|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
April 15th, 2003, 06:10 AM
|
|||
|
|||
ASP Session probs with IIS5
Hi
I've been trying to discover different ways of simulating the APS Session Object. Some users of site's I've made can't shop online due mainly to the fact that don't want to enable Cookies or their firewall is blocking Session Cookies. Does anyone have a robust solution other than using a database and passing a user Id around every page???? or of course migrating to ASPX... I did find Mircosft's 'Cookie Munger' which came with IIS 4 Resouce Kit. It was installed on IIS5 yesterday and strange things have now started happening. Does anyone have any documentation on this ISAPI Filter. the first error messages on all .asp pages were "Requested Resources is in use"???? Checking the Cache ISAPI Filters option in IIS configuration sorted this but now when I try to log in to one of my sites which uses the Session Object and I have All cookies blocked etc in my browser. I get the following: Object Moved This object may be found here. HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Tue, 15 Apr 2003 10:35:28 GMT Content-Type: text/html Expires: Tue, 15 Apr 2003 10:34:28 GMT Set-Cookie: ASPSESSIONIDSCDCSDRB=KMICKDMAANPJKFHMLGFDGPCB; path=/ Cache-control: private Cookie Munger is meant? to simulate giving the client a Session ID when they have Cookies disbaled? Has anyone experienced similar problems? I've trawled the web high and low for any discussions on Simulating Sessions but haven't found anything. Any ideas/help would be greatly received. Thanks
|
|
#2
April 15th, 2003, 02:09 PM
|
|||
|
|||
|
Well if you can't use cookies and you can't use sessions then you have to pass the userID around in the URL. I guess you could generate a case sensitive random number and letter string of say 50 characters store it in your database as a temp userID everytime a user logs in then pass that around in the url. Then use that ID to pull up any information on the user, this would keep the real userId from ever being shown or would lower the odds of anyone ever guessing a valid ID very low. Also you may want to have a field that stores the date that way a temp id can only be valid for 1 day, if someone tries to browse with that ID after the date they will be forced to login in again.
Does that make any sense at all?
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ASP Programming > ASP Session probs with IIS5 |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
