ASP Classic Session Bug, related to Cookie Expiry

[tamer.yousef]

We are working on an old asp project and we noticed that some users get
kicked out of the session right after they log in.

I investigated the issue and I found the cause:
1- The user login successfuly.
2- He gets redirected to the menu screen. that's when I set some
cookies to cookie("cookie name").expires = Now. that when the session
starts to disapear, once the user tries to access other pages (or even
refresh), the ASPSESSIONID cookie disapears.

I did some debugging on the http_cookie collection and looks like the
ASPSESSION disapears once I set the cookie expiration, although I set
the expiration for cookies unrelated to the ASPSESSIONID.

Here is the tricky thing, it works on 90% of the machines, and it
doesn't on other machines, it's also random, so some users who had the
problem, are now able to work on the system and the problem disapeard.

Have you guys ever had this problem, or do you know if it is related to
IE batches or service packs?

 

[Michael Faires-McClellan]

No answers for you, but we have been trying to figure this one out for
several years.

We usually have the user reinstall the browser, and that "fixes" it. But it
might have just gone away. I've been looking for years for anything on this,
so please let me know if you see anything. It has seemed like it was timed
with patches, but I think we just noticed more - like the full moon.

I found a IIS 4/5 issue where it was issuing a new ASPSESSIONID with every
request, but that was only after turning on secured session id's. And it was
fixed in W2K SP3, which we've had for months. And I just worked with someone
experiencing the issue this afternoon.

Didn't get a chance to test this out with her, perhaps you can - deleting
all offline content?