Is this how session and application variables work?

Discussion in 'ASP General' started by Victor, Jul 30, 2006.

  1. Victor

    Victor Guest

    I've got two domain names sharing the same IP address that use ASP VBScript

    If I set a session variable with domain 1, it is only available for domain 1 - this is
    correct?

    If I set an application variable with domain 1, the app variable is sharing across all
    domains using that IP address - this is correct?

    This is the behavior I am seeing and I want to make sure that my server is set up
    correct. I especially want to make sure application variable behavior is correct.

    Thank you!
     
    Victor, Jul 30, 2006
    #1
    1. Advertising

  2. Victor

    Slim Guest

    session variables are for the same web application only, are you talking
    about the same web application accessed via 2 domains?


    "Victor" <> wrote in message
    news:...
    > I've got two domain names sharing the same IP address that use ASP
    > VBScript
    >
    > If I set a session variable with domain 1, it is only available for domain
    > 1 - this is
    > correct?
    >
    > If I set an application variable with domain 1, the app variable is
    > sharing across all
    > domains using that IP address - this is correct?
    >
    > This is the behavior I am seeing and I want to make sure that my server is
    > set up
    > correct. I especially want to make sure application variable behavior is
    > correct.
    >
    > Thank you!
    >
    >
    >
    >
    >
    >
    >
     
    Slim, Jul 31, 2006
    #2
    1. Advertising

  3. "Victor" <> wrote in message
    news:...
    > I've got two domain names sharing the same IP address that use ASP

    VBScript
    >
    > If I set a session variable with domain 1, it is only available for domain

    1 - this is
    > correct?
    >
    > If I set an application variable with domain 1, the app variable is

    sharing across all
    > domains using that IP address - this is correct?
    >


    Nope. The problem is that inorder for the server to identify the session it
    sets a session cookie which is sent to the browser. The session cookie will
    be rooted in a URL which represents the root of the application. If you use
    two different domain names to access the same website they cannot share
    sessions.

    Eg.

    A website is accessed as MyServer as well as MyServer.mydomain.com

    It has an application called myapp

    Visting http://MyServer/MyApp/Default.asp results in the browser receiving a
    session cookie rooted at http://MyServer/MyApp/

    Now if in the same browser session you visit another page say
    http://MyServer/MyApp/SomeFolder/somepage.asp
    the session cookie for http://MyServer/MyApp/ is included in the request
    because the root path for the cookie matches the URL requested. This
    enables ASP to access session variables that may have be created by
    Default.asp earlier because the cookie identifies the session.

    Now if, again in the same browser session, you visit yet another page say
    http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this URL
    does not match the path for which the earlier session cookie was created.
    Hence the session cookie is not sent in this request. The server sees
    request as needing a new session and does not have any idea about the other
    session.

    Hope this is clear,

    Anthony.

    > This is the behavior I am seeing and I want to make sure that my server is

    set up
    > correct. I especially want to make sure application variable behavior is

    correct.
    >
    > Thank you!
    >
    >
    >
    >
    >
    >
    >
     
    Anthony Jones, Jul 31, 2006
    #3
  4. Victor

    Victor Guest

    I understand your session explanation - thanks! It's the application variable that has
    me perplexed.

    If www.mydomain1.com and www.mydomain2.com both share the same IP address (domain
    aliases), then I thought that their APPLICATION variables, set and read from the domain
    root, would still be different. I'm surprised to see that an app variable set with the
    first domain is also available to the aliased second domain.

    Vic


    "Anthony Jones" <> wrote in message
    news:%...
    >
    > "Victor" <> wrote in message
    > news:...
    > > I've got two domain names sharing the same IP address that use ASP

    > VBScript
    > >
    > > If I set a session variable with domain 1, it is only available for domain

    > 1 - this is
    > > correct?
    > >
    > > If I set an application variable with domain 1, the app variable is

    > sharing across all
    > > domains using that IP address - this is correct?
    > >

    >
    > Nope. The problem is that inorder for the server to identify the session it
    > sets a session cookie which is sent to the browser. The session cookie will
    > be rooted in a URL which represents the root of the application. If you use
    > two different domain names to access the same website they cannot share
    > sessions.
    >
    > Eg.
    >
    > A website is accessed as MyServer as well as MyServer.mydomain.com
    >
    > It has an application called myapp
    >
    > Visting http://MyServer/MyApp/Default.asp results in the browser receiving a
    > session cookie rooted at http://MyServer/MyApp/
    >
    > Now if in the same browser session you visit another page say
    > http://MyServer/MyApp/SomeFolder/somepage.asp
    > the session cookie for http://MyServer/MyApp/ is included in the request
    > because the root path for the cookie matches the URL requested. This
    > enables ASP to access session variables that may have be created by
    > Default.asp earlier because the cookie identifies the session.
    >
    > Now if, again in the same browser session, you visit yet another page say
    > http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this URL
    > does not match the path for which the earlier session cookie was created.
    > Hence the session cookie is not sent in this request. The server sees
    > request as needing a new session and does not have any idea about the other
    > session.
    >
    > Hope this is clear,
    >
    > Anthony.
    >
    > > This is the behavior I am seeing and I want to make sure that my server is

    > set up
    > > correct. I especially want to make sure application variable behavior is

    > correct.
    > >
    > > Thank you!
    > >
    > >
    > >
    > >
    > >
    > >
    > >

    >
    >
     
    Victor, Aug 1, 2006
    #4
  5. Victor wrote:
    > I understand your session explanation - thanks! It's the application
    > variable that has me perplexed.
    >
    > If www.mydomain1.com and www.mydomain2.com both share the same IP
    > address (domain aliases), then I thought that their APPLICATION
    > variables, set and read from the domain root, would still be
    > different. I'm surprised to see that an app variable set with the
    > first domain is also available to the aliased second domain.
    >
    > Vic
    >

    I know it's a silly question, but it's got to be asked: have you taken steps
    to ensure that the variable value will be different depending on the domain
    in which it's running? I mean, you're not just setting an app variable to a
    value in the global.asa file and expecting it to only be set in one of the
    domains in which it runs are you?

    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], Aug 1, 2006
    #5
  6. "Victor" <> wrote in message
    news:...
    > I understand your session explanation - thanks! It's the application

    variable that has
    > me perplexed.
    >
    > If www.mydomain1.com and www.mydomain2.com both share the same IP address

    (domain
    > aliases), then I thought that their APPLICATION variables, set and read

    from the domain
    > root, would still be different. I'm surprised to see that an app variable

    set with the
    > first domain is also available to the aliased second domain.
    >


    Sorry misunderstood your question. Yes the behaviour you are seeing is
    correct. The ASP application has not interest in the domain name(s) used to
    access it and does not depend on anything from the client to identify the
    application. Hence all urls which ultimate resolve to the application folder
    (or one of its sub-folders) will identify with the same application on the
    web server and will share any application variables.

    Anthony.

    > Vic
    >
    >
    > "Anthony Jones" <> wrote in message
    > news:%...
    > >
    > > "Victor" <> wrote in message
    > > news:...
    > > > I've got two domain names sharing the same IP address that use ASP

    > > VBScript
    > > >
    > > > If I set a session variable with domain 1, it is only available for

    domain
    > > 1 - this is
    > > > correct?
    > > >
    > > > If I set an application variable with domain 1, the app variable is

    > > sharing across all
    > > > domains using that IP address - this is correct?
    > > >

    > >
    > > Nope. The problem is that inorder for the server to identify the

    session it
    > > sets a session cookie which is sent to the browser. The session cookie

    will
    > > be rooted in a URL which represents the root of the application. If you

    use
    > > two different domain names to access the same website they cannot share
    > > sessions.
    > >
    > > Eg.
    > >
    > > A website is accessed as MyServer as well as MyServer.mydomain.com
    > >
    > > It has an application called myapp
    > >
    > > Visting http://MyServer/MyApp/Default.asp results in the browser

    receiving a
    > > session cookie rooted at http://MyServer/MyApp/
    > >
    > > Now if in the same browser session you visit another page say
    > > http://MyServer/MyApp/SomeFolder/somepage.asp
    > > the session cookie for http://MyServer/MyApp/ is included in the

    request
    > > because the root path for the cookie matches the URL requested. This
    > > enables ASP to access session variables that may have be created by
    > > Default.asp earlier because the cookie identifies the session.
    > >
    > > Now if, again in the same browser session, you visit yet another page

    say
    > > http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this

    URL
    > > does not match the path for which the earlier session cookie was

    created.
    > > Hence the session cookie is not sent in this request. The server sees
    > > request as needing a new session and does not have any idea about the

    other
    > > session.
    > >
    > > Hope this is clear,
    > >
    > > Anthony.
    > >
    > > > This is the behavior I am seeing and I want to make sure that my

    server is
    > > set up
    > > > correct. I especially want to make sure application variable behavior

    is
    > > correct.
    > > >
    > > > Thank you!
    > > >
    > > >
    > > >
    > > >
    > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Anthony Jones, Aug 1, 2006
    #6
  7. Victor

    Victor Guest

    "Anthony Jones" <> wrote in message
    news:...
    >
    > "Victor" <> wrote in message
    > news:...
    > > I understand your session explanation - thanks! It's the application

    > variable that has
    > > me perplexed.
    > >
    > > If www.mydomain1.com and www.mydomain2.com both share the same IP address

    > (domain
    > > aliases), then I thought that their APPLICATION variables, set and read

    > from the domain
    > > root, would still be different. I'm surprised to see that an app variable

    > set with the
    > > first domain is also available to the aliased second domain.
    > >

    >
    > Sorry misunderstood your question. Yes the behaviour you are seeing is
    > correct. The ASP application has not interest in the domain name(s) used to
    > access it and does not depend on anything from the client to identify the
    > application. Hence all urls which ultimate resolve to the application folder
    > (or one of its sub-folders) will identify with the same application on the
    > web server and will share any application variables.
    >
    > Anthony.
    >
    > > Vic
    > >
    > >
    > > "Anthony Jones" <> wrote in message
    > > news:%...
    > > >
    > > > "Victor" <> wrote in message
    > > > news:...
    > > > > I've got two domain names sharing the same IP address that use ASP
    > > > VBScript
    > > > >
    > > > > If I set a session variable with domain 1, it is only available for

    > domain
    > > > 1 - this is
    > > > > correct?
    > > > >
    > > > > If I set an application variable with domain 1, the app variable is
    > > > sharing across all
    > > > > domains using that IP address - this is correct?
    > > > >
    > > >
    > > > Nope. The problem is that inorder for the server to identify the

    > session it
    > > > sets a session cookie which is sent to the browser. The session cookie

    > will
    > > > be rooted in a URL which represents the root of the application. If you

    > use
    > > > two different domain names to access the same website they cannot share
    > > > sessions.
    > > >
    > > > Eg.
    > > >
    > > > A website is accessed as MyServer as well as MyServer.mydomain.com
    > > >
    > > > It has an application called myapp
    > > >
    > > > Visting http://MyServer/MyApp/Default.asp results in the browser

    > receiving a
    > > > session cookie rooted at http://MyServer/MyApp/
    > > >
    > > > Now if in the same browser session you visit another page say
    > > > http://MyServer/MyApp/SomeFolder/somepage.asp
    > > > the session cookie for http://MyServer/MyApp/ is included in the

    > request
    > > > because the root path for the cookie matches the URL requested. This
    > > > enables ASP to access session variables that may have be created by
    > > > Default.asp earlier because the cookie identifies the session.
    > > >
    > > > Now if, again in the same browser session, you visit yet another page

    > say
    > > > http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this

    > URL
    > > > does not match the path for which the earlier session cookie was

    > created.
    > > > Hence the session cookie is not sent in this request. The server sees
    > > > request as needing a new session and does not have any idea about the

    > other
    > > > session.
    > > >
    > > > Hope this is clear,
    > > >
    > > > Anthony.
    > > >
    > > > > This is the behavior I am seeing and I want to make sure that my

    > server is
    > > > set up
    > > > > correct. I especially want to make sure application variable behavior

    > is
    > > > correct.
    > > > >
    > > > > Thank you!
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Victor, Aug 2, 2006
    #7
  8. Victor

    Victor Guest

    "Anthony Jones" <> wrote in message
    news:...
    > Sorry misunderstood your question. Yes the behaviour you are seeing is
    > correct. The ASP application has not interest in the domain name(s) used to
    > access it and does not depend on anything from the client to identify the
    > application. Hence all urls which ultimate resolve to the application folder
    > (or one of its sub-folders) will identify with the same application on the
    > web server and will share any application variables.
    >
    > Anthony.


    This makes sense. Thank, Anthony.

    Vic
     
    Victor, Aug 2, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Earl Teigrob

    Global Session Variables and Session State

    Earl Teigrob, Dec 16, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    4,276
    Alvin Bruney
    Dec 17, 2003
  2. Replies:
    1
    Views:
    934
  3. =?Utf-8?B?Um9iSEs=?=
    Replies:
    4
    Views:
    5,291
    =?Utf-8?B?Um9iSEs=?=
    Apr 11, 2007
  4. Replies:
    9
    Views:
    957
  5. Jazzis
    Replies:
    2
    Views:
    250
    Jazzis
    Sep 23, 2003
Loading...

Share This Page