Sessions not working correctly on ASP page

[Curt Morrison]

I have an ASP login section on my site that is experiencing some problems.

Go to the following page and create a fake account (this is a test
environment, so don't worry):

http://seminarystreet.com/dev_testing/registration/default.asp

Upon completion, you will be redirected to the login page, the new login
credentials are automatically inserted into the username and password
fields.

Click the Login button. Once logged in, click the logout button and you will
get a an error from my logout script, it completely refuses to log the
visitor out. I have SQL insert statement used for auditing that is expecting
the account_id to be passed, but it isn't there for some reason. Regardless,
with or without that statement, the logout fails.

Close out of the browser and go directly to the login page again, log in
using the same credentials and try logging out. It works correctly.

Now if you create a new account, close out of your browser and start a new
session and login, it works fine too. I'm at a loss of words on this one, so
any suggestions would really be appreciated. I've included links to the
associated pages below so that you can view the code:

Registration page:
http://seminarystreet.com/dev_testing/temp_code/registration/default.txt

Login page:
http://seminarystreet.com/dev_testing/temp_code/login/default.txt

Includes:
http://seminarystreet.com/dev_testing/temp_code/includes/global.txt
http://seminarystreet.com/dev_testing/temp_code/includes/sec-public.txt
http://seminarystreet.com/dev_testing/temp_code/includes/sec-private.txt

Like I said, any suggestions would be greatly appreciated.

Thanks,
Curt

 

[Curt Morrison]

I have an ASP login section on my site that is experiencing some problems.

Sorry, I made a mistake, you need to go to:

http://www.seminarystreet.com/dev_testing/

Then click on the register for free link. If you go directly to the
registration page, rather than via a link, it works fine. But, if you go to
the registration page a link, it doesn't work. The links are done via
include files and are full URLs rather than relative. Does anyone know if
ASP sessions can be affected by something like this?

 

[Curt Morrison]

I narrowed the problem down (I think), but could use some help.

The problem occurs when clicking on the following registration link from any
page:

<!--#include file="../includes/navigation/login-status.asp" -->

=============================================
<%
If varLoginStatus = 1 Then
Response.Write("You are currently logged on as: <a
href=""http://www.seminarystreet.com/dev_testing/my_account/default.asp""
title=""View and make changes to your account"">" & varFullName & "</a>. If
this is not you, <a
href=""http://www.seminarystreet.com/dev_testing/login/logout.asp" & "?" &
strSessLogout & """ onClick=""return confirm_LogOut(this.href);"">Click
Here</a>.")
ElseIf varLoginStatus = 0 Then
Response.Write("You are not currently logged on. Existing customers can <a
href=""http://www.seminarystreet.com/dev_testing/login/default.asp"">login</a>.
New customers can <a
href=""http://seminarystreet.com/dev_testing/registration/default.asp"">register
for free</a>.")
End If
%>
=============================================

If I put the include file in the same folder as the page I am linking from,
the problem goes away. Anyone know of a way to fix this?

 

[Tired]

I narrowed the problem down (I think), but could use some help.

The problem occurs when clicking on the following registration link
from any page:

<!--#include file="../includes/navigation/login-status.asp" -->

Isn't it backslash in 'include file', forward slash in 'include virtual'.

My eyes won't focus tonight, I can't concentrate, and I may be completely
wrong - but if you're still awake you might appreciate *any* pointers.

 

[Curt Morrison]

I have an ASP login section on my site that is experiencing some problems.

Click the Login button. Once logged in, click the logout button and you
will
get a an error from my logout script, it completely refuses to log the
visitor out. I have SQL insert statement used for auditing that is
expecting
the account_id to be passed, but it isn't there for some reason.
Regardless,
with or without that statement, the logout fails.

Turns-out that the problem was ASP session state related. I changed all of
my session("") variables to cookies and the problem is fixed.