johnnyg24 Posted August 19, 2010 Share Posted August 19, 2010 I am experiencing problems with user's sessions timing out too soon. Is there a way to set the session.timeout in Global.asa and will this override any other sessions.timeouts that may be set somewhere else? Thanks Link to comment Share on other sites More sharing options...
shaffiq_fiq88 Posted August 19, 2010 Share Posted August 19, 2010 Try thisIn Global.asa Sub Session_OnStart Session.Timeout = 10 ' Session in minutes. Min is 1 minute and max is 1440 minutes. Default is 10 minutes.End Sub W3Schools Reference Microsoft Reference Link to comment Share on other sites More sharing options...
shaffiq_fiq88 Posted August 19, 2010 Share Posted August 19, 2010 If you want to create a session for an individual page just set the session.timeout in that page. <%@language="vbscript"%><%Option explicit%><%Session.Timeout = 10 ' Or some other value%> Link to comment Share on other sites More sharing options...
johnnyg24 Posted August 19, 2010 Author Share Posted August 19, 2010 Thanks Fiq, so does that mean the setting the session.timeout in the page will override the global.asa session.timeout? Link to comment Share on other sites More sharing options...
shaffiq_fiq88 Posted August 19, 2010 Share Posted August 19, 2010 Welcome :)About the altered session, I'm not really sure but I already test it 10 minutes ago. Here some workflow. If Global.asa is set with Session.Timeout = 20If PageA.asp is set with Session.Timeout = 25If PageB.asp is set with Session.Timeout = 30If PageC.asp is not set.If only PageA.asp executed, the session will be 25 minutes.If only PageB.asp executed, the session will be 30 minutes.If only PageC.asp executed, the session will be 20 minutes.But If PageB is executed first, the session will be 30 minutes.Then you execute PageC.asp, the session will be also 30 minutes.Thus I think that even you change a session at a page, other page that doest't set with session.timeout will follow the session state of the previous page. You can use session.abandon() to restore to the default timeout state before procede to other page. The session.timeout itself is a property. It differ from the response.cookies that had path and domain as it properties. So the session.timeout is a global method. W3Schools Reference Microsoft Reference Link to comment Share on other sites More sharing options...
johnnyg24 Posted August 19, 2010 Author Share Posted August 19, 2010 Thanks Fiq,I think to play it safe, I will only set the timeout once in the global.asa. I currently don't have any need for different session.timeouts.What about setting the timeout in IIS default settings? Will this override the Global.asa or will the Global.asa override the IIS settings? Link to comment Share on other sites More sharing options...
shaffiq_fiq88 Posted August 20, 2010 Share Posted August 20, 2010 Welcome. Good decision. It is better to play it safe because if the session is always altered it will give a problem to the users.OK. Here the situation.The IIS is a platform or a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. In IIS, you can create a lot of domain, mainly in website hosting package industry. The IIS will set the default setting for all domain in the server.If you own a server, you can set all the applicable setting insted using Global.asa.If you use a hosting package, there is no way you can change that setting. So the only way to change those settings by using Global.asa.Some example here. You own server A. You have somesiteA.com, somesiteB.com and somesiteC.com in the server A. You can set the timeout in IIS because you want all domain have the same timeout=30. But somesiteC.com need more timeout where timeout=40 while somesiteA.com and somesiteB.com use the same timeout as set in the IIS which is timeout=30. So you use Global.asa, set the timeout=40 and place it in somesiteC.com So there is nothing override nothing. The flow is simple.If no Global.asa.User start browse (start application) >> Request Procedure occur >> Request IIS >> Registry - Global.asa enable >> Request Global.asa >> No Gobal.asa >> Request IIS >> Send to User.If Global.asa exist.User start browse (start application) >> Request Procedure occur >> Request IIS >> Registry - Global.asa enable >> Request Global.asa >> Send to User.In hosting plan or package, a lot of provider disable the registry of global.asa to avoid network attack such as hacker and virus.Actually, the question that you asked is about server. I'm not standard qualifiable to advice you with this problem. So make sure you ask someone professional about this, after this.About the session.timeout, the session is mainly used in an internal website system or application such as registering a user or logging in a user. It is best to look in from the base of the security purpose.As an example. A visitor fill a registration form. The visitor click the submit button and the information is sent to the script to be added to the database. A form that have a lot of information may need a long period to complete the AddNew procedure depend on the network traffic and the user connection So you already set the timeout in the script where the timeout=10 for idle. So if the procedure of adding to the database is exceed the limit of the timeout, you will get the session expired page. This method is to prevent the network attacker from altering the data that being processed while submitting the data. In other view, the session may be needed to be added in the upload form. Big data to be uploaded need a lot of time. So make sure to set the timeout as needed. If you use the timeout, make sure to set it to the default timeout after every procedure. If your global.asa set timeout=20, the set it back to 20 after completing any procedure that you use timeout.If there is no other session object to be use or you want to ignore others session object, you can use the session.abandon() property that will burn all the session and set any applicable default session to the default state.That all that I have and the best that I can give you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.