ASP Sessions

[strycat]

Hello,

I've got two different sets of ASP scripts on my server. Each set is
kept in their own directory. Both sets of scripts use sessions. I
want to make sure that the sessions are not accidentially shared
between the two sets as they are both different applications.

Right now I'm having a problem when I do a Session.Abandon from one set
of scripts it also kills the session for the other set of scripts (I
believe they are both using the exact same session). Is there some way
I can make sure this doesn't happen?

Thanks,

-Tom

 

[Evertjan.]

wrote on 16 feb 2005 in microsoft.public.inetserver.asp.general:

I've got two different sets of ASP scripts on my server. Each set is
kept in their own directory. Both sets of scripts use sessions. I
want to make sure that the sessions are not accidentially shared
between the two sets as they are both different applications.

I don't know about what you call an application, but you certainly have a
single session, so the session variables are shared.

Right now I'm having a problem when I do a Session.Abandon from one set
of scripts it also kills the session for the other set of scripts

No, you have only one session, it shows.

(I believe they are both using the exact same session).

Why would they use different sessions?

As long as they are in the same domain, they share the same session-id
cookie.

Is there some way I can make sure this doesn't happen?

There is no reason why a session would be different in different
directories of the same domain. Browsers will only return a different
session-id, if the domain is different.

So use different domains.

 

[Tom Cat]

wrote on 16 feb 2005 in microsoft.public.inetserver.asp.general:

I don't know about what you call an application, but you certainly have a
single session, so the session variables are shared.

Each set of scripts is a different application.

Why would they use different sessions?

Because they are different applications.

There is no reason why a session would be different in different
directories of the same domain. Browsers will only return a different

session-id, if the domain is different.

So use different domains.

This isn't an option. Are there any other workarounds for this
behavior?

 

[Evertjan.]

Tom Cat wrote on 16 feb 2005 in microsoft.public.inetserver.asp.general:

Each set of scripts is a different application.

Application is only a word, unless you explain that in asp terms.

Perhaps you think of visual basic applications,
but that does not mean a thing under asp, not even under asp/vbscript.

Because they are different applications.

No, as I showed you, sessions are only devided
by different asp-servers or different domains.

This isn't an option. Are there any other workarounds for this
behavior?

Sure: you start with the wrong idea's.

Programming is all about having it your way by making smart code,
not by wanting the engine to have different behavour than you wished for.

So you could rename all session variables from application 1
by appending -A1 to the name and the other by appending -A2.

There are however miriads of other possiblilities.

 

[Dave Anderson]

I've got two different sets of ASP scripts on my server. Each set is
kept in their own directory. Both sets of scripts use sessions. I
want to make sure that the sessions are not accidentially shared
between the two sets as they are both different applications.

Not sure I understand this one. If you are concerned about one application
stepping on another's variables you can resort to meaningful naming.
Otherwise, what exactly is the point?

Right now I'm having a problem when I do a Session.Abandon from one
set of scripts it also kills the session for the other set of scripts
(I believe they are both using the exact same session). Is there
some way I can make sure this doesn't happen?

Build your own session architecture with a DB backend, perhaps? We actually
do this in order to BROADEN our session scope (span servers), but I suppose
it could be used to NARROW that scope.


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Mark Schupp]

In IIS administrator right-click on each directory and select properties.
On the "directory" tab click on the "Create" button this will make that
directory a separate "application" for IIS and ASP will create a separate
session for that directory.

The icon in IIS administrator should change from a folder to a box with an
activeX ball in it.

 

[io]

G'day Tom,

There is only one scenario I can think of that may lead to such problem -
it's when your browser spawns a new window (i.e. window.open(...)) that
loads/opens new "application" page(s). In this case both browser windows
will share same process including in-memory session cookie. If you start
your browser as a separate process and navigate to the other application you
shouldn't have this problem.

Cheers

 

[Evertjan.]

io wrote on 17 feb 2005 in microsoft.public.inetserver.asp.general:

There is only one scenario I can think of that may lead to such
problem - it's when your browser spawns a new window (i.e.
window.open(...)) that loads/opens new "application" page(s). In this
case both browser windows will share same process including in-memory
session cookie. If you start your browser as a separate process and
navigate to the other application you shouldn't have this problem.

But what if you <a href=.. link to the other "application"?

That will give you the same session too.

 

[Mark Schupp]

Lets clear this up with a little experimentation. Take 2 asp files:

c:\temp\app1\app1.asp
--------------------------------
<%@ LANGUAGE="VBSCRIPT"%>

<html>
<body>
This is app1<br>
Session ID=<%=session.SessionID%><br>
Setting Application("appvar") to "app1"<br>
Setting Session("sesvar") to "app1"<br>
<%
Application("appvar")="app1"
Session("sesvar")="app1"
%>
<a href="/app2/app2.asp">Jump to app2</a>
</body>
</html>
---------------------------

c:\temp\app2\app2.asp
----------------------------------------
<%@ LANGUAGE="VBSCRIPT"%>

<html>
<body>
This is app2<br>
Session ID=<%=session.SessionID%><br>
Application("appvar")="<%=Application("appvar")%>"<br>
Session("sesvar")="<%=Session("sesvar")%>"<br>
</body>
</html>
----------------------

Now create 2 virtual directories under the default web site in IIS
administrator. Make sure that they are set up as "applications" (should have
an activeX ball in a box icon instead of a folder icon).

app1 - pointed at c:\temp\app1\
app2 - pointed at c:\temp\app2\

Launch IE and enter http://localhost/app1/app1.asp. The result is:
-------------------------
This is app1
Session ID=642399021
Setting Application("appvar") to "app1"
Setting Session("sesvar") to "app1"
Jump to app2
--------------------

click on the "jump to app2" link. the result is:
----------------------------------------------
This is app2
Session ID=642399022
Application("appvar")=""
Session("sesvar")=""
------------------------------------

Note that the session id is different and the application and session
variables are not shared.

The key point is that the application directories must be created as virtual
directories in IIS and as applications. If the virtual directories are not
set to be applications then they will share a session.

Go into IIS properties for each of the above directories and click the
"remove" button and re-try the pages.

from app1
----------------------------
This is app1
Session ID=643781585
Setting Application("appvar") to "app1"
Setting Session("sesvar") to "app1"
Jump to app2