Jump to content

Session Questions

kwilliams

By kwilliams
in .NET

 Share

Recommended Posts

kwilliams Member

kwilliams

Posted
Posted

I have 2 questions:1) I've read that the ASP.NET SessionID is 120-bit, and I know that our old ASP SessionID's were about 24 characters long. So can the new ASP.NET SessionID's be up to 120 characters long?2) I'm still having a problem with a new ASP.NET site that I'm developing with the use of Session variables. I set the main "Session.Timeout = 20" and the "SessionID" on the login page's bacground script page, but the user's session is timing out even though there is activity across related pages on one site. All of the pages are located across different directories within one site on one server. But all of the site's pages are accessed through one central page dynamically through server-side includes. Does anyone know why this is happening? Could it be because the site's dynamic? And if so, how can I get this to work with a dynamic site?Thanks for any help.

Link to comment
Share on other sites
pulpfiction Dedicated Member

pulpfiction

Posted
Posted

Try setting the session timeout value in the web.config file<sessionState mode=""stateConnectionString="tcpip="sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"cookieless="false" timeout="20" />This will apply to the complete application.

Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

I have run in this problem time and time again and I must say I have never found a sure-fire solution. Make sure you are not setting the timeout on multiple pages. In some cases the new tiomeout setting ends the current session.

Link to comment
Share on other sites
kwilliams Member

kwilliams

Posted
  • Author
Posted
Try setting the session timeout value in the web.config file<sessionStatemode=""stateConnectionString="tcpip="sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"cookieless="false"timeout="20"/>
I'll give this a try. That's just too bad that it doesn't work as it should.
I have run in this problem time and time again and I must say I have never found a sure-fire solution.Make sure you are not setting the timeout on multiple pages. In some cases the new tiomeout setting ends the current session.
Yeah, I think it's strange also. I never had this problem with ASP applications. I made sure that there are no other Session.Timeout's throughout the site besides the main one, but it's still acting strangly. I'll give pulpfiction's option a try, and I'll let you know if it works for me. Thanks for the replies.
Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted
I'll give this a try. That's just too bad that it doesn't work as it should.Yeah, I think it's strange also. I never had this problem with ASP applications. I made sure that there are no other Session.Timeout's throughout the site besides the main one, but it's still acting strangly. I'll give pulpfiction's option a try, and I'll let you know if it works for me. Thanks for the replies.

Lucky you :) I have ahd it happen also with ASP. PHP is the only language I have not run into this.BTW, What were you using Sessions for? If it is for login you could try FormsAuthentication. It is more secure and it doesn't expire unless you tell it too :)
Link to comment
Share on other sites
kwilliams Member

kwilliams

Posted
  • Author
Posted
...BTW, What were you using Sessions for? If it is for login you could try FormsAuthentication. It is more secure and it doesn't expire unless you tell it too
I'm using Sessions throughout the site to store the user's SessionID, AccountID, and GroupID. We use all of these sessions to give users specific rights to sections of the site, and to set the proper navigation. We also insert the SessionID into a DB table to authentification of an external application, so we couldn't use the "FormsAuthentication" option that you mentioned for that. But I'll definitely look into it in the future for internal form authentification. I did try the suggested change to the web.config file like this:<configuration> <system.web> <customErrors mode="Off" /> <sessionState timeout="20" /> </system.web></configuration>...but I received the following error message:Server Error in '/' Application.Runtime ErrorDescription: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<!-- Web.Config Configuration File --><configuration> <system.web> <customErrors mode="Off"/> </system.web></configuration>Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<!-- Web.Config Configuration File --><configuration> <system.web> <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/> </system.web></configuration>I'm new to using the web.config file, so do you know what I should do next? I appreciate your help:)
Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

If you are storing AccountID, etc they must have to login right? Then you can use FormsAuthentication. You can store custom user data along with the authentication cookie.If you are interested I can point you in the right direction.

Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

this is a good place to starthttp://aspnet.4guysfromrolla.com/articles/072005-1.aspxI have just finished setting up a site with a similar need as you have. I needed to have the user login plus save some custom user data at login that determined what user level they were (regular user, editor, admin, owner, etc.)So if you need some guidence I can help you out.

Link to comment
Share on other sites
  • 2 weeks later...
kwilliams Member

kwilliams

Posted
  • Author
Posted

Hi aspnetguy,I had a chance to look at FormsAuthentication, and it looks like it will be a good solution for future projects. But unfortunately I have a deadline for this project of next Friday, and I'm still running into the same problems with sessions. So I thought that I'd try again...Basically, the session variables are timing out before the session.timeout and session.sessionid methods have timed out. So this is the scenario:On initial login:Session("Group") = "A"Session.Timeout = 20Session.SessionID = a bunch of codeAfter 20 minutes of activity:Session("Group") = ""Session.Timeout = 20Session.SessionID = a bunch of codeThe session.timeout and session.sessionid variables are staying active properly, but the session("Group") variable is timing out on it's own even though the page is being refreshed by the user (me).I also tried changing the web.config file itself to set the sessionState, like this:<configuration> <appSettings> </appSettings> <system.web> <customErrors mode="Off" /> <SessionState timeout="20" /> </system.web></configuration>...but I received this error message: Runtime ErrorDescription: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<!-- Web.Config Configuration File --><configuration> <system.web> <customErrors mode="Off"/> </system.web></configuration>Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<!-- Web.Config Configuration File --><configuration> <system.web> <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/> </system.web></configuration>...but I already have the "customErrors" set to "Off", so I'm not sure why I'm getting this error message.Has anyone run into these issues, and if so, is there a solution for it? My operating system is Windows XP, and my test server is running IIS6 if that makes any difference. Thanks for any help.

Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

I was never able to solve the mysterious timeingout but if when you set the sessions you also set some cookies with the same user info and same expiration time then if the session fails you can recover the values from the cookie.You may be thinking then why use sessions at all? Well if cookies are disabled those users will fall prey to the untimely timeout but all other users allowing cookies will function within the proper time period.Does that make sense?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...