website issuing multiple ASPSESSIONID to same client..make it stop!!!

S

Steve Embry

Hello-

For some reason, at a website that has been trouble free for a couple of
months, multiple ASPSESSIONID's are now being set by IIS for each client
visitor, rather than the one you'd expect.

When you first visit the site and hit a page that sets a session, the
response.write of the HTTP_COOKIE server variable looks like you'd
expect...with just the one IIS-assigned ASPSESSIONID:
HTTP_COOKIE=
ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB

....but when you add items to your shopping basket(stored in a db, no
persistent cookies being used), then go view your order or continue shopping
and view the response.write again, it's now a string of ASPSESSIONID's like:

HTTP_COOKIE=
ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB;
ASPSESSIONIDQSCCTBDS=NPKKPFKAPCNEEBMEKIDCPNKG;
ASPSESSIONIDSSCARBCS=JDCHGKPAOJFMKEAGIIMLGCAD

The problem manifests itself in that RANDOMLY, IIS appears to be recognizing
the user/client as one or the other of the ASPSESSIONID's in the string...in
effect, IIS no longer recognizes the user that added items to their basket a
minute ago because it is paying attention to one of the other ASPSESSIONID's
in the string which haven't got any session variables defined via
scripting....you can refresh your page a few times and it thinks you are a
different visitor with no sessions...refresh a few more times and it thinks
you're the original person with active sessions...a very frustrating issue.

The server is Windows Server 2003 and has IIS 6 on it.

I've done a lot of digging on the web for information about this phenomenon,
but nothing I've found seemed applicable ...or worked.

1. The website doesn't use frames
2. The problem occurs whether staying in http or https or crossing between
the two types of connections
3. The server is not a member of a web farm that utilizes load balancing
4. I've assured that my global.asa file has read and execute permissions for
IUSR
5. I've stubbed out everything in the Session_OnStart sub of my global.asa
file
6. I've pulled out hand-fulls of hair, cussed and gritted my teeth for
several days
...nothing works...

Any help making it stop this behavior would be greatly appreciated!!!

Thanks,
Steve
 
A

Anthony Jones

Steve Embry said:
Hello-

For some reason, at a website that has been trouble free for a couple of
months, multiple ASPSESSIONID's are now being set by IIS for each client
visitor, rather than the one you'd expect.

When you first visit the site and hit a page that sets a session, the
response.write of the HTTP_COOKIE server variable looks like you'd
expect...with just the one IIS-assigned ASPSESSIONID:
HTTP_COOKIE=
ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB

...but when you add items to your shopping basket(stored in a db, no
persistent cookies being used), then go view your order or continue shopping
and view the response.write again, it's now a string of ASPSESSIONID's like:

HTTP_COOKIE=
ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB;
ASPSESSIONIDQSCCTBDS=NPKKPFKAPCNEEBMEKIDCPNKG;
ASPSESSIONIDSSCARBCS=JDCHGKPAOJFMKEAGIIMLGCAD

The problem manifests itself in that RANDOMLY, IIS appears to be recognizing
the user/client as one or the other of the ASPSESSIONID's in the string...in
effect, IIS no longer recognizes the user that added items to their basket a
minute ago because it is paying attention to one of the other ASPSESSIONID's
in the string which haven't got any session variables defined via
scripting....you can refresh your page a few times and it thinks you are a
different visitor with no sessions...refresh a few more times and it thinks
you're the original person with active sessions...a very frustrating issue.

The server is Windows Server 2003 and has IIS 6 on it.

I've done a lot of digging on the web for information about this phenomenon,
but nothing I've found seemed applicable ...or worked.

1. The website doesn't use frames
2. The problem occurs whether staying in http or https or crossing between
the two types of connections
3. The server is not a member of a web farm that utilizes load balancing
4. I've assured that my global.asa file has read and execute permissions for
IUSR
5. I've stubbed out everything in the Session_OnStart sub of my global.asa
file
6. I've pulled out hand-fulls of hair, cussed and gritted my teeth for
several days
..nothing works...

Any help making it stop this behavior would be greatly appreciated!!!

Thanks,
Steve

Have you looked into the event log to see if anything un-toward is
happening?
A clue is found in that the cookie name is changing. This happens when the
application is recycled.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top