ASP sessions removed unexpectively

[oliflorence]

Hello,
I have a login system using ASP, once the user logs in on the first page I have added Session.Timeout=60; to extend the session to 60 minutes.
When on the site sometimes you could stay 30 mns without activity and you would be fine, sometimes you might stay 2 minutes and the session would be removed and you would be logged out. I have looked for a cause and can't find a reason, I do not have a global.asa file on this site.
Do any one know what could cause a session to be removed, I am on a shared server, could this be caused by another site?
PS: the server isn't restarted when this happens!!
Many thanks
Olivier

 

[TheMenace]

If it's on a shared server then poor coding (or poor components) being used on other sites could cause the automatic timeout. I found that using ASPUpload can cause sessions to abandon unexpectedly from time to time.

I've never used Session.Timeout outside of global.asa. I'm assuming that it still works when you set it per document - but maybe not?

 

[oliflorence]

Hi There,
thank you for the quick reply.
Session.Timeout normally works if set on one document.
When you mention ASP upload do you mean the Dreamwaver extension from DMX zone? I do use it on this site, thus i have been using it for several years and the problem with the sessions is only recent

Thanks

 

[TheMenace]

Session.Timeout normally works if set on one document.

Yeah, I figured it would. Why not just set it in global.asa though as a matter of interest?

When you mention ASP upload do you mean the Dreamwaver extension from DMX zone?

Well I specifically meant AspUpload.com - the Most Advanced NT ASP Upload Component but any ASP components that manipulate files can be precarious where IIS is involved. It's the reason I'm using PHP now. ASP is just utter, utter crap.

 

[davidbehan]

Instead of using sessions to hold the user login status, why not use cookies. They don't put a resource onto the server and they never timeout.

For example, when the user logs in, write to the cookie using:

response.cookies("loggedin") = "y"
response.cookies("userid") = sUserID

The login status will only timeout when the user closes their browser. You can also go more advanced and update the cookie with a timestamp to do the automatic log out. Or if you want the user to stay logged in over multiple sessions, just use:

response.cookies("loggedin").expires = Date() + 30 'for 30 days from now
response.cookies("userid").expires = Date() + 30

You can then check if the user is signed in by putting a file on each page that does the check, e.g.

IF request.cookies("loggedin") <> "y" THEN
    response.redirect("lgoin.asp")
ELSE
    cUserID = request.cookies("userid")
END IF

Sessions are a pain in the arse. At least this way I think you come up with less problems. Hope it helps but any questions, just ask.

Rgds,

Dave

 

[rooneydavid]

I agree with Dave Behan, using sessions in ASP is a pain. Anyway with logins and member systems you are better off using cookies. But you will have to code a cookie test to make sure cookies are enabled. Also make sure you dont have something like:

If Request.Cookies("user") = "" Then
Response.Redirect("login.asp")
End If

in place that could send the browser into a loop if you go with cookies.