Ending Session

Re: Ending Session

In an ASP page call:

Session.Abandon

The cookie is probably not where you thought it was or is hidden from you
since cookies *are* how ASP handles sessions.

Chris.

"Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
news:vp59llkg3e olc1@corp.super news.com...
I am trying to end a session for a site without having to completely close
the browser to end it.

When I access the site and log in it works fine. If I log out and in with a
different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the same first session.

I created a windows app in .NET and added a browser (control from VB6), and
have the same problems if I make multiple instances of the browser control
inside the app, but I CAN have different session inside the .NET windows app
than what I have in the IE browsers. They don't seem to cross.

How is the session being held if it is not in a cookie or in a cached page?
I open a new browser and log in from the beginning, so the session can't be
in the URL, or in a hidden text field??

I think I must be missing something on how the sessions are stored??

Any help would be greatly appreciated, and I apologize if this is an
inappropriate group to post to.

-Darrin

Re: Ending Session

Chris,

Thank you very much for your response.

Unfortunately, it's not my page that I'm accessing. I'm writing an app for a
company that wants to 'scrape' the data off of the page from some other web
site to cut down on their data entry. Everything works fine, but I need to
close the browser (or whatever process holds the browser) to get rid of the
session. If I use IE Tools->Internet Options to delete cookies and temporary
files, or delete them myself the session persists??




"Chris Barber" <chris@blue-canoe.co.uk.NOS PAM> wrote in message
news:OyaPcPllDH A.3320@tk2msftn gp13.phx.gbl...[color=blue]
> In an ASP page call:
>
> Session.Abandon
>
> The cookie is probably not where you thought it was or is hidden from you
> since cookies *are* how ASP handles sessions.
>
> Chris.
>
> "Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
> news:vp59llkg3e olc1@corp.super news.com...
> I am trying to end a session for a site without having to completely close
> the browser to end it.
>
> When I access the site and log in it works fine. If I log out and in with[/color]
a[color=blue]
> different account without closing the browser, I get the first session's
> information. Also, if a open another browser and log in with a different
> account I get the session from the first browser. I've tried deleting all
> cookies and any cached pages, but still get the same first session.
>
> I created a windows app in .NET and added a browser (control from VB6),[/color]
and[color=blue]
> have the same problems if I make multiple instances of the browser control
> inside the app, but I CAN have different session inside the .NET windows[/color]
app[color=blue]
> than what I have in the IE browsers. They don't seem to cross.
>
> How is the session being held if it is not in a cookie or in a cached[/color]
page?[color=blue]
> I open a new browser and log in from the beginning, so the session can't[/color]
be[color=blue]
> in the URL, or in a hidden text field??
>
> I think I must be missing something on how the sessions are stored??
>
> Any help would be greatly appreciated, and I apologize if this is an
> inappropriate group to post to.
>
> -Darrin
>
>
>[/color]

Re: Ending Session

Ahh, you mean you want to end the session for the remote webserver from the
client side?



As far as I know, it's not possible unless you can inform the remote
webserver that you want to end the session.

Chris.

"Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
news:vp5chqtbt4 tg11@corp.super news.com...
Chris,

Thank you very much for your response.

Unfortunately, it's not my page that I'm accessing. I'm writing an app for a
company that wants to 'scrape' the data off of the page from some other web
site to cut down on their data entry. Everything works fine, but I need to
close the browser (or whatever process holds the browser) to get rid of the
session. If I use IE Tools->Internet Options to delete cookies and temporary
files, or delete them myself the session persists??




"Chris Barber" <chris@blue-canoe.co.uk.NOS PAM> wrote in message
news:OyaPcPllDH A.3320@tk2msftn gp13.phx.gbl...[color=blue]
> In an ASP page call:
>
> Session.Abandon
>
> The cookie is probably not where you thought it was or is hidden from you
> since cookies *are* how ASP handles sessions.
>
> Chris.
>
> "Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
> news:vp59llkg3e olc1@corp.super news.com...
> I am trying to end a session for a site without having to completely close
> the browser to end it.
>
> When I access the site and log in it works fine. If I log out and in with[/color]
a[color=blue]
> different account without closing the browser, I get the first session's
> information. Also, if a open another browser and log in with a different
> account I get the session from the first browser. I've tried deleting all
> cookies and any cached pages, but still get the same first session.
>
> I created a windows app in .NET and added a browser (control from VB6),[/color]
and[color=blue]
> have the same problems if I make multiple instances of the browser control
> inside the app, but I CAN have different session inside the .NET windows[/color]
app[color=blue]
> than what I have in the IE browsers. They don't seem to cross.
>
> How is the session being held if it is not in a cookie or in a cached[/color]
page?[color=blue]
> I open a new browser and log in from the beginning, so the session can't[/color]
be[color=blue]
> in the URL, or in a hidden text field??
>
> I think I must be missing something on how the sessions are stored??
>
> Any help would be greatly appreciated, and I apologize if this is an
> inappropriate group to post to.
>
> -Darrin
>
>
>[/color]

Re: Ending Session

That stinks. I still want to think that there must a way since the remote
server really isn't holding any type of static connection with the client. I
can't figure out how it is keeping it's session? It has got to be storing it
somewhere client side.

Thank you again for your response and the link. It looks like it has quite a
bit of info.

I'll see what I can figure out...

-Darrin


"Chris Barber" <chris@blue-canoe.co.uk.NOS PAM> wrote in message
news:e4d3HNmlDH A.3612@TK2MSFTN GP11.phx.gbl...[color=blue]
> Ahh, you mean you want to end the session for the remote webserver from[/color]
the[color=blue]
> client side?
>
> http://www.asp101.com/articles/john/...nd/default.asp
>
> As far as I know, it's not possible unless you can inform the remote
> webserver that you want to end the session.
>
> Chris.
>
> "Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
> news:vp5chqtbt4 tg11@corp.super news.com...
> Chris,
>
> Thank you very much for your response.
>
> Unfortunately, it's not my page that I'm accessing. I'm writing an app for[/color]
a[color=blue]
> company that wants to 'scrape' the data off of the page from some other[/color]
web[color=blue]
> site to cut down on their data entry. Everything works fine, but I need to
> close the browser (or whatever process holds the browser) to get rid of[/color]
the[color=blue]
> session. If I use IE Tools->Internet Options to delete cookies and[/color]
temporary[color=blue]
> files, or delete them myself the session persists??
>
>
>
>
> "Chris Barber" <chris@blue-canoe.co.uk.NOS PAM> wrote in message
> news:OyaPcPllDH A.3320@tk2msftn gp13.phx.gbl...[color=green]
> > In an ASP page call:
> >
> > Session.Abandon
> >
> > The cookie is probably not where you thought it was or is hidden from[/color][/color]
you[color=blue][color=green]
> > since cookies *are* how ASP handles sessions.
> >
> > Chris.
> >
> > "Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
> > news:vp59llkg3e olc1@corp.super news.com...
> > I am trying to end a session for a site without having to completely[/color][/color]
close[color=blue][color=green]
> > the browser to end it.
> >
> > When I access the site and log in it works fine. If I log out and in[/color][/color]
with[color=blue]
> a[color=green]
> > different account without closing the browser, I get the first session's
> > information. Also, if a open another browser and log in with a different
> > account I get the session from the first browser. I've tried deleting[/color][/color]
all[color=blue][color=green]
> > cookies and any cached pages, but still get the same first session.
> >
> > I created a windows app in .NET and added a browser (control from VB6),[/color]
> and[color=green]
> > have the same problems if I make multiple instances of the browser[/color][/color]
control[color=blue][color=green]
> > inside the app, but I CAN have different session inside the .NET windows[/color]
> app[color=green]
> > than what I have in the IE browsers. They don't seem to cross.
> >
> > How is the session being held if it is not in a cookie or in a cached[/color]
> page?[color=green]
> > I open a new browser and log in from the beginning, so the session can't[/color]
> be[color=green]
> > in the URL, or in a hidden text field??
> >
> > I think I must be missing something on how the sessions are stored??
> >
> > Any help would be greatly appreciated, and I apologize if this is an
> > inappropriate group to post to.
> >
> > -Darrin
> >
> >
> >[/color]
>
>
>[/color]

Re: Ending Session

Darrin J Olson wrote:[color=blue]
> That stinks. I still want to think that there must a way since the
> remote server really isn't holding any type of static connection with
> the client. I can't figure out how it is keeping it's session? It has
> got to be storing it somewhere client side.
>[/color]

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his
browser, or navigates to another page, or whatever. It only knows whether or
not it receives http requests containing the appropriate session id or not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Re: Ending Session

This I understand.

Here are the facts, and any help you can give would be greatly appreciated!

1. I am only the client, I do not have access to the server or it's code.
2. I am not sure what the host is using for session management.
3. When I close my browser and open a new one, I am given a new session.
4. When I am authenticated (however it is handled) and go to the login page
and login with a new account without closing my browser, I get data from the
first login.
5. When I open another browser and login with a different account, I get
data from the first login if the first browser is still open.
6. If I delete all the cookies and Temporary Internet Files using
Tools->Internet Options, or manually, I still get data from whatever login I
used initially with any subsequent logins.
7. If I add browser controls into a .NET windows application, any subsequent
logins return data from the initial session login, regardless of wether or
not I remove/close the first browser control that logged in.
8. I CAN login and return data from different sessions between the browsers
using IE and the browser controls in my application, they don't appear to
communicate the session.

I've been doing web development for over 6 years, and am a MCP (ASP.NET C#),
so I have some familiarity, but I don't feel this has anything to do with
ASP necessarily. I thought that maybe IE was caching the pages on the
client, but that should reload if I delete any temp files? I also delete any
cookies and don't see any in the index.dat file? The session always persists
unless I close my browser???

If it was URL rewriting or in a hidden field, it should not go across to a
new browser that was opened, which makes me think either cached pages or a
cookie. I delete the cached pages and the cookies, but the session remains.

Again, any help would be greatly appreciated.

Thanks,
-Darrin




"Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
news:uycLx8mlDH A.1672@TK2MSFTN GP09.phx.gbl...[color=blue]
> Darrin J Olson wrote:[color=green]
> > That stinks. I still want to think that there must a way since the
> > remote server really isn't holding any type of static connection with
> > the client. I can't figure out how it is keeping it's session? It has
> > got to be storing it somewhere client side.
> >[/color]
>
> A session ends when the session timeout period expires, or when
> session.abandon is called. The server does not know when a user closes his
> browser, or navigates to another page, or whatever. It only knows whether[/color]
or[color=blue]
> not it receives http requests containing the appropriate session id or[/color]
not.[color=blue]
>
> HTH,
> Bob Barrows
> --
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so I
> don't check it very often. If you must reply off-line, then remove the
> "NO SPAM"
>
>[/color]

Re: Ending Session

But .. the question was whether or not the session can be reset from the
client side (eg. delete the relevant cookie so that the http headers will
not contains the relevant session id).
I can't find any information about how to do it although I presume it would
only be possible from outside of IE itself [the cookie delete thing] without
setting off lots of security warnings. The basic mechanisms for how sessions
are created, timeout and die are well known and certainly from an ASP point
of view it's easy to achieve.

Chris.


"Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
news:uycLx8mlDH A.1672@TK2MSFTN GP09.phx.gbl...
Darrin J Olson wrote:[color=blue]
> That stinks. I still want to think that there must a way since the
> remote server really isn't holding any type of static connection with
> the client. I can't figure out how it is keeping it's session? It has
> got to be storing it somewhere client side.
>[/color]

A session ends when the session timeout period expires, or when
session.abandon is called. The server does not know when a user closes his
browser, or navigates to another page, or whatever. It only knows whether or
not it receives http requests containing the appropriate session id or not.

HTH,
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Re: Ending Session

It must have something to with ASP, or you wouldn't be posting here - right?
:>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
news:vp5pkqh44e lnaf@corp.super news.com...[color=blue]
> This I understand.
>
> Here are the facts, and any help you can give would be greatly[/color]
appreciated![color=blue]
>
> 1. I am only the client, I do not have access to the server or it's code.
> 2. I am not sure what the host is using for session management.
> 3. When I close my browser and open a new one, I am given a new session.
> 4. When I am authenticated (however it is handled) and go to the login[/color]
page[color=blue]
> and login with a new account without closing my browser, I get data from[/color]
the[color=blue]
> first login.
> 5. When I open another browser and login with a different account, I get
> data from the first login if the first browser is still open.
> 6. If I delete all the cookies and Temporary Internet Files using
> Tools->Internet Options, or manually, I still get data from whatever login[/color]
I[color=blue]
> used initially with any subsequent logins.
> 7. If I add browser controls into a .NET windows application, any[/color]
subsequent[color=blue]
> logins return data from the initial session login, regardless of wether or
> not I remove/close the first browser control that logged in.
> 8. I CAN login and return data from different sessions between the[/color]
browsers[color=blue]
> using IE and the browser controls in my application, they don't appear to
> communicate the session.
>
> I've been doing web development for over 6 years, and am a MCP (ASP.NET[/color]
C#),[color=blue]
> so I have some familiarity, but I don't feel this has anything to do with
> ASP necessarily. I thought that maybe IE was caching the pages on the
> client, but that should reload if I delete any temp files? I also delete[/color]
any[color=blue]
> cookies and don't see any in the index.dat file? The session always[/color]
persists[color=blue]
> unless I close my browser???
>
> If it was URL rewriting or in a hidden field, it should not go across to a
> new browser that was opened, which makes me think either cached pages or a
> cookie. I delete the cached pages and the cookies, but the session[/color]
remains.[color=blue]
>
> Again, any help would be greatly appreciated.
>
> Thanks,
> -Darrin
>
>
>
>
> "Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
> news:uycLx8mlDH A.1672@TK2MSFTN GP09.phx.gbl...[color=green]
> > Darrin J Olson wrote:[color=darkred]
> > > That stinks. I still want to think that there must a way since the
> > > remote server really isn't holding any type of static connection with
> > > the client. I can't figure out how it is keeping it's session? It has
> > > got to be storing it somewhere client side.
> > >[/color]
> >
> > A session ends when the session timeout period expires, or when
> > session.abandon is called. The server does not know when a user closes[/color][/color]
his[color=blue][color=green]
> > browser, or navigates to another page, or whatever. It only knows[/color][/color]
whether[color=blue]
> or[color=green]
> > not it receives http requests containing the appropriate session id or[/color]
> not.[color=green]
> >
> > HTH,
> > Bob Barrows
> > --
> > Microsoft MVP - ASP/ASP.NET
> > Please reply to the newsgroup. This email account is my spam trap so I
> > don't check it very often. If you must reply off-line, then remove the
> > "NO SPAM"
> >
> >[/color]
>
>[/color]

Re: Ending Session

Thanks Bob, that would explain a lot.

As far as the newsgroup, I wasn't sure where to post it since it involved a
few different things, and I may not have had the potential of querying such
intelligent and knowledgeable folks if I used a different one. ;-)

Thanks again to both you and Chris for your help.
-Darrin




"Bob Lehmann" <nospam@dontbot herme.zzz> wrote in message
news:%23e$Xgwnl DHA.976@tk2msft ngp13.phx.gbl.. .[color=blue]
> It must have something to with ASP, or you wouldn't be posting here -[/color]
right?[color=blue]
> :>)
>
> Session cookies are stored in the client memory. AFAIK, they can't be
> altered or deleted from the client - they expire on timeout or when the
> browser closes.
>
> Bob Lehmann
>
> "Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
> news:vp5pkqh44e lnaf@corp.super news.com...[color=green]
> > This I understand.
> >
> > Here are the facts, and any help you can give would be greatly[/color]
> appreciated![color=green]
> >
> > 1. I am only the client, I do not have access to the server or it's[/color][/color]
code.[color=blue][color=green]
> > 2. I am not sure what the host is using for session management.
> > 3. When I close my browser and open a new one, I am given a new session.
> > 4. When I am authenticated (however it is handled) and go to the login[/color]
> page[color=green]
> > and login with a new account without closing my browser, I get data from[/color]
> the[color=green]
> > first login.
> > 5. When I open another browser and login with a different account, I get
> > data from the first login if the first browser is still open.
> > 6. If I delete all the cookies and Temporary Internet Files using
> > Tools->Internet Options, or manually, I still get data from whatever[/color][/color]
login[color=blue]
> I[color=green]
> > used initially with any subsequent logins.
> > 7. If I add browser controls into a .NET windows application, any[/color]
> subsequent[color=green]
> > logins return data from the initial session login, regardless of wether[/color][/color]
or[color=blue][color=green]
> > not I remove/close the first browser control that logged in.
> > 8. I CAN login and return data from different sessions between the[/color]
> browsers[color=green]
> > using IE and the browser controls in my application, they don't appear[/color][/color]
to[color=blue][color=green]
> > communicate the session.
> >
> > I've been doing web development for over 6 years, and am a MCP (ASP.NET[/color]
> C#),[color=green]
> > so I have some familiarity, but I don't feel this has anything to do[/color][/color]
with[color=blue][color=green]
> > ASP necessarily. I thought that maybe IE was caching the pages on the
> > client, but that should reload if I delete any temp files? I also delete[/color]
> any[color=green]
> > cookies and don't see any in the index.dat file? The session always[/color]
> persists[color=green]
> > unless I close my browser???
> >
> > If it was URL rewriting or in a hidden field, it should not go across to[/color][/color]
a[color=blue][color=green]
> > new browser that was opened, which makes me think either cached pages or[/color][/color]
a[color=blue][color=green]
> > cookie. I delete the cached pages and the cookies, but the session[/color]
> remains.[color=green]
> >
> > Again, any help would be greatly appreciated.
> >
> > Thanks,
> > -Darrin
> >
> >
> >
> >
> > "Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
> > news:uycLx8mlDH A.1672@TK2MSFTN GP09.phx.gbl...[color=darkred]
> > > Darrin J Olson wrote:
> > > > That stinks. I still want to think that there must a way since the
> > > > remote server really isn't holding any type of static connection[/color][/color][/color]
with[color=blue][color=green][color=darkred]
> > > > the client. I can't figure out how it is keeping it's session? It[/color][/color][/color]
has[color=blue][color=green][color=darkred]
> > > > got to be storing it somewhere client side.
> > > >
> > >
> > > A session ends when the session timeout period expires, or when
> > > session.abandon is called. The server does not know when a user closes[/color][/color]
> his[color=green][color=darkred]
> > > browser, or navigates to another page, or whatever. It only knows[/color][/color]
> whether[color=green]
> > or[color=darkred]
> > > not it receives http requests containing the appropriate session id or[/color]
> > not.[color=darkred]
> > >
> > > HTH,
> > > Bob Barrows
> > > --
> > > Microsoft MVP - ASP/ASP.NET
> > > Please reply to the newsgroup. This email account is my spam trap so I
> > > don't check it very often. If you must reply off-line, then remove the
> > > "NO SPAM"
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Ending Session

Thanks for the info Bob.

I was beginning to suspect the same although all information I've ever seen
seems to indicate (indirectly) that session persistence was to do with
cookies. However, on thinking about it, I now see that the information I
have read says that 'ASP sessions require that cookies be enabled', *not*
that IE stores the session id *as* a cookie.

So, that would explain the majority of stuff but perhaps not the multiple
browsers getting the same session data scenario which I have no idea why
that could be happening unless both (or more) instances of IE are in fact
instances of a class from an ActiveX EXE (thus all instances could be
getting access to the same common 'session' information dependant on the
settings for the class). NB: MS Word work like this in that Word.exe is in
fact an ActiveXEXE Server.

Chris.

"Bob Lehmann" <nospam@dontbot herme.zzz> wrote in message
news:%23e$Xgwnl DHA.976@tk2msft ngp13.phx.gbl.. .
It must have something to with ASP, or you wouldn't be posting here - right?
:>)

Session cookies are stored in the client memory. AFAIK, they can't be
altered or deleted from the client - they expire on timeout or when the
browser closes.

Bob Lehmann

"Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
news:vp5pkqh44e lnaf@corp.super news.com...[color=blue]
> This I understand.
>
> Here are the facts, and any help you can give would be greatly[/color]
appreciated![color=blue]
>
> 1. I am only the client, I do not have access to the server or it's code.
> 2. I am not sure what the host is using for session management.
> 3. When I close my browser and open a new one, I am given a new session.
> 4. When I am authenticated (however it is handled) and go to the login[/color]
page[color=blue]
> and login with a new account without closing my browser, I get data from[/color]
the[color=blue]
> first login.
> 5. When I open another browser and login with a different account, I get
> data from the first login if the first browser is still open.
> 6. If I delete all the cookies and Temporary Internet Files using
> Tools->Internet Options, or manually, I still get data from whatever login[/color]
I[color=blue]
> used initially with any subsequent logins.
> 7. If I add browser controls into a .NET windows application, any[/color]
subsequent[color=blue]
> logins return data from the initial session login, regardless of wether or
> not I remove/close the first browser control that logged in.
> 8. I CAN login and return data from different sessions between the[/color]
browsers[color=blue]
> using IE and the browser controls in my application, they don't appear to
> communicate the session.
>
> I've been doing web development for over 6 years, and am a MCP (ASP.NET[/color]
C#),[color=blue]
> so I have some familiarity, but I don't feel this has anything to do with
> ASP necessarily. I thought that maybe IE was caching the pages on the
> client, but that should reload if I delete any temp files? I also delete[/color]
any[color=blue]
> cookies and don't see any in the index.dat file? The session always[/color]
persists[color=blue]
> unless I close my browser???
>
> If it was URL rewriting or in a hidden field, it should not go across to a
> new browser that was opened, which makes me think either cached pages or a
> cookie. I delete the cached pages and the cookies, but the session[/color]
remains.[color=blue]
>
> Again, any help would be greatly appreciated.
>
> Thanks,
> -Darrin
>
>
>
>
> "Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
> news:uycLx8mlDH A.1672@TK2MSFTN GP09.phx.gbl...[color=green]
> > Darrin J Olson wrote:[color=darkred]
> > > That stinks. I still want to think that there must a way since the
> > > remote server really isn't holding any type of static connection with
> > > the client. I can't figure out how it is keeping it's session? It has
> > > got to be storing it somewhere client side.
> > >[/color]
> >
> > A session ends when the session timeout period expires, or when
> > session.abandon is called. The server does not know when a user closes[/color][/color]
his[color=blue][color=green]
> > browser, or navigates to another page, or whatever. It only knows[/color][/color]
whether[color=blue]
> or[color=green]
> > not it receives http requests containing the appropriate session id or[/color]
> not.[color=green]
> >
> > HTH,
> > Bob Barrows
> > --
> > Microsoft MVP - ASP/ASP.NET
> > Please reply to the newsgroup. This email account is my spam trap so I
> > don't check it very often. If you must reply off-line, then remove the
> > "NO SPAM"
> >
> >[/color]
>
>[/color]

Re: Ending Session

I'd say that the implementation of the sessions *is* - predominantly for
this discussion - ASP but the surrounding technologies may not be ... I
still reckon ASP was the right choice.

LoL, and I still managed to learn something.

Chris.

"Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
news:vp5s0vli88 hd60@corp.super news.com...
Thanks Bob, that would explain a lot.

As far as the newsgroup, I wasn't sure where to post it since it involved a
few different things, and I may not have had the potential of querying such
intelligent and knowledgeable folks if I used a different one. ;-)

Thanks again to both you and Chris for your help.
-Darrin




"Bob Lehmann" <nospam@dontbot herme.zzz> wrote in message
news:%23e$Xgwnl DHA.976@tk2msft ngp13.phx.gbl.. .[color=blue]
> It must have something to with ASP, or you wouldn't be posting here -[/color]
right?[color=blue]
> :>)
>
> Session cookies are stored in the client memory. AFAIK, they can't be
> altered or deleted from the client - they expire on timeout or when the
> browser closes.
>
> Bob Lehmann
>
> "Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
> news:vp5pkqh44e lnaf@corp.super news.com...[color=green]
> > This I understand.
> >
> > Here are the facts, and any help you can give would be greatly[/color]
> appreciated![color=green]
> >
> > 1. I am only the client, I do not have access to the server or it's[/color][/color]
code.[color=blue][color=green]
> > 2. I am not sure what the host is using for session management.
> > 3. When I close my browser and open a new one, I am given a new session.
> > 4. When I am authenticated (however it is handled) and go to the login[/color]
> page[color=green]
> > and login with a new account without closing my browser, I get data from[/color]
> the[color=green]
> > first login.
> > 5. When I open another browser and login with a different account, I get
> > data from the first login if the first browser is still open.
> > 6. If I delete all the cookies and Temporary Internet Files using
> > Tools->Internet Options, or manually, I still get data from whatever[/color][/color]
login[color=blue]
> I[color=green]
> > used initially with any subsequent logins.
> > 7. If I add browser controls into a .NET windows application, any[/color]
> subsequent[color=green]
> > logins return data from the initial session login, regardless of wether[/color][/color]
or[color=blue][color=green]
> > not I remove/close the first browser control that logged in.
> > 8. I CAN login and return data from different sessions between the[/color]
> browsers[color=green]
> > using IE and the browser controls in my application, they don't appear[/color][/color]
to[color=blue][color=green]
> > communicate the session.
> >
> > I've been doing web development for over 6 years, and am a MCP (ASP.NET[/color]
> C#),[color=green]
> > so I have some familiarity, but I don't feel this has anything to do[/color][/color]
with[color=blue][color=green]
> > ASP necessarily. I thought that maybe IE was caching the pages on the
> > client, but that should reload if I delete any temp files? I also delete[/color]
> any[color=green]
> > cookies and don't see any in the index.dat file? The session always[/color]
> persists[color=green]
> > unless I close my browser???
> >
> > If it was URL rewriting or in a hidden field, it should not go across to[/color][/color]
a[color=blue][color=green]
> > new browser that was opened, which makes me think either cached pages or[/color][/color]
a[color=blue][color=green]
> > cookie. I delete the cached pages and the cookies, but the session[/color]
> remains.[color=green]
> >
> > Again, any help would be greatly appreciated.
> >
> > Thanks,
> > -Darrin
> >
> >
> >
> >
> > "Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
> > news:uycLx8mlDH A.1672@TK2MSFTN GP09.phx.gbl...[color=darkred]
> > > Darrin J Olson wrote:
> > > > That stinks. I still want to think that there must a way since the
> > > > remote server really isn't holding any type of static connection[/color][/color][/color]
with[color=blue][color=green][color=darkred]
> > > > the client. I can't figure out how it is keeping it's session? It[/color][/color][/color]
has[color=blue][color=green][color=darkred]
> > > > got to be storing it somewhere client side.
> > > >
> > >
> > > A session ends when the session timeout period expires, or when
> > > session.abandon is called. The server does not know when a user closes[/color][/color]
> his[color=green][color=darkred]
> > > browser, or navigates to another page, or whatever. It only knows[/color][/color]
> whether[color=green]
> > or[color=darkred]
> > > not it receives http requests containing the appropriate session id or[/color]
> > not.[color=darkred]
> > >
> > > HTH,
> > > Bob Barrows
> > > --
> > > Microsoft MVP - ASP/ASP.NET
> > > Please reply to the newsgroup. This email account is my spam trap so I
> > > don't check it very often. If you must reply off-line, then remove the
> > > "NO SPAM"
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Ending Session

Chris,

I think you are on the right track. That would also explain why when I add
the activeX browser controls to my .NET app it holds a different session and
must use a different cookie in memory than what the browsers out of the OS
do. It must kind of hold a common cookie per process per domain.

Thanks!

-Darrin




"Chris Barber" <chris@blue-canoe.co.uk.NOS PAM> wrote in message
news:OrF%239eol DHA.1960@TK2MSF TNGP12.phx.gbl. ..[color=blue]
> Thanks for the info Bob.
>
> I was beginning to suspect the same although all information I've ever[/color]
seen[color=blue]
> seems to indicate (indirectly) that session persistence was to do with
> cookies. However, on thinking about it, I now see that the information I
> have read says that 'ASP sessions require that cookies be enabled', *not*
> that IE stores the session id *as* a cookie.
>
> So, that would explain the majority of stuff but perhaps not the multiple
> browsers getting the same session data scenario which I have no idea why
> that could be happening unless both (or more) instances of IE are in fact
> instances of a class from an ActiveX EXE (thus all instances could be
> getting access to the same common 'session' information dependant on the
> settings for the class). NB: MS Word work like this in that Word.exe is in
> fact an ActiveXEXE Server.
>
> Chris.
>
> "Bob Lehmann" <nospam@dontbot herme.zzz> wrote in message
> news:%23e$Xgwnl DHA.976@tk2msft ngp13.phx.gbl.. .
> It must have something to with ASP, or you wouldn't be posting here -[/color]
right?[color=blue]
> :>)
>
> Session cookies are stored in the client memory. AFAIK, they can't be
> altered or deleted from the client - they expire on timeout or when the
> browser closes.
>
> Bob Lehmann
>
> "Darrin J Olson" <darrin.j.olson @sio.midco.net> wrote in message
> news:vp5pkqh44e lnaf@corp.super news.com...[color=green]
> > This I understand.
> >
> > Here are the facts, and any help you can give would be greatly[/color]
> appreciated![color=green]
> >
> > 1. I am only the client, I do not have access to the server or it's[/color][/color]
code.[color=blue][color=green]
> > 2. I am not sure what the host is using for session management.
> > 3. When I close my browser and open a new one, I am given a new session.
> > 4. When I am authenticated (however it is handled) and go to the login[/color]
> page[color=green]
> > and login with a new account without closing my browser, I get data from[/color]
> the[color=green]
> > first login.
> > 5. When I open another browser and login with a different account, I get
> > data from the first login if the first browser is still open.
> > 6. If I delete all the cookies and Temporary Internet Files using
> > Tools->Internet Options, or manually, I still get data from whatever[/color][/color]
login[color=blue]
> I[color=green]
> > used initially with any subsequent logins.
> > 7. If I add browser controls into a .NET windows application, any[/color]
> subsequent[color=green]
> > logins return data from the initial session login, regardless of wether[/color][/color]
or[color=blue][color=green]
> > not I remove/close the first browser control that logged in.
> > 8. I CAN login and return data from different sessions between the[/color]
> browsers[color=green]
> > using IE and the browser controls in my application, they don't appear[/color][/color]
to[color=blue][color=green]
> > communicate the session.
> >
> > I've been doing web development for over 6 years, and am a MCP (ASP.NET[/color]
> C#),[color=green]
> > so I have some familiarity, but I don't feel this has anything to do[/color][/color]
with[color=blue][color=green]
> > ASP necessarily. I thought that maybe IE was caching the pages on the
> > client, but that should reload if I delete any temp files? I also delete[/color]
> any[color=green]
> > cookies and don't see any in the index.dat file? The session always[/color]
> persists[color=green]
> > unless I close my browser???
> >
> > If it was URL rewriting or in a hidden field, it should not go across to[/color][/color]
a[color=blue][color=green]
> > new browser that was opened, which makes me think either cached pages or[/color][/color]
a[color=blue][color=green]
> > cookie. I delete the cached pages and the cookies, but the session[/color]
> remains.[color=green]
> >
> > Again, any help would be greatly appreciated.
> >
> > Thanks,
> > -Darrin
> >
> >
> >
> >
> > "Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
> > news:uycLx8mlDH A.1672@TK2MSFTN GP09.phx.gbl...[color=darkred]
> > > Darrin J Olson wrote:
> > > > That stinks. I still want to think that there must a way since the
> > > > remote server really isn't holding any type of static connection[/color][/color][/color]
with[color=blue][color=green][color=darkred]
> > > > the client. I can't figure out how it is keeping it's session? It[/color][/color][/color]
has[color=blue][color=green][color=darkred]
> > > > got to be storing it somewhere client side.
> > > >
> > >
> > > A session ends when the session timeout period expires, or when
> > > session.abandon is called. The server does not know when a user closes[/color][/color]
> his[color=green][color=darkred]
> > > browser, or navigates to another page, or whatever. It only knows[/color][/color]
> whether[color=green]
> > or[color=darkred]
> > > not it receives http requests containing the appropriate session id or[/color]
> > not.[color=darkred]
> > >
> > > HTH,
> > > Bob Barrows
> > > --
> > > Microsoft MVP - ASP/ASP.NET
> > > Please reply to the newsgroup. This email account is my spam trap so I
> > > don't check it very often. If you must reply off-line, then remove the
> > > "NO SPAM"
> > >
> > >[/color]
> >
> >[/color]
>
>
>[/color]

Re: Ending Session

"Chris Barber" <chris@blue-canoe.co.uk.NOS PAM> wrote in message
news:OrF#9eolDH A.1960@TK2MSFTN GP12.phx.gbl...[color=blue]
> have read says that 'ASP sessions require that cookies be enabled',[/color]
*not*[color=blue]
> that IE stores the session id *as* a cookie.[/color]

It is specifically a "Session Cookie", they are special and only exist
in memory (aka Temporary Cookies). They are not the same thing as
other Cookies. It is two different animals.
[color=blue]
> So, that would explain the majority of stuff but perhaps not the[/color]
multiple[color=blue]
> browsers getting the same session data scenario which I have no idea[/color]
why

Multiple Browser *Windows* get the same session, multiple Browser
*instances* do not. Hitting "CTRL-N" pops up a new Window not a new
"Browser". To get a new browse you must re-execute the excutable
(iexplorer.exe) .

--

Phillip Windell [CCNA, MVP, MCP]
pwindell@wandtv .com
WAND-TV (ABC Affiliate)

Re: Ending Session

I've never really tried that hard to find the exact circumstances so thanks
for the info, it's much appreciated.

Chris.

"Phillip Windell" <pwindell{at}wa ndtv*d0t*com> wrote in message
news:%23J6waKzl DHA.2436@TK2MSF TNGP09.phx.gbl. ..
"Chris Barber" <chris@blue-canoe.co.uk.NOS PAM> wrote in message
news:OrF#9eolDH A.1960@TK2MSFTN GP12.phx.gbl...[color=blue]
> have read says that 'ASP sessions require that cookies be enabled',[/color]
*not*[color=blue]
> that IE stores the session id *as* a cookie.[/color]

It is specifically a "Session Cookie", they are special and only exist
in memory (aka Temporary Cookies). They are not the same thing as
other Cookies. It is two different animals.
[color=blue]
> So, that would explain the majority of stuff but perhaps not the[/color]
multiple[color=blue]
> browsers getting the same session data scenario which I have no idea[/color]
why

Multiple Browser *Windows* get the same session, multiple Browser
*instances* do not. Hitting "CTRL-N" pops up a new Window not a new
"Browser". To get a new browse you must re-execute the excutable
(iexplorer.exe) .

--

Phillip Windell [CCNA, MVP, MCP]
pwindell@wandtv .com
WAND-TV (ABC Affiliate)