asp session

B

berg

Guppy
i have put the code
Sub Session_OnStart
Session.Timeout = 3000
End Sub

at global.asa but my sessions still expire under 2 minutes.
is there anyone experiencing this problem?

thanks
 
ive found that the onstart isn't very reliable

i use

if ISEmpty(session("Start")) = True then

Session.Timeout = 3000
session("Start") = "3000"
END IF

have a go with that. or you could use a cookie to check if its been acessed already
 
AaronHoc said:
ive found that the onstart isn't very reliable

i use

if ISEmpty(session("Start")) = True then

Session.Timeout = 3000
session("Start") = "3000"
END IF

have a go with that. or you could use a cookie to check if its been acessed already
Click to expand...

in this case a session will never end . and i will lost my other session variables. Am i wrong?

thanks
 
Sessions should expire after 3000 minutes with that code..

PS: If condition = True Then looks kinda silly :) Just If condition Then suffices.
 
berg said:
i have put the code
Sub Session_OnStart
Session.Timeout = 3000
End Sub

at global.asa but my sessions still expire under 2 minutes.
is there anyone experiencing this problem?

thanks
Click to expand...


Hello, Im having that problem too, is it something with jodohost servers or what?
 
OK, so I've been posting oodles of trouble tickets for this issue for each and every of the dozens of sites I've developed which use session variables for user authentication. I'm sure that the staff is getting tired of this and I know that my customers are as well.

In the FAQ, it's recommended that we use database user authentication. Now, I thought that that was what I was doing by setting my session variable to a retrieved value from the users database, but apparently not.

If anyone can point me to or post some code examples on how to do this I'd appreciate it. I suppose that if worse comes to worse, I could just place a cookie for this. For reference, I've posted a snippet of the standard DW8.0 code I'm using for this below:

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="denied.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
Session.Timeout=60
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
 
Hi Yash

Support has been great on these issues. I'd just like to code things in a way that will be able to make their intercession unecessary, hence, my request for some coder wiser than myself to make some suggestions on the most elegant/simple/secure method.
 
hafa said:
Hi Yash

Support has been great on these issues. I'd just like to code things in a way that will be able to make their intercession unecessary, hence, my request for some coder wiser than myself to make some suggestions on the most elegant/simple/secure method.
Click to expand...
I think what Yash means in a DB solution, is validating the user, then entering his details into a temporary "allowed user" table in the DB, possibly by checking the IP, and re-validating on each page that is secure. on logout - remove the user from the table.
 
Thanks, Snooper

The only problem with validation by ip is that many of these applications are being used by offices on networks that use a single router for internet access, hence an entire group with a single ip.

Due to this issue, the solution really must be machine-specific, therefore, I'm thinking that a cookie with a timeout might be a good option. What do you think of using cookies for this?
 
You must log in or register to reply here.
Back
Top