Session Ends with Window.Open() Call

Discussion in 'ASP General' started by Justin Beckwith, Oct 21, 2003.

  1. Hi all,
    I have a very basic ASP application in which a user is authenticated,
    a flag is set in a session variable, and a new window is opened. The
    file opened exists in the same application directory as the file which
    sets the session flag. After calling the window.open() method in
    javascript to open my new file, the session id changes. This is very
    very bad. After a week of scouring the groups, I have noticed a ton
    of other people having similar problems, seemingly a remnant of the
    "Browse in process" errors, however; microsoft says the problem is
    resolved by upgrading to IE 5.5. Well, I have IE 6.0.28, and the
    problem persists.

    Has there been any resolution for this bug in internet explorer? If
    there isn't a resolution yet, what types of SECURE workarounds are
    available? How am I expected to use the session feature of ASP if it
    doesn't work across browser windows?
     
    Justin Beckwith, Oct 21, 2003
    #1
    1. Advertising

  2. "Justin Beckwith" wrote:
    >
    > I have a very basic ASP application in which a user is authenticated,
    > a flag is set in a session variable, and a new window is opened. The
    > file opened exists in the same application directory as the file which
    > sets the session flag. After calling the window.open() method in
    > javascript to open my new file, the session id changes. This is very
    > very bad. After a week of scouring the groups, I have noticed a ton
    > of other people having similar problems, seemingly a remnant of the
    > "Browse in process" errors, however; microsoft says the problem is
    > resolved by upgrading to IE 5.5. Well, I have IE 6.0.28, and the
    > problem persists.
    >
    > Has there been any resolution for this bug in internet explorer? If
    > there isn't a resolution yet, what types of SECURE workarounds are
    > available? How am I expected to use the session feature of ASP if it
    > doesn't work across browser windows?


    Justin -

    We first observed this problem several months ago, and have not yet found a
    solution. FWIW, it seems to be an IE/IIS-only "feature". The session loss
    does not occur with other browsers, and as far as I can tell, new sessions
    are not spawned on non-IIS web servers.

    In the course of my investigation into the problem, I was advised that many
    sites resolved the problem by adding P3P policies. As these policies can be
    held legally binding, my organization has been slow to move on the issue,
    leaving me unable to confirm whether this would resolve the problem for us.

    There is a reliable solution -- normal cookies work as suspected. If you
    implement your own session management system, you can achieve the kind of
    behavior you desire. This is, of course, more work, and more or less limits
    you to primitive data types in session variables, but it is considerably
    more predictable, compatible, and scalable.


    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms. Please do not contact
    me directly or ask me to contact you directly for assistance. If your
    question is worth asking, it's worth posting.
     
    Dave Anderson, Oct 21, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V2lsbA==?=

    HttpModule not firing when Session/Application ends

    =?Utf-8?B?V2lsbA==?=, Jan 19, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    528
    =?Utf-8?B?V2lsbA==?=
    Jan 23, 2004
  2. melledge
    Replies:
    0
    Views:
    336
    melledge
    May 5, 2005
  3. Kevin Altis
    Replies:
    0
    Views:
    292
    Kevin Altis
    Jan 30, 2007
  4. Mads Nielsen

    Long running web service call ends with ThreadAbortException

    Mads Nielsen, Jan 11, 2008, in forum: ASP .Net Web Services
    Replies:
    4
    Views:
    528
    Steven Cheng[MSFT]
    Jan 21, 2008
  5. Luke Pillow
    Replies:
    0
    Views:
    470
    Luke Pillow
    Jun 20, 2011
Loading...

Share This Page