Session Var Issues

A

Agent H

Hi all,

Anyone out there using session vars to hold user information when a user
logs in to your Web site, and sometimes having the Session Vars not get
set (especially in IE)?

My situation involves a Web site that uses a Session Var to hold a
UserID and another to hold a UserType and some users are being directed
to our 'timeout' message right away when they log in - it's coded so
users get directed here if the Session Vars are empty, NULL, or "" so
they are not really 'timing out'. The biggest problem is that some
users cannot even get in. I have found that IE's Privacy setting about
'blocking all cookies' will cause this to happen and as long as the
privacy gets set to 'High', you can still block cookies as long as you
enable 'Session Cookies'. I have also found a work around by adding the
Web site to the list of trusted sites in IE. Any other suggestions?
Perhaps there is a coding work-around that I am not aware of.

Any tips would be appreciated. Thanks

Agent H :)
 
B

Bob Barrows [MVP]

Agent said:
Hi all,

Anyone out there using session vars to hold user information when a
user logs in to your Web site,
Yes

and sometimes having the Session Vars
not get set (especially in IE)?
No.

My situation involves a Web site that uses a Session Var to hold a
UserID and another to hold a UserType and some users are being
directed to our 'timeout' message right away when they log in - it's
coded so users get directed here if the Session Vars are empty, NULL,
or "" so they are not really 'timing out'. The biggest problem is
that some users cannot even get in. I have found that IE's Privacy
setting about 'blocking all cookies' will cause this to happen
Click to expand...

Of course. Sessions depend on session cookies.
and as
long as the privacy gets set to 'High', you can still block cookies
as long as you enable 'Session Cookies'. I have also found a work
around by adding the Web site to the list of trusted sites in IE.
Any other suggestions? Perhaps there is a coding work-around that I
am not aware of.
Click to expand...

No, those are the only solutions if you wish to use the Session object.
Of course, you could roll your own session management system involving a
database, completely avoiding the need for cookies. Just be aware of the
possibility that not all users are benign: for example, a user might try
to hijack another user's "session". Keep that in mind when you design
your security structure.
 
A

Agent H

Hi all,

Thanks for the help, Bob. I was glad to hear that I wasn't completely
crazy in thinking that Cookies were needed. :) Have a great day!

Agent H :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Var and let simple beginner problem 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How can I upload a tar.bz2 file to OpenStack swift object storage container using the Python swift client? 1
Session Variables Unreliable? Please help! 1
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
Setting option value to session var 6
session variables and performance 3
menu bar and banner responsive issues....any guidance is appreciated! 0

Members online

No members online now.
Total: 32 (members: 0, guests: 32)
Robots: 440

Forum statistics

Threads
473,770
Messages
2,569,583
Members
45,073
Latest member
DarinCeden

Latest Threads

Top