages.  If they just sit on the page I don't want to keep sessions alive indefinitely.  I would like to release the memory.  I guess I could use the meta http-equiv="refresh" to redirect the user back to the login page from register.asp at a specific time.  I then still have the problem with the login.asp.

CERTIFIED EXPERT
Top Expert 2006
Commented:
Then in login.asp let the session last as long as the page is open by using a hidden image or iframe. Once the page is closed, the session would go away in 20 minutes (or whatever is session timeout) but as long as the user keep the page open, the session would be alive. Since all other pages are protected, this is the only page that would do it and should not have much impact on the server. If that is not desirable, have this page refresh using the same technique (meta refresh) but then the user would lose if something was filled out.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Ok, I will probably just make a keepalive.asp that just returns blank and use some Ajax every so often to check that page.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.