session timeout

[isaac2004]

how would go about making a session timeout expire with a method like
you can expire a cookie by going Date() - 1

 

[Evertjan.]

isaac2004 wrote on 09 mrt 2006 in microsoft.public.inetserver.asp.general:

how would go about making a session timeout expire with a method like
you can expire a cookie by going Date() - 1

Why would you want to do that?

session.abandon is the way to go.

 

[isaac2004]

Why would you want to do that?

i have a db driven shopping cart that uses a session id as a varible
for storring individual carts and items

session.abandon is the way to go.\

isnt this method unefficient and is there any other way

 

[Evertjan.]

isaac2004 wrote on 10 mrt 2006 in microsoft.public.inetserver.asp.general:

i have a db driven shopping cart that uses a session id as a varible
for storring individual carts and items

Yes, so?

One advice, never use systemvariables directly in code.

For one it precludes efficient testing with virtual values.

And now you see for yourself you will have to use measures the system is
not ment for.
say you want to keep the session identity of the user for other reasons?

isnt this method unefficient

Why?

What would be "inefficient" about it, and why would that matter to you?

setting the session timeout to a time in the past [if possible?] IS!!
abandoning the session, IMHO!!!

and is there any other way

Yes, Do not use the session id for other things than
identifying the user's session.

 

[Egbert Nierop \(MVP for IIS\)]

i have a db driven shopping cart that uses a session id as a varible
for storring individual carts and items


isnt this method unefficient and is there any other way

Session.SessionID is _very_ unreliable!
This is because the SessionID is just a numeric value, that can be reset at
any time, and it is not a unique number!

Identify your basket using a string-GUID for instance,

 

[Evertjan.]

Egbert Nierop (MVP for IIS) wrote on 12 mrt 2006 in
microsoft.public.inetserver.asp.general:

Session.SessionID is _very_ unreliable!
This is because the SessionID is just a numeric value, that can be
reset at any time, and it is not a unique number!

And how many sessions would you need to have at one time to come near the
number that the session ID has a reasonable chance of being duplicated?

Identify your basket using a string-GUID for instance,

Isn't that just as resettable?

===========

Read further, I do not advice abandoning the session, just to throw away a
basket.

 

[isaac2004]

hey i found out that i can just use the delete part of a SQL statement
to erase all fields, the only problem is that it gives me this error
[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected
1.

doesnt this mean that i am trying to delete something that doesnt
exist, here is the delete SQL code

strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " &
strSessionID
objRS.Open strDeleteSQL, objConn, adOpenForwardOnly,
adLockOptimistic

does this look right
thanks for the help

 

[Evertjan.]

isaac2004 wrote on 12 mrt 2006 in microsoft.public.inetserver.asp.general:

hey i found out that i can just use the delete part of a SQL statement

Please quote what you are replying to.

If you want to post a followup via groups.google.com, don't use the
"Reply" link at the bottom of the article. Click on "show options" at the
top of the article, then click on the "Reply" at the bottom of the article
headers. <http://www.safalra.com/special/googlegroupsreply/>

 

[isaac2004]

Please quote what you are replying to.

sorry alot of people were giving advice so i thought just by doing that
it would limit confusion

anyway i started this thread with an original problem that i fixed, now
there is another problem, i get this error

[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected
1.

doesnt this mean that i am trying to delete something that doesnt
exist, here is the delete SQL code


strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " &
strSessionID
objRS.Open strDeleteSQL, objConn, adOpenForwardOnly,
adLockOptimistic


does this look right
thank you all for the help

 

[Evertjan.]

isaac2004 wrote on 12 mrt 2006 in microsoft.public.inetserver.asp.general:

sorry alot of people were giving advice so i thought just by doing that
it would limit confusion

anyway i started this thread with an original problem that i fixed, now
there is another problem, i get this error

Again a lack of Usenet Netiquette.

Do not ask a new unrelated question in an old thread.

Start a new thread with a new telling subject text.

 

[Bob Barrows [MVP]]

Please quote what you are replying to.

sorry alot of people were giving advice so i thought just by doing
that it would limit confusion

anyway i started this thread with an original problem that i fixed,
now there is another problem, i get this error

[Microsoft][ODBC Microsoft Access Driver]
http://www.aspfaq.com/show.asp?id=2126

Too few parameters. Expected
1.

doesnt this mean that i am trying to delete something that doesnt
exist, here is the delete SQL code

No. It means you've specified an object, either a table or a field name,
that does not exist in your database. It could also mean that you used a
reserved keyword to name one of the objects that is specified in the query
without using brackets to delimit that word. However, I see no reserved
keywords in your query so that's not the problem.

strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " &
strSessionID
objRS.Open strDeleteSQL, objConn, adOpenForwardOnly,
adLockOptimistic

does this look right

I don't know. Does your tblCart table really have a field called
"strSessionID"?

 

[Egbert Nierop \(MVP for IIS\)]

Egbert Nierop (MVP for IIS) wrote on 12 mrt 2006 in
microsoft.public.inetserver.asp.general:


And how many sessions would you need to have at one time to come near the
number that the session ID has a reasonable chance of being duplicated?

Well at least with windows 2000, this was just a sequential number. I did
not test it for windows xp/2003 but the number is just a hashcode to a
bucket. It is not the right way to be unique.

Isn't that just as resettable?

no.
The chance for duplicates is nill.

 

[Evertjan.]

Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in
microsoft.public.inetserver.asp.general:

Well at least with windows 2000, this was just a sequential number. I
did not test it for windows xp/2003 but the number is just a hashcode
to a bucket. It is not the right way to be unique.

Under W2003 it is a very long string. Unicity is not needed, only relative
unicity.

 

[Egbert Nierop \(MVP for IIS\)]

Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in
microsoft.public.inetserver.asp.general:


Under W2003 it is a very long string. Unicity is not needed, only relative
unicity.

Possibly they've changed the number as a hashcode from a GUID.

Still, I would not use the SessionID as unique identifier. It is not
documented to be unique.

 

[Evertjan.]

Egbert Nierop (MVP for IIS) wrote on 16 mrt 2006 in
microsoft.public.inetserver.asp.general:

Possibly they've changed the number as a hashcode from a GUID.

Still, I would not use the SessionID as unique identifier. It is not
documented to be unique.

But that was not my point, Egbert.

You do not need a unique identifier for a shopping card, as the number of
concurent users is very small, compared to, say, a database filled with
all inhabitantss of the Netherlands.

if you keep the chance of concurrency below, say, once in a hundred
thousand years, wouldn't that be enough?

btw: an "unique identifier" is not unique at all, it is just a pseudo
random string and it only is unique compared to the practical chance of
doublures during time spans like the age of the universe.