Home > Archive > ASP > October 2006 > Session Var Issues
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Session Var Issues
|
|
| Agent H 2006-10-30, 6:59 pm |
| Hi all,
Anyone out there using session vars to hold user information when a user
logs in to your Web site, and sometimes having the Session Vars not get
set (especially in IE)?
My situation involves a Web site that uses a Session Var to hold a
UserID and another to hold a UserType and some users are being directed
to our 'timeout' message right away when they log in - it's coded so
users get directed here if the Session Vars are empty, NULL, or "" so
they are not really 'timing out'. The biggest problem is that some
users cannot even get in. I have found that IE's Privacy setting about
'blocking all cookies' will cause this to happen and as long as the
privacy gets set to 'High', you can still block cookies as long as you
enable 'Session Cookies'. I have also found a work around by adding the
Web site to the list of trusted sites in IE. Any other suggestions?
Perhaps there is a coding work-around that I am not aware of.
Any tips would be appreciated. Thanks
Agent H :)
*** Sent via Developersdex http://www.developersdex.com ***
| |
| Bob Barrows [MVP] 2006-10-30, 6:59 pm |
| Agent H wrote:
> Hi all,
>
> Anyone out there using session vars to hold user information when a
> user logs in to your Web site,
Yes
> and sometimes having the Session Vars
> not get set (especially in IE)?
No.
>
> My situation involves a Web site that uses a Session Var to hold a
> UserID and another to hold a UserType and some users are being
> directed to our 'timeout' message right away when they log in - it's
> coded so users get directed here if the Session Vars are empty, NULL,
> or "" so they are not really 'timing out'. The biggest problem is
> that some users cannot even get in. I have found that IE's Privacy
> setting about 'blocking all cookies' will cause this to happen
Of course. Sessions depend on session cookies.
> and as
> long as the privacy gets set to 'High', you can still block cookies
> as long as you enable 'Session Cookies'. I have also found a work
> around by adding the Web site to the list of trusted sites in IE.
> Any other suggestions? Perhaps there is a coding work-around that I
> am not aware of.
No, those are the only solutions if you wish to use the Session object.
Of course, you could roll your own session management system involving a
database, completely avoiding the need for cookies. Just be aware of the
possibility that not all users are benign: for example, a user might try
to hijack another user's "session". Keep that in mind when you design
your security structure.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
| |
| Agent H 2006-10-30, 6:59 pm |
| Hi all,
Thanks for the help, Bob. I was glad to hear that I wasn't completely
crazy in thinking that Cookies were needed. :) Have a great day!
Agent H :)
*** Sent via Developersdex http://www.developersdex.com ***
|
|
|
|
|