Session Issue

Discussion in 'ASP General' started by Li Pang, Jan 11, 2006.

  1. Li Pang

    Li Pang Guest

    Hi,

    I created a html page from which I give a link to another web site. The new
    site is opened in a new window. When I opened multiple windows, they all have
    the same SessionID. I want ot know how to open the windows with different
    sessionID.

    Thanks
     
    Li Pang, Jan 11, 2006
    #1
    1. Advertising

  2. Li Pang wrote:
    > Hi,
    >
    > I created a html page from which I give a link to another web site.
    > The new site is opened in a new window. When I opened multiple
    > windows, they all have the same SessionID. I want ot know how to open
    > the windows with different sessionID.
    >
    > Thanks


    Put a Session.Abandon statement in the page opened in the new window.

    Bob Barrows
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], Jan 11, 2006
    #2
    1. Advertising

  3. Li Pang

    Li Pang Guest

    Thanks Bob,

    It works when I added Session.Abandon in the called page. Should I add it
    into Global.asa in the Session_OnStart function?

    "Bob Barrows [MVP]" wrote:

    > Li Pang wrote:
    > > Hi,
    > >
    > > I created a html page from which I give a link to another web site.
    > > The new site is opened in a new window. When I opened multiple
    > > windows, they all have the same SessionID. I want ot know how to open
    > > the windows with different sessionID.
    > >
    > > Thanks

    >
    > Put a Session.Abandon statement in the page opened in the new window.
    >
    > Bob Barrows
    > --
    > Microsoft MVP - ASP/ASP.NET
    > Please reply to the newsgroup. This email account is my spam trap so I
    > don't check it very often. If you must reply off-line, then remove the
    > "NO SPAM"
    >
    >
    >
     
    Li Pang, Jan 11, 2006
    #3
  4. No, that will have no effect on the situation you are working with. The
    session has already started ...
    Li Pang wrote:
    > Thanks Bob,
    >
    > It works when I added Session.Abandon in the called page. Should I
    > add it into Global.asa in the Session_OnStart function?
    >
    > "Bob Barrows [MVP]" wrote:
    >
    >> Li Pang wrote:
    >>> Hi,
    >>>
    >>> I created a html page from which I give a link to another web site.
    >>> The new site is opened in a new window. When I opened multiple
    >>> windows, they all have the same SessionID. I want ot know how to
    >>> open the windows with different sessionID.
    >>>
    >>> Thanks

    >>
    >> Put a Session.Abandon statement in the page opened in the new window.
    >>
    >> Bob Barrows
    >> --
    >> Microsoft MVP - ASP/ASP.NET
    >> Please reply to the newsgroup. This email account is my spam trap so
    >> I don't check it very often. If you must reply off-line, then remove
    >> the "NO SPAM"


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Jan 11, 2006
    #4
  5. Li Pang

    Li Pang Guest

    Hi Bob,

    You said that “The session has already startedâ€. Is it still true if the
    calling page and the called page are located at the different servers?

    How the session really works?
    If the calling page A calls the called page B then the session of page B
    started (from the server B).
    If the calling page A calls second time the page B, how the asp or iis knows
    that the session has been already started?

    Is the session of page B depends on the parent page A?
    Is that possible to use the javascript function “window.open†enforcing to
    open a new sessions?

    Thanks in advance


    "Bob Barrows [MVP]" wrote:

    > No, that will have no effect on the situation you are working with. The
    > session has already started ...
    > Li Pang wrote:
    > > Thanks Bob,
    > >
    > > It works when I added Session.Abandon in the called page. Should I
    > > add it into Global.asa in the Session_OnStart function?
    > >
    > > "Bob Barrows [MVP]" wrote:
    > >
    > >> Li Pang wrote:
    > >>> Hi,
    > >>>
    > >>> I created a html page from which I give a link to another web site.
    > >>> The new site is opened in a new window. When I opened multiple
    > >>> windows, they all have the same SessionID. I want ot know how to
    > >>> open the windows with different sessionID.
    > >>>
    > >>> Thanks
    > >>
    > >> Put a Session.Abandon statement in the page opened in the new window.
    > >>
    > >> Bob Barrows
    > >> --
    > >> Microsoft MVP - ASP/ASP.NET
    > >> Please reply to the newsgroup. This email account is my spam trap so
    > >> I don't check it very often. If you must reply off-line, then remove
    > >> the "NO SPAM"

    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    >
    >
    >
     
    Li Pang, Jan 11, 2006
    #5
  6. Li Pang wrote:
    > Hi Bob,
    >
    > You said that "The session has already started". Is it still true if
    > the calling page and the called page are located at the different
    > servers?


    If they are on different servers, then, by definition, they cannot have the
    same session.
    There is no point in abandoning a session in Session_OnStart because that
    event only fires when a session is starting.

    >
    > How the session really works?
    > If the calling page A calls the called page B then the session of
    > page B started (from the server B).


    Correct. A new session starts on server B

    > If the calling page A calls second time the page B, how the asp or
    > iis knows that the session has been already started?


    Because the server B session cookie still exists on the user's machine.

    >
    > Is the session of page B depends on the parent page A?


    No. the session depends on a session cookie written to the user's machine by
    server B.
    The session cookies remain until all browser windows are closed

    > Is that possible to use the javascript function "window.open"
    > enforcing to open a new sessions?
    >


    Only by issuing a Session.Abandon call in the server-side code of the page
    being called.

    You could have a SessionAbandon.asp page to which you pass a querystring
    argument to control a Response.Redirect statement which is executed after
    the session is abandoned ...

    Bob Barrows

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Jan 11, 2006
    #6
  7. Li Pang

    Li Pang Guest

    Bob,

    I have still an issue of session variables.

    I have a web site that allows users access with different profiles
    (different sets of session variables). When users start a new browser, each
    login has its own set of session variables. There is an option that a user
    can open multiple windows with different user’s profile (administrators), and
    when the multiple windows are opened by a new browser separately, every thing
    works well (i.e., no interaction between the sessions).

    Now, there is an issue of session variables when users open multiple windows
    from a parent page (providing a link to above web site), i.e., when open a
    window with profile A, it’s OK, but when open another window with profile B,
    all session variables within profile A are replaced by those of profile B.
    And if a third window is opened with profile C, then all session variables in
    profile A and B are replaced by those in profile C.

    I put the statement “Session.Abandon†at the beginning of first page of the
    web site, that changes the session ID after every login, but the interaction
    between different sessions still happens.

    Any ideal on that?

    I appreciate your support.


    "Bob Barrows [MVP]" wrote:

    > Li Pang wrote:
    > > Hi Bob,
    > >
    > > You said that "The session has already started". Is it still true if
    > > the calling page and the called page are located at the different
    > > servers?

    >
    > If they are on different servers, then, by definition, they cannot have the
    > same session.
    > There is no point in abandoning a session in Session_OnStart because that
    > event only fires when a session is starting.
    >
    > >
    > > How the session really works?
    > > If the calling page A calls the called page B then the session of
    > > page B started (from the server B).

    >
    > Correct. A new session starts on server B
    >
    > > If the calling page A calls second time the page B, how the asp or
    > > iis knows that the session has been already started?

    >
    > Because the server B session cookie still exists on the user's machine.
    >
    > >
    > > Is the session of page B depends on the parent page A?

    >
    > No. the session depends on a session cookie written to the user's machine by
    > server B.
    > The session cookies remain until all browser windows are closed
    >
    > > Is that possible to use the javascript function "window.open"
    > > enforcing to open a new sessions?
    > >

    >
    > Only by issuing a Session.Abandon call in the server-side code of the page
    > being called.
    >
    > You could have a SessionAbandon.asp page to which you pass a querystring
    > argument to control a Response.Redirect statement which is executed after
    > the session is abandoned ...
    >
    > Bob Barrows
    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    >
    >
    >
     
    Li Pang, Jan 12, 2006
    #7
  8. Li Pang

    Li Pang Guest

    Bob,

    I give you my testing codes as below.
    To reproduce the problem, do the following:
    1. start test.asp, and click on Development
    2. it pops up a new window. In the Login field, it shows “lpang†then click
    “Submitâ€
    3. Apphome.asp page shows the user id
    4. click on Development link on test.asp page again
    5. it pops up another window. In Login field replace “lpang†by “Bob†and
    click on “Submitâ€
    6. the page shows Bob as user id, now click on “refreshâ€
    7. The page shows “Bob†as user id
    8. Go to first page click “refreshâ€, it shows “Bob†as well (“lpang†is
    overwritten)

    test.asp
    <html>
    <head>
    <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    </head>

    <BODY>
    <TABLE WIDTH="100%" HEIGHT="100%">
    <TR>
    <TD><a target="_blank" href="../TestApp/app.asp">Development</a>
    </TD>
    </TR>
    </TABLE>
    </BODY>
    </html>

    App.asp
    <%
    Session.Abandon
    %>
    <html>
    <head>
    <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    </head>

    <BODY>
    <form name="form1" name=form1 action=Apphome.asp method=POST>

    <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    CELLPADDING="2">
    <tr>
    <th style='color=black' colspan="3">Login</th>

    </tr>
    <tr>
    <td align="right">Login:</td>
    <td><input type="text" name="login" class="ipText" size="20"
    value="lpang"></td>
    </tr>
    <tr>
    <td></td>
    <td align="center"><a href="javascript:form1.submit();">Submit</a></td>
    </tr>
    </table>
    </form>
    </BODY>
    </html>

    Apphome.asp
    <%
    'Session.Abandon
    session("uid") = request.form("login")
    %>
    <html>
    <head>
    <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    </head>

    <BODY>
    <form name="form1" name=form1 action=Apphome.asp method=POST>

    <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    CELLPADDING="2">
    <tr>
    <th style='color=black' colspan="3">Home</th>

    </tr>
    <tr>
    <td>user id: </td>
    <td><B><%=session("uid")%></B></td>
    </tr>
    <tr>
    <td></td>
    <td></td>
    </tr>
    <tr>
    <td></td>
    <td align="center"><INPUT name=showinfo type=button value="Show
    User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    onclick="alert('<%=session("uid")%>');"></td>
    </tr>
    <TR>
    <TD align="center"><a href="App2.asp">refresh</a></TD>
    </TR>
    </table>
    </form>
    </BODY>
    </html>

    App2.asp
    <%
    'Session.Abandon
    'session("uid") = "XXX"
    %>
    <html>
    <head>
    <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    </head>

    <BODY>
    <form name="form1" name=form1 action=App2.asp method=POST>

    <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    CELLPADDING="2">
    <tr>
    <th style='color=black' colspan="3">Home</th>

    </tr>
    <tr>
    <td>user id: </td>
    <td><B><%=session("uid")%></B></td>
    </tr>
    <tr>
    <td></td>
    <td></td>
    </tr>
    <tr>
    <td></td>
    <td align="center"><INPUT name=showinfo type=button value="Show User"
    style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    onclick="alert('<%=session("uid")%>');"></td>
    </tr>
    </table>
    </form>
    </BODY>
    </html>



    "Bob Barrows [MVP]" wrote:

    > Li Pang wrote:
    > > Hi Bob,
    > >
    > > You said that "The session has already started". Is it still true if
    > > the calling page and the called page are located at the different
    > > servers?

    >
    > If they are on different servers, then, by definition, they cannot have the
    > same session.
    > There is no point in abandoning a session in Session_OnStart because that
    > event only fires when a session is starting.
    >
    > >
    > > How the session really works?
    > > If the calling page A calls the called page B then the session of
    > > page B started (from the server B).

    >
    > Correct. A new session starts on server B
    >
    > > If the calling page A calls second time the page B, how the asp or
    > > iis knows that the session has been already started?

    >
    > Because the server B session cookie still exists on the user's machine.
    >
    > >
    > > Is the session of page B depends on the parent page A?

    >
    > No. the session depends on a session cookie written to the user's machine by
    > server B.
    > The session cookies remain until all browser windows are closed
    >
    > > Is that possible to use the javascript function "window.open"
    > > enforcing to open a new sessions?
    > >

    >
    > Only by issuing a Session.Abandon call in the server-side code of the page
    > being called.
    >
    > You could have a SessionAbandon.asp page to which you pass a querystring
    > argument to control a Response.Redirect statement which is executed after
    > the session is abandoned ...
    >
    > Bob Barrows
    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    >
    >
    >
     
    Li Pang, Jan 12, 2006
    #8
  9. The page in which you issue Session.Abandon must immediately redirect to
    another page. The Session is not destroyed until the page in which the
    statement is issued finishes processing.
    Li Pang wrote:
    > Bob,
    >
    > I give you my testing codes as below.
    > To reproduce the problem, do the following:
    > 1. start test.asp, and click on Development
    > 2. it pops up a new window. In the Login field, it shows "lpang" then
    > click "Submit"
    > 3. Apphome.asp page shows the user id
    > 4. click on Development link on test.asp page again
    > 5. it pops up another window. In Login field replace "lpang" by "Bob"
    > and click on "Submit"
    > 6. the page shows Bob as user id, now click on "refresh"
    > 7. The page shows "Bob" as user id
    > 8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
    > is overwritten)
    >
    > test.asp
    > <html>
    > <head>
    > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > </head>
    >
    > <BODY>
    > <TABLE WIDTH="100%" HEIGHT="100%">
    > <TR>
    > <TD><a target="_blank" href="../TestApp/app.asp">Development</a>
    > </TD>
    > </TR>
    > </TABLE>
    > </BODY>
    > </html>
    >
    > App.asp
    > <%
    > Session.Abandon
    > %>
    > <html>
    > <head>
    > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > </head>
    >
    > <BODY>
    > <form name="form1" name=form1 action=Apphome.asp method=POST>
    >
    > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    > CELLPADDING="2">
    > <tr>
    > <th style='color=black' colspan="3">Login</th>
    >
    > </tr>
    > <tr>
    > <td align="right">Login:</td>
    > <td><input type="text" name="login" class="ipText" size="20"
    > value="lpang"></td>
    > </tr>
    > <tr>
    > <td></td>
    > <td align="center"><a
    > href="javascript:form1.submit();">Submit</a></td> </tr>
    > </table>
    > </form>
    > </BODY>
    > </html>
    >
    > Apphome.asp
    > <%
    > 'Session.Abandon
    > session("uid") = request.form("login")
    > %>
    > <html>
    > <head>
    > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > </head>
    >
    > <BODY>
    > <form name="form1" name=form1 action=Apphome.asp method=POST>
    >
    > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    > CELLPADDING="2">
    > <tr>
    > <th style='color=black' colspan="3">Home</th>
    >
    > </tr>
    > <tr>
    > <td>user id: </td>
    > <td><B><%=session("uid")%></B></td>
    > </tr>
    > <tr>
    > <td></td>
    > <td></td>
    > </tr>
    > <tr>
    > <td></td>
    > <td align="center"><INPUT name=showinfo type=button value="Show
    > User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    > onclick="alert('<%=session("uid")%>');"></td>
    > </tr>
    > <TR>
    > <TD align="center"><a href="App2.asp">refresh</a></TD>
    > </TR>
    > </table>
    > </form>
    > </BODY>
    > </html>
    >
    > App2.asp
    > <%
    > 'Session.Abandon
    > 'session("uid") = "XXX"
    > %>
    > <html>
    > <head>
    > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > </head>
    >
    > <BODY>
    > <form name="form1" name=form1 action=App2.asp method=POST>
    >
    > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    > CELLPADDING="2">
    > <tr>
    > <th style='color=black' colspan="3">Home</th>
    >
    > </tr>
    > <tr>
    > <td>user id: </td>
    > <td><B><%=session("uid")%></B></td>
    > </tr>
    > <tr>
    > <td></td>
    > <td></td>
    > </tr>
    > <tr>
    > <td></td>
    > <td align="center"><INPUT name=showinfo type=button value="Show User"
    > style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    > onclick="alert('<%=session("uid")%>');"></td>
    > </tr>
    > </table>
    > </form>
    > </BODY>
    > </html>
    >
    >
    >
    > "Bob Barrows [MVP]" wrote:
    >
    >> Li Pang wrote:
    >>> Hi Bob,
    >>>
    >>> You said that "The session has already started". Is it still true if
    >>> the calling page and the called page are located at the different
    >>> servers?

    >>
    >> If they are on different servers, then, by definition, they cannot
    >> have the same session.
    >> There is no point in abandoning a session in Session_OnStart because
    >> that event only fires when a session is starting.
    >>
    >>>
    >>> How the session really works?
    >>> If the calling page A calls the called page B then the session of
    >>> page B started (from the server B).

    >>
    >> Correct. A new session starts on server B
    >>
    >>> If the calling page A calls second time the page B, how the asp or
    >>> iis knows that the session has been already started?

    >>
    >> Because the server B session cookie still exists on the user's
    >> machine.
    >>
    >>>
    >>> Is the session of page B depends on the parent page A?

    >>
    >> No. the session depends on a session cookie written to the user's
    >> machine by server B.
    >> The session cookies remain until all browser windows are closed
    >>
    >>> Is that possible to use the javascript function "window.open"
    >>> enforcing to open a new sessions?
    >>>

    >>
    >> Only by issuing a Session.Abandon call in the server-side code of
    >> the page being called.
    >>
    >> You could have a SessionAbandon.asp page to which you pass a
    >> querystring argument to control a Response.Redirect statement which
    >> is executed after the session is abandoned ...
    >>
    >> Bob Barrows
    >>
    >> --
    >> Microsoft MVP -- ASP/ASP.NET
    >> Please reply to the newsgroup. The email account listed in my From
    >> header is my spam trap, so I don't check it very often. You will get
    >> a quicker response by posting to the newsgroup.


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Jan 12, 2006
    #9
  10. Li Pang

    Li Pang Guest

    Bob,

    In reality, I don't want to kill any sessions. My concern is to keep every
    set of session within its own window. There is an issue of session shared
    within multiple windows. My filling is that the server checks the IE instance
    or id of client, as long as the same parameter found, it uses the same set of
    session. I can't find the reason that IE does that.

    "Bob Barrows [MVP]" wrote:

    > The page in which you issue Session.Abandon must immediately redirect to
    > another page. The Session is not destroyed until the page in which the
    > statement is issued finishes processing.
    > Li Pang wrote:
    > > Bob,
    > >
    > > I give you my testing codes as below.
    > > To reproduce the problem, do the following:
    > > 1. start test.asp, and click on Development
    > > 2. it pops up a new window. In the Login field, it shows "lpang" then
    > > click "Submit"
    > > 3. Apphome.asp page shows the user id
    > > 4. click on Development link on test.asp page again
    > > 5. it pops up another window. In Login field replace "lpang" by "Bob"
    > > and click on "Submit"
    > > 6. the page shows Bob as user id, now click on "refresh"
    > > 7. The page shows "Bob" as user id
    > > 8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
    > > is overwritten)
    > >
    > > test.asp
    > > <html>
    > > <head>
    > > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > > </head>
    > >
    > > <BODY>
    > > <TABLE WIDTH="100%" HEIGHT="100%">
    > > <TR>
    > > <TD><a target="_blank" href="../TestApp/app.asp">Development</a>
    > > </TD>
    > > </TR>
    > > </TABLE>
    > > </BODY>
    > > </html>
    > >
    > > App.asp
    > > <%
    > > Session.Abandon
    > > %>
    > > <html>
    > > <head>
    > > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > > </head>
    > >
    > > <BODY>
    > > <form name="form1" name=form1 action=Apphome.asp method=POST>
    > >
    > > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    > > CELLPADDING="2">
    > > <tr>
    > > <th style='color=black' colspan="3">Login</th>
    > >
    > > </tr>
    > > <tr>
    > > <td align="right">Login:</td>
    > > <td><input type="text" name="login" class="ipText" size="20"
    > > value="lpang"></td>
    > > </tr>
    > > <tr>
    > > <td></td>
    > > <td align="center"><a
    > > href="javascript:form1.submit();">Submit</a></td> </tr>
    > > </table>
    > > </form>
    > > </BODY>
    > > </html>
    > >
    > > Apphome.asp
    > > <%
    > > 'Session.Abandon
    > > session("uid") = request.form("login")
    > > %>
    > > <html>
    > > <head>
    > > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > > </head>
    > >
    > > <BODY>
    > > <form name="form1" name=form1 action=Apphome.asp method=POST>
    > >
    > > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    > > CELLPADDING="2">
    > > <tr>
    > > <th style='color=black' colspan="3">Home</th>
    > >
    > > </tr>
    > > <tr>
    > > <td>user id: </td>
    > > <td><B><%=session("uid")%></B></td>
    > > </tr>
    > > <tr>
    > > <td></td>
    > > <td></td>
    > > </tr>
    > > <tr>
    > > <td></td>
    > > <td align="center"><INPUT name=showinfo type=button value="Show
    > > User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    > > onclick="alert('<%=session("uid")%>');"></td>
    > > </tr>
    > > <TR>
    > > <TD align="center"><a href="App2.asp">refresh</a></TD>
    > > </TR>
    > > </table>
    > > </form>
    > > </BODY>
    > > </html>
    > >
    > > App2.asp
    > > <%
    > > 'Session.Abandon
    > > 'session("uid") = "XXX"
    > > %>
    > > <html>
    > > <head>
    > > <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    > > </head>
    > >
    > > <BODY>
    > > <form name="form1" name=form1 action=App2.asp method=POST>
    > >
    > > <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    > > CELLPADDING="2">
    > > <tr>
    > > <th style='color=black' colspan="3">Home</th>
    > >
    > > </tr>
    > > <tr>
    > > <td>user id: </td>
    > > <td><B><%=session("uid")%></B></td>
    > > </tr>
    > > <tr>
    > > <td></td>
    > > <td></td>
    > > </tr>
    > > <tr>
    > > <td></td>
    > > <td align="center"><INPUT name=showinfo type=button value="Show User"
    > > style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    > > onclick="alert('<%=session("uid")%>');"></td>
    > > </tr>
    > > </table>
    > > </form>
    > > </BODY>
    > > </html>
    > >
    > >
    > >
    > > "Bob Barrows [MVP]" wrote:
    > >
    > >> Li Pang wrote:
    > >>> Hi Bob,
    > >>>
    > >>> You said that "The session has already started". Is it still true if
    > >>> the calling page and the called page are located at the different
    > >>> servers?
    > >>
    > >> If they are on different servers, then, by definition, they cannot
    > >> have the same session.
    > >> There is no point in abandoning a session in Session_OnStart because
    > >> that event only fires when a session is starting.
    > >>
    > >>>
    > >>> How the session really works?
    > >>> If the calling page A calls the called page B then the session of
    > >>> page B started (from the server B).
    > >>
    > >> Correct. A new session starts on server B
    > >>
    > >>> If the calling page A calls second time the page B, how the asp or
    > >>> iis knows that the session has been already started?
    > >>
    > >> Because the server B session cookie still exists on the user's
    > >> machine.
    > >>
    > >>>
    > >>> Is the session of page B depends on the parent page A?
    > >>
    > >> No. the session depends on a session cookie written to the user's
    > >> machine by server B.
    > >> The session cookies remain until all browser windows are closed
    > >>
    > >>> Is that possible to use the javascript function "window.open"
    > >>> enforcing to open a new sessions?
    > >>>
    > >>
    > >> Only by issuing a Session.Abandon call in the server-side code of
    > >> the page being called.
    > >>
    > >> You could have a SessionAbandon.asp page to which you pass a
    > >> querystring argument to control a Response.Redirect statement which
    > >> is executed after the session is abandoned ...
    > >>
    > >> Bob Barrows
    > >>
    > >> --
    > >> Microsoft MVP -- ASP/ASP.NET
    > >> Please reply to the newsgroup. The email account listed in my From
    > >> header is my spam trap, so I don't check it very often. You will get
    > >> a quicker response by posting to the newsgroup.

    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    >
    >
    >
     
    Li Pang, Jan 12, 2006
    #10
  11. I think I am beginning to understand.
    I may be wrong, but I don't think it is possible for multiple sessions to be
    spawned for the same application from a single web server on a single client
    machine. This would probably be a security breach, enabling sessions to be
    hijacked.

    You should check with the experts over at .inetserver.iis, but I think you
    will need to find another way to maintain your session state for your
    applications.

    Li Pang wrote:
    > Bob,
    >
    > In reality, I don't want to kill any sessions. My concern is to keep
    > every set of session within its own window. There is an issue of
    > session shared within multiple windows. My filling is that the server
    > checks the IE instance or id of client, as long as the same parameter
    > found, it uses the same set of session. I can't find the reason that
    > IE does that.
    >
    > "Bob Barrows [MVP]" wrote:
    >
    >> The page in which you issue Session.Abandon must immediately
    >> redirect to another page. The Session is not destroyed until the
    >> page in which the statement is issued finishes processing.
    >> Li Pang wrote:
    >>> Bob,
    >>>
    >>> I give you my testing codes as below.
    >>> To reproduce the problem, do the following:
    >>> 1. start test.asp, and click on Development
    >>> 2. it pops up a new window. In the Login field, it shows "lpang"
    >>> then click "Submit"
    >>> 3. Apphome.asp page shows the user id
    >>> 4. click on Development link on test.asp page again
    >>> 5. it pops up another window. In Login field replace "lpang" by
    >>> "Bob" and click on "Submit"
    >>> 6. the page shows Bob as user id, now click on "refresh"
    >>> 7. The page shows "Bob" as user id
    >>> 8. Go to first page click "refresh", it shows "Bob" as well ("lpang"
    >>> is overwritten)
    >>>
    >>> test.asp
    >>> <html>
    >>> <head>
    >>> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    >>> </head>
    >>>
    >>> <BODY>
    >>> <TABLE WIDTH="100%" HEIGHT="100%">
    >>> <TR>
    >>> <TD><a target="_blank" href="../TestApp/app.asp">Development</a>
    >>> </TD>
    >>> </TR>
    >>> </TABLE>
    >>> </BODY>
    >>> </html>
    >>>
    >>> App.asp
    >>> <%
    >>> Session.Abandon
    >>> %>
    >>> <html>
    >>> <head>
    >>> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    >>> </head>
    >>>
    >>> <BODY>
    >>> <form name="form1" name=form1 action=Apphome.asp method=POST>
    >>>
    >>> <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    >>> CELLPADDING="2">
    >>> <tr>
    >>> <th style='color=black' colspan="3">Login</th>
    >>>
    >>> </tr>
    >>> <tr>
    >>> <td align="right">Login:</td>
    >>> <td><input type="text" name="login" class="ipText" size="20"
    >>> value="lpang"></td>
    >>> </tr>
    >>> <tr>
    >>> <td></td>
    >>> <td align="center"><a
    >>> href="javascript:form1.submit();">Submit</a></td> </tr>
    >>> </table>
    >>> </form>
    >>> </BODY>
    >>> </html>
    >>>
    >>> Apphome.asp
    >>> <%
    >>> 'Session.Abandon
    >>> session("uid") = request.form("login")
    >>> %>
    >>> <html>
    >>> <head>
    >>> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    >>> </head>
    >>>
    >>> <BODY>
    >>> <form name="form1" name=form1 action=Apphome.asp method=POST>
    >>>
    >>> <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    >>> CELLPADDING="2">
    >>> <tr>
    >>> <th style='color=black' colspan="3">Home</th>
    >>>
    >>> </tr>
    >>> <tr>
    >>> <td>user id: </td>
    >>> <td><B><%=session("uid")%></B></td>
    >>> </tr>
    >>> <tr>
    >>> <td></td>
    >>> <td></td>
    >>> </tr>
    >>> <tr>
    >>> <td></td>
    >>> <td align="center"><INPUT name=showinfo type=button value="Show
    >>> User"style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    >>> onclick="alert('<%=session("uid")%>');"></td>
    >>> </tr>
    >>> <TR>
    >>> <TD align="center"><a href="App2.asp">refresh</a></TD>
    >>> </TR>
    >>> </table>
    >>> </form>
    >>> </BODY>
    >>> </html>
    >>>
    >>> App2.asp
    >>> <%
    >>> 'Session.Abandon
    >>> 'session("uid") = "XXX"
    >>> %>
    >>> <html>
    >>> <head>
    >>> <meta NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
    >>> </head>
    >>>
    >>> <BODY>
    >>> <form name="form1" name=form1 action=App2.asp method=POST>
    >>>
    >>> <table valign="center" ALIGN="center" BORDER="0" CELLSPACING="2"
    >>> CELLPADDING="2">
    >>> <tr>
    >>> <th style='color=black' colspan="3">Home</th>
    >>>
    >>> </tr>
    >>> <tr>
    >>> <td>user id: </td>
    >>> <td><B><%=session("uid")%></B></td>
    >>> </tr>
    >>> <tr>
    >>> <td></td>
    >>> <td></td>
    >>> </tr>
    >>> <tr>
    >>> <td></td>
    >>> <td align="center"><INPUT name=showinfo type=button value="Show
    >>> User" style="HEIGHT: 24px; WIDTH: 75px; cursor:hand"
    >>> onclick="alert('<%=session("uid")%>');"></td>
    >>> </tr>
    >>> </table>
    >>> </form>
    >>> </BODY>
    >>> </html>
    >>>
    >>>
    >>>
    >>> "Bob Barrows [MVP]" wrote:
    >>>
    >>>> Li Pang wrote:
    >>>>> Hi Bob,
    >>>>>
    >>>>> You said that "The session has already started". Is it still true
    >>>>> if the calling page and the called page are located at the
    >>>>> different servers?
    >>>>
    >>>> If they are on different servers, then, by definition, they cannot
    >>>> have the same session.
    >>>> There is no point in abandoning a session in Session_OnStart
    >>>> because that event only fires when a session is starting.
    >>>>
    >>>>>
    >>>>> How the session really works?
    >>>>> If the calling page A calls the called page B then the session of
    >>>>> page B started (from the server B).
    >>>>
    >>>> Correct. A new session starts on server B
    >>>>
    >>>>> If the calling page A calls second time the page B, how the asp or
    >>>>> iis knows that the session has been already started?
    >>>>
    >>>> Because the server B session cookie still exists on the user's
    >>>> machine.
    >>>>
    >>>>>
    >>>>> Is the session of page B depends on the parent page A?
    >>>>
    >>>> No. the session depends on a session cookie written to the user's
    >>>> machine by server B.
    >>>> The session cookies remain until all browser windows are closed
    >>>>
    >>>>> Is that possible to use the javascript function "window.open"
    >>>>> enforcing to open a new sessions?
    >>>>>
    >>>>
    >>>> Only by issuing a Session.Abandon call in the server-side code of
    >>>> the page being called.
    >>>>
    >>>> You could have a SessionAbandon.asp page to which you pass a
    >>>> querystring argument to control a Response.Redirect statement which
    >>>> is executed after the session is abandoned ...
    >>>>
    >>>> Bob Barrows
    >>>>
    >>>> --
    >>>> Microsoft MVP -- ASP/ASP.NET
    >>>> Please reply to the newsgroup. The email account listed in my From
    >>>> header is my spam trap, so I don't check it very often. You will
    >>>> get a quicker response by posting to the newsgroup.

    >>
    >> --
    >> Microsoft MVP -- ASP/ASP.NET
    >> Please reply to the newsgroup. The email account listed in my From
    >> header is my spam trap, so I don't check it very often. You will get
    >> a quicker response by posting to the newsgroup.


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Jan 12, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bill joyce

    Bizzare session variable issue

    bill joyce, Oct 18, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    328
    bill joyce
    Oct 20, 2003
  2. Jeff Smythe
    Replies:
    3
    Views:
    1,288
    Jeff Smythe
    Jan 2, 2004
  3. =?Utf-8?B?Um9iSEs=?=
    Replies:
    4
    Views:
    5,342
    =?Utf-8?B?Um9iSEs=?=
    Apr 11, 2007
  4. Srini
    Replies:
    11
    Views:
    985
    Arne Vajhøj
    Jun 1, 2008
  5. Jazzis
    Replies:
    2
    Views:
    265
    Jazzis
    Sep 23, 2003
Loading...

Share This Page