session timeout

Discussion in 'ASP General' started by isaac2004, Mar 9, 2006.

  1. isaac2004

    isaac2004 Guest

    how would go about making a session timeout expire with a method like
    you can expire a cookie by going Date() - 1
    isaac2004, Mar 9, 2006
    #1
    1. Advertising

  2. isaac2004

    Evertjan. Guest

    isaac2004 wrote on 09 mrt 2006 in microsoft.public.inetserver.asp.general:

    > how would go about making a session timeout expire with a method like
    > you can expire a cookie by going Date() - 1
    >
    >


    Why would you want to do that?

    session.abandon is the way to go.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Mar 9, 2006
    #2
    1. Advertising

  3. isaac2004

    isaac2004 Guest

    >Why would you want to do that?

    i have a db driven shopping cart that uses a session id as a varible
    for storring individual carts and items

    >session.abandon is the way to go.\


    isnt this method unefficient and is there any other way
    isaac2004, Mar 10, 2006
    #3
  4. isaac2004

    Evertjan. Guest

    isaac2004 wrote on 10 mrt 2006 in microsoft.public.inetserver.asp.general:

    >>Why would you want to do that?

    >
    > i have a db driven shopping cart that uses a session id as a varible
    > for storring individual carts and items


    Yes, so?

    One advice, never use systemvariables directly in code.

    For one it precludes efficient testing with virtual values.

    And now you see for yourself you will have to use measures the system is
    not ment for.
    say you want to keep the session identity of the user for other reasons?

    >>session.abandon is the way to go.\

    >
    > isnt this method unefficient


    Why?

    What would be "inefficient" about it, and why would that matter to you?

    setting the session timeout to a time in the past [if possible?] IS!!
    abandoning the session, IMHO!!!

    > and is there any other way


    Yes, Do not use the session id for other things than
    identifying the user's session.


    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Mar 10, 2006
    #4
  5. "isaac2004" <> wrote in message
    news:...
    > >Why would you want to do that?

    >
    > i have a db driven shopping cart that uses a session id as a varible
    > for storring individual carts and items
    >
    >>session.abandon is the way to go.\

    >
    > isnt this method unefficient and is there any other way


    Session.SessionID is _very_ unreliable!
    This is because the SessionID is just a numeric value, that can be reset at
    any time, and it is not a unique number!

    Identify your basket using a string-GUID for instance,


    --
    compatible web farm Session replacement for Asp and Asp.Net (1.1)
    http://www.nieropwebconsult.nl/asp_session_manager.htm
    Egbert Nierop \(MVP for IIS\), Mar 12, 2006
    #5
  6. isaac2004

    Evertjan. Guest

    Egbert Nierop (MVP for IIS) wrote on 12 mrt 2006 in
    microsoft.public.inetserver.asp.general:

    >
    > "isaac2004" <> wrote in message
    > news:...
    >> >Why would you want to do that?

    >>
    >> i have a db driven shopping cart that uses a session id as a varible
    >> for storring individual carts and items
    >>
    >>>session.abandon is the way to go.\

    >>
    >> isnt this method unefficient and is there any other way

    >
    > Session.SessionID is _very_ unreliable!
    > This is because the SessionID is just a numeric value, that can be
    > reset at any time, and it is not a unique number!


    And how many sessions would you need to have at one time to come near the
    number that the session ID has a reasonable chance of being duplicated?

    > Identify your basket using a string-GUID for instance,


    Isn't that just as resettable?

    ===========

    Read further, I do not advice abandoning the session, just to throw away a
    basket.


    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Mar 12, 2006
    #6
  7. isaac2004

    isaac2004 Guest

    hey i found out that i can just use the delete part of a SQL statement
    to erase all fields, the only problem is that it gives me this error
    [Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected
    1.

    doesnt this mean that i am trying to delete something that doesnt
    exist, here is the delete SQL code

    strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " &
    strSessionID
    objRS.Open strDeleteSQL, objConn, adOpenForwardOnly,
    adLockOptimistic

    does this look right
    thanks for the help
    isaac2004, Mar 12, 2006
    #7
  8. isaac2004

    Evertjan. Guest

    isaac2004 wrote on 12 mrt 2006 in microsoft.public.inetserver.asp.general:

    > hey i found out that i can just use the delete part of a SQL statement
    >


    Please quote what you are replying to.

    If you want to post a followup via groups.google.com, don't use the
    "Reply" link at the bottom of the article. Click on "show options" at the
    top of the article, then click on the "Reply" at the bottom of the article
    headers. <http://www.safalra.com/special/googlegroupsreply/>

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Mar 12, 2006
    #8
  9. isaac2004

    isaac2004 Guest

    >Please quote what you are replying to.

    sorry alot of people were giving advice so i thought just by doing that
    it would limit confusion

    anyway i started this thread with an original problem that i fixed, now
    there is another problem, i get this error

    [Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected
    1.

    doesnt this mean that i am trying to delete something that doesnt
    exist, here is the delete SQL code


    strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " &
    strSessionID
    objRS.Open strDeleteSQL, objConn, adOpenForwardOnly,
    adLockOptimistic


    does this look right
    thank you all for the help
    isaac2004, Mar 12, 2006
    #9
  10. isaac2004

    Evertjan. Guest

    isaac2004 wrote on 12 mrt 2006 in microsoft.public.inetserver.asp.general:

    >>Please quote what you are replying to.

    >
    > sorry alot of people were giving advice so i thought just by doing that
    > it would limit confusion
    >
    > anyway i started this thread with an original problem that i fixed, now
    > there is another problem, i get this error


    Again a lack of Usenet Netiquette.

    Do not ask a new unrelated question in an old thread.

    Start a new thread with a new telling subject text.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Mar 13, 2006
    #10
  11. isaac2004 wrote:
    >> Please quote what you are replying to.

    >
    > sorry alot of people were giving advice so i thought just by doing
    > that it would limit confusion
    >
    > anyway i started this thread with an original problem that i fixed,
    > now there is another problem, i get this error
    >
    > [Microsoft][ODBC Microsoft Access Driver]


    http://www.aspfaq.com/show.asp?id=2126

    > Too few parameters. Expected
    > 1.
    >
    > doesnt this mean that i am trying to delete something that doesnt
    > exist, here is the delete SQL code
    >

    No. It means you've specified an object, either a table or a field name,
    that does not exist in your database. It could also mean that you used a
    reserved keyword to name one of the objects that is specified in the query
    without using brackets to delimit that word. However, I see no reserved
    keywords in your query so that's not the problem.
    >
    > strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " &
    > strSessionID
    > objRS.Open strDeleteSQL, objConn, adOpenForwardOnly,
    > adLockOptimistic
    >
    >


    > does this look right


    I don't know. Does your tblCart table really have a field called
    "strSessionID"?

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Mar 13, 2006
    #11
  12. "Evertjan." <> wrote in message
    news:Xns9784B9873378Ceejj99@194.109.133.242...
    > Egbert Nierop (MVP for IIS) wrote on 12 mrt 2006 in
    > microsoft.public.inetserver.asp.general:
    >
    >>
    >> "isaac2004" <> wrote in message
    >> news:...
    >>> >Why would you want to do that?
    >>>
    >>> i have a db driven shopping cart that uses a session id as a varible
    >>> for storring individual carts and items
    >>>
    >>>>session.abandon is the way to go.\
    >>>
    >>> isnt this method unefficient and is there any other way

    >>
    >> Session.SessionID is _very_ unreliable!
    >> This is because the SessionID is just a numeric value, that can be
    >> reset at any time, and it is not a unique number!

    >
    > And how many sessions would you need to have at one time to come near the
    > number that the session ID has a reasonable chance of being duplicated?


    Well at least with windows 2000, this was just a sequential number. I did
    not test it for windows xp/2003 but the number is just a hashcode to a
    bucket. It is not the right way to be unique.

    >> Identify your basket using a string-GUID for instance,

    >
    > Isn't that just as resettable?


    no.
    The chance for duplicates is nill.

    > ===========
    >
    > Read further, I do not advice abandoning the session, just to throw away a
    > basket.
    Egbert Nierop \(MVP for IIS\), Mar 15, 2006
    #12
  13. isaac2004

    Evertjan. Guest

    Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in
    microsoft.public.inetserver.asp.general:

    >> And how many sessions would you need to have at one time to come near
    >> the number that the session ID has a reasonable chance of being
    >> duplicated?

    >
    > Well at least with windows 2000, this was just a sequential number. I
    > did not test it for windows xp/2003 but the number is just a hashcode
    > to a bucket. It is not the right way to be unique.
    >


    Under W2003 it is a very long string. Unicity is not needed, only relative
    unicity.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Mar 15, 2006
    #13
  14. "Evertjan." <> wrote in message
    news:Xns978876DADF65eejj99@194.109.133.242...
    > Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in
    > microsoft.public.inetserver.asp.general:
    >
    >>> And how many sessions would you need to have at one time to come near
    >>> the number that the session ID has a reasonable chance of being
    >>> duplicated?

    >>
    >> Well at least with windows 2000, this was just a sequential number. I
    >> did not test it for windows xp/2003 but the number is just a hashcode
    >> to a bucket. It is not the right way to be unique.
    >>

    >
    > Under W2003 it is a very long string. Unicity is not needed, only relative
    > unicity.


    Possibly they've changed the number as a hashcode from a GUID.

    Still, I would not use the SessionID as unique identifier. It is not
    documented to be unique.
    Egbert Nierop \(MVP for IIS\), Mar 16, 2006
    #14
  15. isaac2004

    Evertjan. Guest

    Egbert Nierop (MVP for IIS) wrote on 16 mrt 2006 in
    microsoft.public.inetserver.asp.general:

    >
    > "Evertjan." <> wrote in message
    > news:Xns978876DADF65eejj99@194.109.133.242...
    >> Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in
    >> microsoft.public.inetserver.asp.general:
    >>
    >>>> And how many sessions would you need to have at one time to come
    >>>> near the number that the session ID has a reasonable chance of
    >>>> being duplicated?
    >>>
    >>> Well at least with windows 2000, this was just a sequential number.
    >>> I did not test it for windows xp/2003 but the number is just a
    >>> hashcode to a bucket. It is not the right way to be unique.
    >>>

    >>
    >> Under W2003 it is a very long string. Unicity is not needed, only
    >> relative unicity.

    >
    > Possibly they've changed the number as a hashcode from a GUID.
    >
    > Still, I would not use the SessionID as unique identifier. It is not
    > documented to be unique.


    But that was not my point, Egbert.

    You do not need a unique identifier for a shopping card, as the number of
    concurent users is very small, compared to, say, a database filled with
    all inhabitantss of the Netherlands.

    if you keep the chance of concurrency below, say, once in a hundred
    thousand years, wouldn't that be enough?

    btw: an "unique identifier" is not unique at all, it is just a pseudo
    random string and it only is unique compared to the practical chance of
    doublures during time spans like the age of the universe.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Mar 16, 2006
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Do
    Replies:
    2
    Views:
    6,342
  2. bruce barker

    Re: ASPX Page Timeout - Session Timeout

    bruce barker, Jul 20, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    11,098
    ASP.Confused
    Jul 20, 2004
  3. =?Utf-8?B?Q3JhaWc=?=

    formsauthentication timeout & session timeout

    =?Utf-8?B?Q3JhaWc=?=, Aug 10, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,633
    =?Utf-8?B?RU5JWklO?= .enizin.net>
    Aug 10, 2005
  4. =?Utf-8?B?Um9iSEs=?=
    Replies:
    4
    Views:
    5,250
    =?Utf-8?B?Um9iSEs=?=
    Apr 11, 2007
  5. Mark Probert

    Timeout::timeout and Socket timeout

    Mark Probert, Oct 6, 2004, in forum: Ruby
    Replies:
    1
    Views:
    1,268
    Brian Candler
    Oct 6, 2004
Loading...

Share This Page