Windows 2000 IIS Session restricted?!

[David Lozzi]

Session("UID") = 10
Session("Name") = "John Doe"

I have an ASP application loaded on a Win2k SP3 server in Anonymous
Authentication Mode. When I try to access the site, none of the session
variables work. I have to lower the security to Low in Internet Explorer for
the session variables to run. BUT if I run this same script on my local
machine (WinXP Pro sp1) it works fine with whatever security level i have.

Also, i have another ASP application loaded on the same server, but this one
used Windows Authentication Mode. This one has no problems using sessions, I
get no restrictions from that at all, the session variables run great!

Neither app is setup as an Application within IIS, they are just sub
folders. I tried creating an Application for the first issue, but no luck
there.

Thanks,

--
David Lozzi
Associated Business & Technology Group
www.associatedbtg.com

I should've known that....but I had a brain fart.

 

[Copa]

Have you enabled Session State in the settings for the website?

Daniel

 

[David Lozzi]

Yes

--
David Lozzi
Associated Business & Technology Group
www.associatedbtg.com

I should've known that....but I had a brain fart.

 

[Karl Levinson [x y] mvp]

Well, I could certainly be wrong, as I'm not really an IIS expert, but the
fact that it works at low application isolation mode makes me wonder if this
could be a problem with the IWAM account. The password in the IIS metabase
has to match the password in the Windows user account database, for example.
I suppose you could use the ADSUTIL.VBS command to obtain the password for
the IWAM account, and then try logging into Windows as that account name and
password to see what happens. Or, just reset the password using ADSUTIL.
The IWAM account also needs permissions to certain files on the hard drive
as well. If that was the case, enabling file auditing might help you. I
wonder if you might also see something useful by running the free utilities
regmon, file mon and process explorer from www.sysinternals.com while the
error is happening.

http://securityadmin.info/faq.htm#iwam
http://securityadmin.info/faq.htm#auditing

 

[David Lozzi]

Weird, but it works fine now... I think its flakey... I unloaded the app and
today I reloaded and it worked fine.

Thanks for your posts

--
David Lozzi
Associated Business & Technology Group
www.associatedbtg.com

I should've known that....but I had a brain fart.

Well, I could certainly be wrong, as I'm not really an IIS expert, but the
fact that it works at low application isolation mode makes me wonder if this
could be a problem with the IWAM account. The password in the IIS metabase
has to match the password in the Windows user account database, for example.
I suppose you could use the ADSUTIL.VBS command to obtain the password for
the IWAM account, and then try logging into Windows as that account name and
password to see what happens. Or, just reset the password using ADSUTIL.
The IWAM account also needs permissions to certain files on the hard drive
as well. If that was the case, enabling file auditing might help you. I
wonder if you might also see something useful by running the free utilities
regmon, file mon and process explorer from www.sysinternals.com while the
error is happening.

http://securityadmin.info/faq.htm#iwam
http://securityadmin.info/faq.htm#auditing

Session("UID") = 10
Session("Name") = "John Doe"

I have an ASP application loaded on a Win2k SP3 server in Anonymous
Authentication Mode. When I try to access the site, none of the session
variables work. I have to lower the security to Low in Internet Explorer for
the session variables to run. BUT if I run this same script on my local
machine (WinXP Pro sp1) it works fine with whatever security level i have.

Also, i have another ASP application loaded on the same server, but this one
used Windows Authentication Mode. This one has no problems using

sessions,

I
get no restrictions from that at all, the session variables run great!

Neither app is setup as an Application within IIS, they are just sub
folders. I tried creating an Application for the first issue, but no luck
there.

Thanks,

--
David Lozzi
Associated Business & Technology Group
www.associatedbtg.com

I should've known that....but I had a brain fart.