ASP Classic Login Script Time out Issues

I have a custom ASP program I am currently writing and am having an issue with the way I wrote the login script.  The only reason I have the login script is to help identify who is creating cases within our help desk tracker; security isn't as important.  The problem I'm having is that this program is intended to be used throughout the day and kept open on the users computer, but the sessions time out too quickly.  To be honest I got the script I'm currently using from searching online and I am not entirely familiar with the way sessions are created/expired.

I don't really need their login session to expire at all, if this is a requirement it would be nice to set it up for something like 24 hours or so.
'Code found in my login.asp page

<!-- #include file="Includes/app_config.asp" -->
<%PageTitle = "Login" %>
<% If Request.ServerVariables("HTTP_REFERER") = ProgramPath & "login.asp" Then Target = "members/default.asp" else Target = Request.ServerVariables("HTTP_REFERER") End If %>
		<% If TestEnv = 1 Then %>
			<title>TEST - Harris Beach PLLC | HDT <%=PageTitle%> - TEST</title>
		<% Else %>
			<title>Harris Beach PLLC | HDT <%=PageTitle%></title>
		<% End If %>
		<link rel="stylesheet" type="text/css" href="members/tabs.css">
		<script language="javascript">
			function TechDelete(id)
				if(confirm("Are you sure you want to delete this technician?"))
			function CategoryDelete(id)
				if(confirm("Are you sure you want to delete this Category?"))
			function StatusDelete(id)
				if(confirm("Are you sure you want to delete this Status?"))
			function TypeDelete(id)
				if(confirm("Are you sure you want to delete this Client Type?"))
			function ClientDelete(id)
				if(confirm("Are you sure you want to delete this Client?"))
		<% If TestEnv = 1 Then %><h1>********* TEST Environment ********</h1><% End If %>
		<span style="font-size:large; font-weight:bold">Harris Beach PLLC</span><br>
		<span style="font-size:medium">Help Desk Tracker (HDT) - <%=PageTitle%></span>
		<ul id="tabmenu">
			<li><a class="active" href="Login.asp">Login</a></li>
		<div id="content">
			dim RS
			dim frmUsername
			dim frmPassword
			dim SQL
			'store form input into variables
			frmUsername = Request.Form("username")
			frmPassword = Request.Form("password")
			'create recordset objects
			Set RS = Server.CreateObject("ADODB.Recordset")
			' Connect to database
			Call OPEN_DB()
			' execute sql and open as recordset
			SQL = "SELECT * FROM tblTechnician where Username = '" & Request.Form("username") & "' and Password = '" & Request.Form("password") & "'"
			' Opens the returned values from the SQL as a recordset, ready for iteration by ASP
			set RS = MyConn.Execute(SQL)
			<% If Request.Form("action") <> "validate_login" Then %>
				<form name="myform" action="Login.asp" method="post">
				<input type="hidden" name="action" value="validate_login" />
					Username:<br />
					<input name="username" type="text" size="20" maxlength="20" /><br />
					Password:<br />
					<input name="password" type="password" size="20" maxlength="20" /><br />
					<input name="submit" type="submit" value="Login" />
			<% Else
				' validate variables against database
				If (not RS.BOF) and (not RS.EOF) then
					response.cookies("validatedUser") = frmUsername
					session("Username") = frmUsername
					session("FirstName") = RS("FirstName")
					session("LastName") = RS("LastName")
					session("Technician") = RS("TechnicianID")
					session("Admin") = RS("Admin")
					session("ValidatedUser") = "True"
					response.write "incorrect username and/or password<br>"
					response.write "<a href=""http://tackleberry/Test/Login.asp"">Try again</a>"
				End If
			End If
			%><!--#include file="members/inc_footer.asp"-->

'Code found at the top of every protected page
Response.Expires = -1 
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "pragma", "no-cache"
Response.AddHeader "cache-control", "private"
Response.CacheControl = "no-cache"
Response.Buffer = True

If Session("ValidatedUser") <> "True" Then
End If

TabStateA = "class=""active"""

Open in new window

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Pre IIS 7 (win2008), you can go to IIS Manager, right click on the virtual directory or website itself, properties.
In directory tab (or home directory for web site), click Configuration
If you have to, click on Create first
The 2nd tab Options contains the timeout for ASP Sessions - set it to 1440 for 24 hours.
Wayne BarronAuthor, Web DeveloperCommented:
Please have a look at this script

This script works with a cookie and "Does include security" as well.
Even though you are not much concerned with security, this is help you.

Look at the "login_validate.asp" file.
You will see
Response.Cookies("carrzkissCookieDemo").Expires = Now() + 30

The 30
is for 30 days, you can change this to 1 (For 1 day) if you so desire.

Good Luck, and if this is something that you are not interested in, please let me know and I will
See if I can help you debug your script.
I do know that sessions are a pain to get to work, and that is why I went the route of cookie instead.
As I have never experianced any issues with it thus far.

Good Luck

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Wayne BarronAuthor, Web DeveloperCommented:
Good one "cyberkiwi"
Though I have heard that even setting this it will still timeout.
I read a few threads back in 09 here on EE where people were setting this to a higher number and it still would timeout on them regardless of what they set it on.
I am not sure if it is an IIS issue itself (or) an asp issue.
But I do know that it sometimes does not work, and with other users, it does work.
So, give it a shot and see what happens.

Good Luck
On IIS5 it is king, on IIS6 and IIS7, the application pool setting and appdomain come into play and can terminate the w3wp.exe service itself, which of course takes the entire session down.
Wayne BarronAuthor, Web DeveloperCommented:
Glad you like the script.
I am constantly making advances to it, so keep the link handy
The last update was made [Updated on: 3:33am EST September 15th, 2009]
And I am looking at doing another one soon.

Have a good one.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.