website issuing multiple ASPSESSIONID to same client..make it stop!!!

Discussion in 'ASP General' started by Steve Embry, Apr 4, 2007.

  1. Steve Embry

    Steve Embry Guest

    Hello-

    For some reason, at a website that has been trouble free for a couple of
    months, multiple ASPSESSIONID's are now being set by IIS for each client
    visitor, rather than the one you'd expect.

    When you first visit the site and hit a page that sets a session, the
    response.write of the HTTP_COOKIE server variable looks like you'd
    expect...with just the one IIS-assigned ASPSESSIONID:
    HTTP_COOKIE=
    ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB

    ....but when you add items to your shopping basket(stored in a db, no
    persistent cookies being used), then go view your order or continue shopping
    and view the response.write again, it's now a string of ASPSESSIONID's like:

    HTTP_COOKIE=
    ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB;
    ASPSESSIONIDQSCCTBDS=NPKKPFKAPCNEEBMEKIDCPNKG;
    ASPSESSIONIDSSCARBCS=JDCHGKPAOJFMKEAGIIMLGCAD

    The problem manifests itself in that RANDOMLY, IIS appears to be recognizing
    the user/client as one or the other of the ASPSESSIONID's in the string...in
    effect, IIS no longer recognizes the user that added items to their basket a
    minute ago because it is paying attention to one of the other ASPSESSIONID's
    in the string which haven't got any session variables defined via
    scripting....you can refresh your page a few times and it thinks you are a
    different visitor with no sessions...refresh a few more times and it thinks
    you're the original person with active sessions...a very frustrating issue.

    The server is Windows Server 2003 and has IIS 6 on it.

    I've done a lot of digging on the web for information about this phenomenon,
    but nothing I've found seemed applicable ...or worked.

    1. The website doesn't use frames
    2. The problem occurs whether staying in http or https or crossing between
    the two types of connections
    3. The server is not a member of a web farm that utilizes load balancing
    4. I've assured that my global.asa file has read and execute permissions for
    IUSR
    5. I've stubbed out everything in the Session_OnStart sub of my global.asa
    file
    6. I've pulled out hand-fulls of hair, cussed and gritted my teeth for
    several days
    ...nothing works...

    Any help making it stop this behavior would be greatly appreciated!!!

    Thanks,
    Steve
     
    Steve Embry, Apr 4, 2007
    #1
    1. Advertising

  2. "Steve Embry" <> wrote in message
    news:...
    > Hello-
    >
    > For some reason, at a website that has been trouble free for a couple of
    > months, multiple ASPSESSIONID's are now being set by IIS for each client
    > visitor, rather than the one you'd expect.
    >
    > When you first visit the site and hit a page that sets a session, the
    > response.write of the HTTP_COOKIE server variable looks like you'd
    > expect...with just the one IIS-assigned ASPSESSIONID:
    > HTTP_COOKIE=
    > ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB
    >
    > ...but when you add items to your shopping basket(stored in a db, no
    > persistent cookies being used), then go view your order or continue

    shopping
    > and view the response.write again, it's now a string of ASPSESSIONID's

    like:
    >
    > HTTP_COOKIE=
    > ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB;
    > ASPSESSIONIDQSCCTBDS=NPKKPFKAPCNEEBMEKIDCPNKG;
    > ASPSESSIONIDSSCARBCS=JDCHGKPAOJFMKEAGIIMLGCAD
    >
    > The problem manifests itself in that RANDOMLY, IIS appears to be

    recognizing
    > the user/client as one or the other of the ASPSESSIONID's in the

    string...in
    > effect, IIS no longer recognizes the user that added items to their basket

    a
    > minute ago because it is paying attention to one of the other

    ASPSESSIONID's
    > in the string which haven't got any session variables defined via
    > scripting....you can refresh your page a few times and it thinks you are a
    > different visitor with no sessions...refresh a few more times and it

    thinks
    > you're the original person with active sessions...a very frustrating

    issue.
    >
    > The server is Windows Server 2003 and has IIS 6 on it.
    >
    > I've done a lot of digging on the web for information about this

    phenomenon,
    > but nothing I've found seemed applicable ...or worked.
    >
    > 1. The website doesn't use frames
    > 2. The problem occurs whether staying in http or https or crossing between
    > the two types of connections
    > 3. The server is not a member of a web farm that utilizes load balancing
    > 4. I've assured that my global.asa file has read and execute permissions

    for
    > IUSR
    > 5. I've stubbed out everything in the Session_OnStart sub of my global.asa
    > file
    > 6. I've pulled out hand-fulls of hair, cussed and gritted my teeth for
    > several days
    > ..nothing works...
    >
    > Any help making it stop this behavior would be greatly appreciated!!!
    >
    > Thanks,
    > Steve


    Have you looked into the event log to see if anything un-toward is
    happening?
    A clue is found in that the cookie name is changing. This happens when the
    application is recycled.
     
    Anthony Jones, Apr 5, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JR
    Replies:
    2
    Views:
    1,610
  2. Joseph Shoe

    Change ASPSessionID

    Joseph Shoe, Jul 18, 2005, in forum: ASP General
    Replies:
    26
    Views:
    646
    Tim Williams
    Jul 21, 2005
  3. Chris

    ASPSessionID Location & attributes?

    Chris, Aug 18, 2005, in forum: ASP General
    Replies:
    0
    Views:
    133
    Chris
    Aug 18, 2005
  4. Replies:
    3
    Views:
    267
    Anthony Jones
    Sep 18, 2006
  5. Andrew
    Replies:
    4
    Views:
    4,346
    Andrew
    Feb 15, 2010
Loading...

Share This Page