Serious Problem - Lost Session Variables

[frank]

Please help.....!

I have built a site that works/worked absolutely fine on my test server.
When I transferred it to a remote web host (the intended permanent home of
the site) something very worrying keeps happening to my site.

I use, as is the norm, session variables to store login information. At the
top of each page I do a check that Session("isLoggedIn") = "True", and if
not then the system logs them back out.

The serious problem is that once you have logged into the site, the next
page you try to open it fails the above check and logs you out! Obviously
Session("isLoggedIn") is not equal to "True" so it assumes you aren't logged
in. So basically the session variables are getting lost/cleared.

This makes my site unusable, and is a disaster for it unless I can get a
solution.

Any ideas? Any help will be very, very appreciated.

 

[Aaron Bertrand - MVP]

The serious problem is that once you have logged into the site, the next

page you try to open it fails the above check and logs you out! Obviously
Session("isLoggedIn") is not equal to "True" so it assumes you aren't logged
in. So basically the session variables are getting lost/cleared.

www.aspfaq.com/2157

(microsoft.public.inetserver.asp.db removed from x-post list)

 

[joe]

welcome to the wonderful world of sessions thanks to IE and various security
features

 

[Aaron Bertrand - MVP]

remote host (DiscountASP.NET). It's the same code that has been copied

over - it also works when viewed on some client browsers, but not others.

I don't think this has anything to do with code, for what it's worth.

 

[frank]

welcome to the wonderful world of sessions thanks to IE and various security
features

Is this a known problem that is sometimes unfixable?

 

[frank]

others.

I don't think this has anything to do with code, for what it's worth.

Any idea why it works fine when running on one test server, but not when
running on one of the most popular ASP hosts?

Should I forget about using session variables? What is the alternative for
security issues such as logging users in?

 

[Aaron Bertrand - MVP]

Any idea why it works fine when running on one test server, but not when

running on one of the most popular ASP hosts?

Which of the items in that last have you eliminated?

 

[frank]

Which of the items in that last have you eliminated?

I knew it was only affecting some browsers on some machines (very
inconsistent), but the last half-hour has really confused me.

I was composing an email to DiscountASP.NET and when I just started it I
went into my application and the session variable(s) were lost, as expected.
Half-way through the email I went back into the site and it worked fine
(each page opened fine). I've just now went back into the site and it's no
longer working. Exact same webserver, url, code & client browser. I even
logged into the site with the same test user.

With regards the list of problems;

Due to the fact it sometimes works I've eliminated 1, 2, 3 & 4.

I can probably eliminate 5 & 8 as the application works fine on my test
server.

6 & 7 I couldn't guarantee as I'm not hosting the server but I'd imagine a
respected host such as DiscountASP.NET would make sure these things work.

 

[Dave Anderson]

Is this a known problem that is sometimes unfixable?

Yes. If your site requires Internet Explorer, then it may be unfixable. Do
you experience the same problems with Gecko-based browsers?


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Dave Anderson]

I was composing an email to DiscountASP.NET and when I just started it I
went into my application and the session variable(s) were lost, as expected.
Half-way through the email I went back into the site and it worked fine
(each page opened fine). I've just now went back into the site and it's no
longer working. Exact same webserver, url, code & client browser. I even
logged into the site with the same test user.

Any chance DiscountASP.NET uses server farms?


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[frank]

Yes. If your site requires Internet Explorer, then it may be unfixable.

I don't think it *requires* IE, but obviously since most web users use it I
need it to work with IE. If it's a known issue with IE, WTF are Microsoft
doing releasing a web browser that doesn't always fully support another of
it's own technologies?

Do
you experience the same problems with Gecko-based browsers?

I'll look into it.....

BTW I'm using IE 6 at home and at work, yet the site *always* works fine
when I run it from my desk at work, yet it didn't work from home last night.

 

[frank]

Any chance DiscountASP.NET uses server farms?

Hmmm... good point - I'll ask them about that.

 

[frank]

In frank <[email protected]> typed:
: ::: The serious problem is that once you have logged into the site, the
::: next page you try to open it fails the above check and logs you
::: out! Obviously Session("isLoggedIn") is not equal to "True" so it
::: assumes you aren't logged in. So basically the session variables
::: are getting lost/cleared.
::
:: www.aspfaq.com/2157
:
: That page has a few interesting suggestions, but the weird thing for
: me is that I *never* had this problem when it ran on my test
: server... only my new remote host (DiscountASP.NET). It's the same
: code that has been copied
: over - it also works when viewed on some client browsers, but not
: others.
:
: It's a nightmare.....

I had a problem with IE6 when I didn't have a P3P policy setup in the
headers.

Add Header:
Header Name: P3P
Header Content: CP='NOI DSP COR NID CUR PSDa OUR NOR STA'

Its a short generic Compact Policy

For a little more info:
http://chxo.com/be2/news/document-p3p_header_a_2590.html

I assume I have to go the full hog and create a compact P3P policy for my
site (Xml documents etc.)?

What is the best method of doing this?