Solved

Session_OnStart problems in Global.asa

Posted on 2006-10-24
4
286 Views
Last Modified: 2008-01-09
I am using some Ajax to check things like if the username already exists.  If a session times out, instead of getting nothing or the correct return in my <span>, I get the login page.  Also, if a user sits at the login screen for longer than the session timeout, when they go to login, it will just redirect them back to the login page.  If they then login again, it will work.  What do I do about these?

My Session_OnStart has:
  If Application("START_PAGE") <> request.servervariables("SCRIPT_NAME") or _
     Request.ServerVariables("SCRIPT_NAME") <> (Application("ROOT_DIR") & "loginverify.asp") then
    RESPONSE.REDIRECT Application("START_PAGE")
  End If

Thanks,

Traigo
0
Comment
Question by:traigo
  • 2
  • 2
4 Comments
 
LVL 58

Expert Comment

by:amit_g
ID: 17798236
That is more of a business decision that technical one. Do you want the user to never expire the session? If so you could have an image getting refreshed in Javascript or have a hidden frame getting refreshed every 5 minutes or so to keep the session alive.
0
 

Author Comment

by:traigo
ID: 17798514
I would like sessions to expire.  In the page headers, I have meta http-equiv="refresh" to logout the users at a specified interval.  The problem is both the register.asp (which uses the ajax) and the login page are not behind authentication.  So anyone could open a session by going to one of those pages.  If they just sit on the page I don't want to keep sessions alive indefinitely.  I would like to release the memory.  I guess I could use the meta http-equiv="refresh" to redirect the user back to the login page from register.asp at a specific time.  I then still have the problem with the login.asp.

0
 
LVL 58

Accepted Solution

by:
amit_g earned 500 total points
ID: 17798560
Then in login.asp let the session last as long as the page is open by using a hidden image or iframe. Once the page is closed, the session would go away in 20 minutes (or whatever is session timeout) but as long as the user keep the page open, the session would be alive. Since all other pages are protected, this is the only page that would do it and should not have much impact on the server. If that is not desirable, have this page refresh using the same technique (meta refresh) but then the user would lose if something was filled out.
0
 

Author Comment

by:traigo
ID: 17798617
Ok, I will probably just make a keepalive.asp that just returns blank and use some Ajax every so often to check that page.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now