Losing Session in a Popup Window

[Jimmy Junatas]

When we open a window (using client-side jscript ie.
window.open("/Site/Popup.aspx?...",...)) from Page1.aspx, the called
page Popup.aspx does not have access to the Session variables present
in Page1.aspx. The IIS Log shows (listed below) shows that the
ASP.NET_SessionId cookie is not present in Popup.aspx.

The thing is that this mechanism works for 99% of our users. There is
this one user that is consistently having this problem. As you can
see from the log, this user is on IE6 and has Windows NT.

Any ideas on how to debug this or resolve this?

#Fields: date time c-ip s-port cs-method cs-uri-stem cs-uri-query
sc-status cs(User-Agent) cs(Cookie)
2003-08-22 16:57:51 278.179.45.71 443 GET /Site/Page1.aspx
action=Edit%20a%20Driver 200
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
ASP.NET_SessionId=yarvyqz3hl11yda3vouk2x55
2003-08-22 16:57:59 278.179.45.71 443 GET /Site/Popup/Lookup_Orgs.aspx
Level1Text=BROTHERS%20CO 200
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) -
2003-08-22 16:58:12 278.179.45.71 443 GET /Site/logout.aspx - 200
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
ASP.NET_SessionId=yarvyqz3hl11yda3vouk2x55

 

[MS News \(MS ILM\)]

Kevin,

If the user is using IE6, what are you saying?
Is it a setup issue.
or a random some do some don't
??
Thanks

 

[Kevin Spencer]

I'm not saying anything regarding the specific browser he mentioned (I don't
know specifically about IE6). I'm saying what I said: You can't count on the
browser that the user is using to share Sessions across browser instances.
Some [browsers] do, and some don't. If he knew that all of his users were
going to use the same browser, this might be a viable method, but since he
doesn't, it's not.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
http://www.takempis.com
The more I learn, the less I know.

 

[MS News \(MS ILM\)]

Kevin,

He said the following:

Since this only one user is on IE6, I got confused to what you said.

Thank you.

I'm not saying anything regarding the specific browser he mentioned (I don't
know specifically about IE6). I'm saying what I said: You can't count on the
browser that the user is using to share Sessions across browser instances.
Some [browsers] do, and some don't. If he knew that all of his users were
going to use the same browser, this might be a viable method, but since he
doesn't, it's not.

--
HTH,

Kevin Spencer
Microsoft MVP
.Net Developer
http://www.takempis.com
The more I learn, the less I know.

Kevin,

If the user is using IE6, what are you saying?
Is it a setup issue.
or a random some do some don't
??
Thanks

 

[S. Justin Gengo]

Jimmy,

Since this user is using IE sessions should be maintained it is most likely
that this user has cookies disabled. Sessions use cookies to store the
session ID on the client.

Kevin is right unless users are using the same browser AND have cookies
enabled you can't count on sessions.

There are two things you can try. You could set your app to use cookieless
sessions (use web.config file to do so.) This puts the session ID into the
query string (make sure to get the session id out of the query string if you
use javascript to open a new window and put it in the url.) Or you could
check if users have cookies enabled Request.Browser.Cookies and redirect the
user to a page telling them why they need to enable cookies and how to do
so.

If Not Request.Browser.Cookies Then
Response.Redirect("musthavecookies.aspx")
End If

Sincerely,

--
S. Justin Gengo, MCP
Web Developer

Free code library at:
www.aboutfortunate.com

"Out of chaos comes order."
Nietzche

 

[Kevin Spencer]

I knew that the user in question was using IE6, but since I din't know for
sure that IE6 doesn't share Sessions across browser instances (it sounds
like not), I just gave him the important information, that is, etc.

I can certainly appreciate your confusion. I get confused every day, and not
always on purpose! ;-)

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
http://www.takempis.com
The more I learn, the less I know.

Kevin,

He said the following:

Since this only one user is on IE6, I got confused to what you said.

Thank you.

I'm not saying anything regarding the specific browser he mentioned (I don't
know specifically about IE6). I'm saying what I said: You can't count on the
browser that the user is using to share Sessions across browser instances.
Some [browsers] do, and some don't. If he knew that all of his users were
going to use the same browser, this might be a viable method, but since he
doesn't, it's not.

--
HTH,

Kevin Spencer
Microsoft MVP
.Net Developer
http://www.takempis.com
The more I learn, the less I know.

Kevin,

If the user is using IE6, what are you saying?
Is it a setup issue.
or a random some do some don't
??
Thanks

You can't count on the browser that the user is using to share Sessions
across browser instances. Some do, and some don't.

--
HTH,

Kevin Spencer
Microsoft MVP
.Net Developer
http://www.takempis.com
The more I learn, the less I know.

When we open a window (using client-side jscript ie.
window.open("/Site/Popup.aspx?...",...)) from Page1.aspx, the called
page Popup.aspx does not have access to the Session variables present
in Page1.aspx. The IIS Log shows (listed below) shows that the
ASP.NET_SessionId cookie is not present in Popup.aspx.

The thing is that this mechanism works for 99% of our users.

There

is

 

[MS News \(MS ILM\)]

Same here thanks

I knew that the user in question was using IE6, but since I din't know for
sure that IE6 doesn't share Sessions across browser instances (it sounds
like not), I just gave him the important information, that is, etc.

I can certainly appreciate your confusion. I get confused every day, and not
always on purpose! ;-)

--
HTH,

Kevin Spencer
Microsoft MVP
.Net Developer
http://www.takempis.com
The more I learn, the less I know.

Kevin,

He said the following:

There

is

this one user that is consistently having this problem. As you can
see from the log, this user is on IE6 and has Windows NT.

Since this only one user is on IE6, I got confused to what you said.

Thank you.

I'm not saying anything regarding the specific browser he mentioned (I don't
know specifically about IE6). I'm saying what I said: You can't count

on
the

browser that the user is using to share Sessions across browser instances.
Some [browsers] do, and some don't. If he knew that all of his users were
going to use the same browser, this might be a viable method, but

since

he There

 

[Jimmy Junatas]

Thanks everyone for their inputs.

Using Cookieless sessions is certainly an option but I don't want to
rock the boat too much given that only one user (so far) is
experiencing this problem.

In this particular scenario, I am also hesitant about sharing
information thru the QueryString or hidden fields the data being
shared is somewhat sensitive (the site is for a bank).

As for checking for cookies, we actually already have a check at login
that requires that the user has IE5 (and up) and that cookie support
(and Javascript) are enabled.

And also, the rest of the site works for that user (so the session
cookie must have been persisted in the client). Only that popup
window page fails.

I did learn yesterday that the user has IE 6.0.2600 Update Version :
Q319182. I saw numerous posts yesterday complaining about Q319182.
I'll see about upgrading that user to latest IE6 service pack.

 

[Jimmy Junatas]

The ASPX page for the popup window is now working for that 1 user! It
appears that the user was navigating to our site from a link in
Microsoft Outlook. The popup page fails every single time the user
comes in from the Outlook. But if the user loads IE and navigates
from there, the popup page works as expected.

Could it be that the popup window page lives in an IE process while
the other pages are hosted in the Outlook process...translates to
seperate ASP.NET sessions?

Also, the user's IE6 browser was upgraded to SP1 but the problem was
still occurring.

Thanks everyone.

 

[Stanley]

Yes when the user clicks a link from outlook it starts a new version of the
browser. This means that it is no longer on the session that they were with
another window.

Stanley