Different sessions in ASP depending on the use of the 'www'.

L

LegalAlien

Perch
Yash: I've discovered the reason for a problem that I'm having with my shopping cart scripts concerning sessions. I wondered if you could help...

In a nutshell, it seems that different sessions are generated when using my domain name with and without the "www".

For example, say someone went to www.mysite.com and added something to their shopping basket from a featured item on the homepage (which took them to www.mysite.com/cart.asp). If they now went to mysite.com/cart.asp (without the www), a completely different session would be started, and now the shopping basket would appear empty. I originally thought the sessions were dropping, but in fact, there is now two different sessions active.

Is this normal?

I guess you might ask why anyone would do this. Well, I discovered this as I had set the url of all internal links without the www. I now intend to add the www to prevent this happening, but my ASP programmer informs me that this shouldn't happen anyhow. The problem will still occur when, for example, someone clicks through from a search engine listing that has the alternative link, if you get what I'm saying... Hope that makes sense...

Is there a change to the server configuration that can solve this problem?
 
Hmm, I can't think of a way to change that in ASP.
Regular cookies can be shared across subdomains ('Response.Cookies("mycookie").Domain = "mydomain.com"), but if you rely on ASP session management that doesn't do you much good :(

(I'm glad I've always ignored ASP session management and use plain cookies :p)
 
My programmers can't think of a way in ASP to fix it either, which is one of the things that leads him to think there must be a way to fix this at server level. He told me that he's never seen this problem before with the hosts he's used, and neither can he replicate the problem with his own server - the same session stays when he jumps from one to another.

Maybe as an alterntive, there is way to redirect anyone that is trying to open the webpage without the 'www' to put it in?
 
Can't really test that right now, as I don't currently have a IIS development machine available apart from this one and it doesn't support virtual hosting since it's a XP Pro box :)
 
one solution I could come up with is to remove the domain from all links. Only use relative links.

for example a href="cart.asp" instead of a href="http://(www.)mydomain.com/cart.asp"

then the user wont get new sessions when clicking on links.


but you can also, as you requested, place a check on top of the page and redirect if it's without the www part using Request.ServerVariables("HTTP_HOST"):

If LCase(Left(Request.ServerVariables("HTTP_HOST"), 3)) <> "www" Then Response.Redirect("http://www." & Request.ServerVariables("HTTP_HOST"))
 
LegalAlien, I really cannot see any server variable that could cause sessions to be lost like that. I check your domain and both www and without www are resolving correctly to the server and your site. Are you getting a different IP with www?

But if everything you try fails, I can have our ASP developer look into it (with your approval). If he fixes it, it's $50/hour.
 
OK. No - the domain is resolving correctly with and without the www and to the same IP - it is the session variables that are lost when moving from one to the other. As I said before, this is not an ASP problem because the session isn't dropping. It's still there. It's just that a second one is being created. ie - if you go back and put in the www you'll retrieve the old cart.

This is confusing. For example, a session is created when visiting www.mysite.com and the session is still kept even when going to the secure checkout at mysite.hsphere.biz, so WHY if you go to a link that misses out the 'www' (ie mysite.com) whilst browsing, would a new separate session be created in addition to the existing one? It's as if IIS thinks this is a completely different visitor.

Thank you for the offer, but no, I've already paid an ASP programmer to look at this and they told me it's likely to be a server level issue as this doesn't happen on their server or any other server he's worked on with exactly the same scripts. (I can't say I ever noticed this problem at my last host either). I guess it will remain a mystery but no big deal as I've made all the links within the website to be the same, but as I said in my previous post, anyone visiting mysite.com as appose to www.mysite.com will lose any item they put in their basket from the homepage.
 
DirtBag said:
one solution I could come up with is to remove the domain from all links. Only use relative links.

for example a href="cart.asp" instead of a href="http://(www.)mydomain.com/cart.asp"

then the user wont get new sessions when clicking on links.


but you can also, as you requested, place a check on top of the page and redirect if it's without the www part using Request.ServerVariables("HTTP_HOST"):

If LCase(Left(Request.ServerVariables("HTTP_HOST"), 3)) <> "www" Then Response.Redirect("http://www." & Request.ServerVariables("HTTP_HOST"))
Click to expand...

Thanks Dirt - I didn't see your reply - I'll try that!
 
LegalAlien said:
That worked great Dirt. Though I'd still like to know why mysite.com and www.mysite.com is seen as a different website by IIS...
Click to expand...

Thought I'd spread a little more darkness on this issue...
I tested this on one of my sites and got different sessionIds, just like you. But it got even weirder.

When I used www, the sessionId was:
ASP.NET_SessionId=hxavtd55galbbh55fggov0zw

Then I typed in the url without the www I got:
ASP.NET_SessionId=x12kwy45ay0zzbygzq0sag3w

Then I hit the back button and got:
ASP.NET_SessionId=hxavtd55galbbh55fggov0zw;+ASP.NET_SessionId=x12kwy45ay0zzbygzq0sag3w

Seems odd...

riley
 
riley, you are on Win1 which has known session problems. That's why we are planning to downgrade Win1, Win2 and Win4 to Windows 2000
 
Yash said:
riley, you are on Win1 which has known session problems. That's why we are planning to downgrade Win1, Win2 and Win4 to Windows 2000
Click to expand...

Sorry Yash, I forgot about that...

riley
 
LegalAlien said:
Thank you for the offer, but no, I've already paid an ASP programmer to look at this and they told me it's likely to be a server level issue as this doesn't happen on their server or any other server he's worked on with exactly the same scripts.
Click to expand...

I can move your site to high isolation if you want. Apart from that, there is absolutely no variable in IIS that can cause this. It seems highly unlikely to me as well as our windows administrator I talked to

The ASP administrator I knows has some great deal of experience. If your coder can't do it, I can have this guy do it and would only charge you if he finds some coding issue
 
Yash said:
I can move your site to high isolation if you want. Apart from that, there is absolutely no variable in IIS that can cause this. It seems highly unlikely to me as well as our windows administrator I talked to

The ASP administrator I knows has some great deal of experience. If your coder can't do it, I can have this guy do it and would only charge you if he finds some coding issue
Click to expand...

Thanks Yash. I'll probably pass for the moment as the problem has been worked around though I may take you up on it later. Hopefully someone will uncover the problem first?

This is surely not a coding issue though? The reason I'm pretty certain is because of the following:

I have just used the sessiontest.asp script that you recently supplied me. If you launch www.mysite.com/sessiontest.asp you start one session. Now take out the www. on the same screen. Another session is started. Put it back in - you retrieve the old session.

Am I missing something?
 
Ticket 9711. Thanks Yash. Don't spend too long on this just for me since I have found a work around, but if this does turn out to be a server problem, then it will probably help others out? I'm on win5 if anyone else who is on win5 wants to test this out..

Let me know either way what you do or don't find out! Thanks Yash - appreciated!
 
I think this has already been stated, but ASP starts a new session with the variance of subdomain, I know this might have already been stated, I just wanted to make clear it was not a server issue, but a language issue. I typically recommend cookies for this as they are more reliable, and will even last through numerous visits.

edit: I do agree with using relative links, so it works regardless of how they get there as well.
 
Stephen said:
I think this has already been stated, but ASP starts a new session with the variance of subdomain, I know this might have already been stated, I just wanted to make clear it was not a server issue, but a language issue. I typically recommend cookies for this as they are more reliable, and will even last through numerous visits.

edit: I do agree with using relative links, so it works regardless of how they get there as well.
Click to expand...

OK - but how come a new session isn't started when moving to the shared ssl secure alias. Maybe I just answered my own question there - because it's an alias. If so, is it possible for the server to treat a variance of subdomain as an alias?
 
riley said:
Then I hit the back button and got:
ASP.NET_SessionId=hxavtd55galbbh55fggov0zw;+ASP.NET_SessionId=x12kwy45ay0zzbygzq0sag3w
Click to expand...

I think that's because yoursite.com makes a cookie with domain set to yoursite.com, which is thus also visible from www.yoursite.com. That's not the case the other way around though.

This and the ASP session problem are unrelated though, ASP.net sessions are fairly different.
 
To be honest, I have never tried aliasing a sub domain, I don't really see how it would work properly, but it might be worth a shot.
 
You must log in or register to reply here.
Back
Top