ASP Session probs with IIS5

Dev Shed Forums Sponsor:

April 15th, 2003, 06:10 AM

sijobi1

-doh!-

Join Date: Apr 2003

Posts: 1

Time spent in forums: < 1 sec
Reputation Power: 0

ASP Session probs with IIS5

Hi

I've been trying to discover different ways of simulating the APS Session Object. Some users of site's I've made can't shop online due mainly to the fact that don't want to enable Cookies or their firewall is blocking Session Cookies.

Does anyone have a robust solution other than using a database and passing a user Id around every page???? or of course migrating to ASPX...

I did find Mircosft's 'Cookie Munger' which came with IIS 4 Resouce Kit. It was installed on IIS5 yesterday and strange things have now started happening. Does anyone have any documentation on this ISAPI Filter. the first error messages on all .asp pages were "Requested Resources is in use"???? Checking the Cache ISAPI Filters option in IIS configuration sorted this but now when I try to log in to one of my sites which uses the Session Object and I have All cookies blocked etc in my browser. I get the following:

Object Moved
This object may be found here. HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Tue, 15 Apr 2003 10:35:28 GMT Content-Type: text/html Expires: Tue, 15 Apr 2003 10:34:28 GMT Set-Cookie: ASPSESSIONIDSCDCSDRB=KMICKDMAANPJKFHMLGFDGPCB; path=/ Cache-control: private

Cookie Munger is meant? to simulate giving the client a Session ID when they have Cookies disbaled? Has anyone experienced similar problems?

I've trawled the web high and low for any discussions on Simulating Sessions but haven't found anything.

Any ideas/help would be greatly received.
Thanks

April 15th, 2003, 02:09 PM

defjamninja

Overly white

Join Date: Mar 2003

Location: Fresno, CA

Posts: 83

Time spent in forums: < 1 sec
Reputation Power: 11

Well if you can't use cookies and you can't use sessions then you have to pass the userID around in the URL. I guess you could generate a case sensitive random number and letter string of say 50 characters store it in your database as a temp userID everytime a user logs in then pass that around in the url. Then use that ID to pull up any information on the user, this would keep the real userId from ever being shown or would lower the odds of anyone ever guessing a valid ID very low. Also you may want to have a field that stores the date that way a temp id can only be valid for 1 day, if someone tries to browse with that ID after the date they will be forced to login in again.

Does that make any sense at all?

Viewing: Dev Shed Forums > Programming Languages - More > ASP Programming > ASP Session probs with IIS5

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump