I forgot, help please

[p byers]

Hi Folks

I have seen a method of obtaining all of the SESSION (or COOKIES maybe)
using a "for each" statement.

BUT

I have forgotten how/when/where I saw it.


I am particularly interested in the "automatically generated long
unique string Session Identifier"


Please forgive my "No-Tech" description of what I require - I fear
Senile Decay is happening quicker than I thought.

Best regards
Thank you
Pete (Northolt UK)

 

[p byers]

Should have said "Using ASP on the Server"

 

[Cowboy \(Gregory A. Beamer\)]

About half way down.
http://www.angelfire.com/tx4/cus/notes/asp.html

I add this one, as I like the way he has formatted his code. It is very easy
to read and understand.

 

[Anthony Jones]

google is your friend....

<%
'Print out the entire cookie collection.
'-----------------------------------------
For Each cookie in Request.Cookies
If Not cookie.HasKeys Then
'Print out the cookie string
%>
<%= cookie %> = <%= Request.Cookies(cookie)%>
<%
Else
'Print out the cookie collection
'------------------------------------------
For Each key in Request.Cookies(cookie)
%>
<%= cookie %> (<%= key %>) = <%= Request.Cookies(cookie)(key)%>
<%
Next
End If
Next
%>

Close but no banana.

Try:-

Dim cookie, key, subKey
Dim i
'Print out the entire cookie collection.
'-----------------------------------------
For Each key in Request.Cookies
Set cookie = Request.Cookies(key)
If Not cookie.HasKeys Then
'Print out the cookie string
%>
<%=key %> = <%=cookie%><br />
<%
Else
'Print out the cookie collection
'------------------------------------------
For Each subKey in cookie
%>
<%= key %> (<%= subKey %>) = <%= cookie(subKey)%><br />
<%
Next
End If
Next

 

[p byers]

Thank you both for you quick helpful replies
Pete (Northolt UK)

 

[Anthony Jones]

Hi Folks

I have seen a method of obtaining all of the SESSION (or COOKIES maybe)
using a "for each" statement.

BUT

I have forgotten how/when/where I saw it.


I am particularly interested in the "automatically generated long
unique string Session Identifier"


Please forgive my "No-Tech" description of what I require - I fear
Senile Decay is happening quicker than I thought.

If you run the code posted elsewhere in this thread you'll get list of the
current cookies in the request. You'll notice though that the one cookie
that you're actually after is missing. It is consumed by ASP in order to
included the correct session object in the script context and is not made
available in the Request.Cookies collection.

You can see it thougn in this:-

Response.Write Request.ServerVariables("HTTP_COOKIE")

But this is simplye the cookie header value in full so will contain all
cookies for the currently location unparsedd.


You could extract it with some Regex:-

Dim sCookieHeader : sCookieHeader = Request.ServerVariables("HTTP_COOKIE")
Dim rgx : Set rgx = NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)", True,
True)
Dim oMatch
For Each oMatch in rgx.Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next

Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)

Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive

End Function


However if you were to unload the app or recycle the app pool you will start
to see multiple ASPSESSIONIDxxxxx headers. I guess you will need to know
which is the current one, its guess because I'm not sure how any of this
would be useful?

 

[Daniel Crichton]

Anthony wrote on Sat, 19 Jan 2008 22:23:58 -0000:

If you run the code posted elsewhere in this thread you'll get list of
the current cookies in the request. You'll notice though that the one
cookie that you're actually after is missing. It is consumed by ASP in
order to included the correct session object in the script context and
is not made available in the Request.Cookies collection.

You can see it thougn in this:-

Response.Write Request.ServerVariables("HTTP_COOKIE")

But this is simplye the cookie header value in full so will contain all
cookies for the currently location unparsedd.

You could extract it with some Regex:-

Dim sCookieHeader : sCookieHeader =
Request.ServerVariables("HTTP_COOKIE")
Dim rgx : Set rgx = NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)",
True,
True)
Dim oMatch
For Each oMatch in rgx.Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next

Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)

Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive

End Function

However if you were to unload the app or recycle the app pool you will
start to see multiple ASPSESSIONIDxxxxx headers. I guess you will
need to know which is the current one, its guess because I'm not sure
how any of this would be useful?

Doesn't

Response.Write Session.SessionID

return the appropriate session ID value that is currently in use (assuming
that sessions are enabled of course).

 

[Daniel Crichton]

Daniel wrote to Anthony Jones on Mon, 21 Jan 2008 13:38:05 -0000:

Anthony wrote on Sat, 19 Jan 2008 22:23:58 -0000:

If you run the code posted elsewhere in this thread you'll get list
of the current cookies in the request. You'll notice though that the
one cookie that you're actually after is missing. It is consumed by
ASP in order to included the correct session object in the script
context and is not made available in the Request.Cookies collection.
You can see it thougn in this:-
Response.Write Request.ServerVariables("HTTP_COOKIE")
But this is simplye the cookie header value in full so will contain
all cookies for the currently location unparsedd.

You could extract it with some Regex:-
Dim sCookieHeader : sCookieHeader =
Request.ServerVariables("HTTP_COOKIE")
Dim rgx : Set rgx = NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)",
True,
True)
Dim oMatch
For Each oMatch in rgx.Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next
Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)
Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive
End Function

However if you were to unload the app or recycle the app pool you
will start to see multiple ASPSESSIONIDxxxxx headers. I guess you
will need to know which is the current one, its guess because I'm not
sure how any of this would be useful?

Doesn't

Response.Write Session.SessionID

return the appropriate session ID value that is currently in use
(assuming that sessions are enabled of course).

Sorry for not posting a complete reply.

Anyway, once you've got the value of Session.SessionID, you should then be
able to compare it's value to the ASPSESSIONIDxxxxx values and find the
correct one, assuming that you don't have two with the same value (which
shouldn't happen normally, but there's always a chance).

 

[Anthony Jones]

Daniel wrote to Anthony Jones on Mon, 21 Jan 2008 13:38:05 -0000:

Anthony wrote on Sat, 19 Jan 2008 22:23:58 -0000:

Hi Folks
I have seen a method of obtaining all of the SESSION (or COOKIES
maybe)
using a "for each" statement.
BUT
I have forgotten how/when/where I saw it.

I am particularly interested in the "automatically generated long
unique string Session Identifier"

Please forgive my "No-Tech" description of what I require - I fear
Senile Decay is happening quicker than I thought.

If you run the code posted elsewhere in this thread you'll get list
of the current cookies in the request. You'll notice though that the
one cookie that you're actually after is missing. It is consumed by
ASP in order to included the correct session object in the script
context and is not made available in the Request.Cookies collection.
You can see it thougn in this:-
Response.Write Request.ServerVariables("HTTP_COOKIE")
But this is simplye the cookie header value in full so will contain
all cookies for the currently location unparsedd.

You could extract it with some Regex:-
Dim sCookieHeader : sCookieHeader =
Request.ServerVariables("HTTP_COOKIE")
Dim rgx : Set rgx = NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)",
True,
True)
Dim oMatch
For Each oMatch in rgx.Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next
Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)
Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive
End Function

However if you were to unload the app or recycle the app pool you
will start to see multiple ASPSESSIONIDxxxxx headers. I guess you
will need to know which is the current one, its guess because I'm not
sure how any of this would be useful?

Doesn't

Response.Write Session.SessionID

return the appropriate session ID value that is currently in use
(assuming that sessions are enabled of course).

Sorry for not posting a complete reply.

Anyway, once you've got the value of Session.SessionID, you should then be
able to compare it's value to the ASPSESSIONIDxxxxx values and find the
correct one, assuming that you don't have two with the same value (which
shouldn't happen normally, but there's always a chance).

Its a good point. I was working on the assumption that SessionID is not
useful for some reason. I didn't occur to me that the OP may not be aware of
its existance.

I'm not sure why there would be any need to compare it to the cookie value
though. Also I'm not sure how or even if its possible to map the value of
SessionID to the cooke value.

 

[Daniel Crichton]

Anthony wrote on Mon, 21 Jan 2008 21:57:23 -0000:

Daniel wrote to Anthony Jones on Mon, 21 Jan 2008 13:38:05 -0000:

You could extract it with some Regex:-
Dim sCookieHeader : sCookieHeader =
Request.ServerVariables("HTTP_COOKIE")
Dim rgx : Set rgx =
NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)",
True,
True)
Dim oMatch
For Each oMatch in rgx.Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next
Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)
Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive
End Function

Sorry for not posting a complete reply.
Anyway, once you've got the value of Session.SessionID, you should
then be able to compare it's value to the ASPSESSIONIDxxxxx values
and find the correct one, assuming that you don't have two with the
same value (which shouldn't happen normally, but there's always a
chance).

Its a good point. I was working on the assumption that SessionID is not
useful for some reason. I didn't occur to me that the OP may not be
aware of its existance.

I'm not sure why there would be any need to compare it to the cookie
value though. Also I'm not sure how or even if its possible to map the
value of
SessionID to the cooke value.

Given that you can parse the HTTP_COOKIE header, and so extract the values
for each ASPSESSIONIDxxxxxx cookie, and using the value of .SessionID, you
should then be able to find the ASPSESSIONIDxxxxxx cookie that is passing
the SessionID. Whether this is useful to know or not is anyone's guess

But at least there is a way of getting the "automatically generated long
unique string Session Identifier" that the OP was asking for, which should
be Session.SessionID.

 

[Anthony Jones]

Anthony wrote on Mon, 21 Jan 2008 21:57:23 -0000:

Daniel wrote to Anthony Jones on Mon, 21 Jan 2008 13:38:05 -0000:
Anthony wrote on Sat, 19 Jan 2008 22:23:58 -0000:
Hi Folks
I have seen a method of obtaining all of the SESSION (or COOKIES
maybe)
using a "for each" statement.
BUT
I have forgotten how/when/where I saw it.

I am particularly interested in the "automatically generated long
unique string Session Identifier"

Please forgive my "No-Tech" description of what I require - I
fear
Senile Decay is happening quicker than I thought.

If you run the code posted elsewhere in this thread you'll get list
of the current cookies in the request. You'll notice though that
the one cookie that you're actually after is missing. It is
consumed by
ASP in order to included the correct session object in the script
context and is not made available in the Request.Cookies
collection.
You can see it thougn in this:-
Response.Write Request.ServerVariables("HTTP_COOKIE")
But this is simplye the cookie header value in full so will contain
all cookies for the currently location unparsedd.

You could extract it with some Regex:-
Dim sCookieHeader : sCookieHeader =
Request.ServerVariables("HTTP_COOKIE")
Dim rgx : Set rgx =
NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)",
True,
True)
Dim oMatch
For Each oMatch in rgx.Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next
Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)
Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive
End Function

However if you were to unload the app or recycle the app pool you
will start to see multiple ASPSESSIONIDxxxxx headers. I guess you
will need to know which is the current one, its guess because I'm
not sure how any of this would be useful?

Doesn't
Response.Write Session.SessionID
return the appropriate session ID value that is currently in use
(assuming that sessions are enabled of course).
Sorry for not posting a complete reply.
Anyway, once you've got the value of Session.SessionID, you should
then be able to compare it's value to the ASPSESSIONIDxxxxx values
and find the correct one, assuming that you don't have two with the
same value (which shouldn't happen normally, but there's always a
chance).

Its a good point. I was working on the assumption that SessionID is not
useful for some reason. I didn't occur to me that the OP may not be
aware of its existance.

I'm not sure why there would be any need to compare it to the cookie
value though. Also I'm not sure how or even if its possible to map the
value of
SessionID to the cooke value.

Given that you can parse the HTTP_COOKIE header, and so extract the values
for each ASPSESSIONIDxxxxxx cookie, and using the value of .SessionID, you
should then be able to find the ASPSESSIONIDxxxxxx cookie that is passing
the SessionID. Whether this is useful to know or not is anyone's guess

But at least there is a way of getting the "automatically generated long
unique string Session Identifier" that the OP was asking for, which should
be Session.SessionID.

Ah but is it though? That's the point I'm trying to make. Perhaps a sample
will make it clear:-

Session ID: <%=Session.SessionID%><br />
<br />
<%
Dim sCookieHeader : sCookieHeader = Request.ServerVariables("HTTP_COOKIE")
Dim oMatch
For Each oMatch in NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)", True,
True).Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next

Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)

Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive

End Function
%>

Hit a page with this code in and refresh it for good measure. Then go into
IIS manager and recycle the app pool (or unload the app from the home
directory tab if using 5.1 or below).

Now referesh the page a couple more times. You'll note that you end up with
two ASPSESSIONIDxxxxxxx cookies. For example I end up with:-

Session ID: 771969469

ASPSESSIONIDSSTDDBCA=LMAPAAOCHCCELDPEKPDAOECH
App Instance: SSTDDBCA
Session Code: LMAPAAOCHCCELDPEKPDAOECH
ASPSESSIONIDSQTABCDA=NLBFDAOCKCODENCGMBCCMIHH
App Instance: SQTABCDA
Session Code: NLBFDAOCKCODENCGMBCCMIHH

So the big question is how do I determine which of LMAPAAOCHCCELDPEKPDAOECH
or NLBFDAOCKCODENCGMBCCMIHH is equivalent to 771969469?

It is not apparent to me how these can be reconciled.

 

[Daniel Crichton]

Anthony wrote on Tue, 22 Jan 2008 10:17:17 -0000:

Anthony wrote on Mon, 21 Jan 2008 21:57:23 -0000:

You could extract it with some Regex:-
Dim sCookieHeader : sCookieHeader =
Request.ServerVariables("HTTP_COOKIE")
Dim rgx : Set rgx =
NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)",
True,
True)
Dim oMatch
For Each oMatch in rgx.Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br
/>"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br
/>"
Next
Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)
Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive
End Function

Given that you can parse the HTTP_COOKIE header, and so extract the
values for each ASPSESSIONIDxxxxxx cookie, and using the value of
.SessionID, you should then be able to find the ASPSESSIONIDxxxxxx
cookie that is passing the SessionID. Whether this is useful to know
or not is anyone's guess
But at least there is a way of getting the "automatically generated
long unique string Session Identifier" that the OP was asking for,
which should be Session.SessionID.

Ah but is it though? That's the point I'm trying to make. Perhaps a
sample will make it clear:-

Session ID: <%=Session.SessionID%><br />
<br />
<%
Dim sCookieHeader : sCookieHeader =
Request.ServerVariables("HTTP_COOKIE")
Dim oMatch
For Each oMatch in NewRegExp("ASPSESSIONID([A-Z0-9]+)=([A-Z0-9]+)",
True,
True).Execute(sCookieHeader)
Response.Write oMatch.Value & "<br />"
Response.Write "App Instance: " & oMatch.SubMatches(0) & "<br />"
Response.Write "Session Code: " & oMatch.SubMatches(1) & "<br />"
Next

Function NewRegExp(rsPattern, rbGlobal, rbCaseInsensitive)

Set NewRegExp = new RegExp
NewRegExp.Pattern = rsPattern
NewRegExp.Global = rbGlobal
NewRegExp.IgnoreCase = rbCaseInsensitive

End Function %>

Hit a page with this code in and refresh it for good measure. Then go
into
IIS manager and recycle the app pool (or unload the app from the home
directory tab if using 5.1 or below).

Now referesh the page a couple more times. You'll note that you end up
with two ASPSESSIONIDxxxxxxx cookies. For example I end up with:-

Session ID: 771969469

ASPSESSIONIDSSTDDBCA=LMAPAAOCHCCELDPEKPDAOECH
App Instance: SSTDDBCA
Session Code: LMAPAAOCHCCELDPEKPDAOECH
ASPSESSIONIDSQTABCDA=NLBFDAOCKCODENCGMBCCMIHH
App Instance: SQTABCDA
Session Code: NLBFDAOCKCODENCGMBCCMIHH

So the big question is how do I determine which of
LMAPAAOCHCCELDPEKPDAOECH or NLBFDAOCKCODENCGMBCCMIHH is equivalent
to 771969469?

It is not apparent to me how these can be reconciled.

In that case just call me an idiot - I had assumed (obviously incorrectly)
that the SessionID value matched the current cookie value. Next time I'll
actually test my assumption before posting, I normally would have but I've
had my head dug in ASP for the past few weeks for a new web site we just
launched.