Web Development

General discussion


Loss of session ID

By kjell-morten ·
I have a problem with a session ID on a restricted area on our
website. The area is secured by a simple login-function using
sessions. Everything is working perfect most of the time, but
from time to time the user is "thrown out" and asked to log in
again. There is no apparent pattern of when this happens - it's
different pages and situations every time.

Today I watched the session cookie in my browser for this site
while I was clicking around the website. When the error suddenly
occurred, I noticed that a new session cookie was created. The
old was still remaining in the browser. So it seems that the
server suddenly looses the session ID and makes a new one, for
some reason.

The site is running on Microsoft-IIS/5.0 on Windows 2000, and
the login-function is coded in ASP/VBScript. We have tested the
site, and experienced the problem, in both IE6 on Windows XP
and Safari on Mac OS X.

Have anybody experienced something similar? Thank you in
advance for any suggestions on what to do...

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

the server doesnt loose the session

by Brent_D In reply to Loss of session ID

with IIS 5.0 and ASP the session information is stored on the client's machine with a session cookie

Collapse -

Yes, and suddenly it creates a new session cookie for no reason

by kjell-morten In reply to the server doesnt loose t ...

Thank you for your reply, but I know how the sessions is stored
on IIS 5.0 and ASP, and that's why I don't understand why it
suddenly creates a new session cookie. When I have tested this,
the server creates a session cookie and acts just as normal, but
all of a sudden it doesnt' recognize this cookie any longer and
creates a new one, which leads to my user beeing logged out of
the "intranet".

Do you know why it might do this, and how I can get around the

Collapse -


by Ed Woychowsky In reply to Yes, and suddenly it crea ...

Is there any possibility of a Session.timeout being leftover from either development or testing? I?ve experienced a similar problem with that being the culprit. It doesn?t have to be in that particular page, the user only needs to encounter it once in their wanderings to have the new value become the default.

Collapse -

Unfortunately not... :)

by kjell-morten In reply to Session.timeout

Thank you for a good suggestion, but a search through all the
pages in the application found no Session.timout anywhere. So
this is apperently not the reason either...

More ideas? :)

Collapse -

ASP Session Timeout

by aamyot In reply to Unfortunately not... :)

This is too obvious but did you check your session time-out value in the app configuration section of IIS?

Collapse -

Multi-Domain App?

by stuart_zechman In reply to Unfortunately not... :)

Perhaps a silly question, but do you have more than one Session/Cookie happening from your web app navigating to pages on multiple IIS servers?

Collapse -

Relative vs. Absolute Path

by Bucky Kaufman (MCSD) In reply to Multi-Domain App?

It may be that you are switching between a relative and an absolute path (implicitly or explicitly) in the code that reads/writes the cookie.

For example... the cookie for "../DirA" might not be the same as the one for "/DirA".

I have this kind of thing crop up in a variety of different languages and platforms. I get around it by using complete references to cookies - identifying the domain AND path.

Collapse -

Server names too

by RMcVay In reply to Relative vs. Absolute Pat ...

Another variation on that theme is an inconsistent use of host names. A reference to http://myserver/myapp/ will result in a different cookie than http://myserver.myco.com/myapp.

Collapse -

Can you isolate when it looses the cookie

by robsutherland In reply to Unfortunately not... :)

Is it a regular pattern that the cookie is replaced? On a certain page? after visiting a certain number of pages? or a particular time interval?

I know that is not a solution, but trying to help narrow down the problem.

Collapse -

Not in the pages

by RMcVay In reply to Unfortunately not... :)

You won't find it in the web pages, you'll find it in the admin console for the server. There is a tab for your web app that defines whether or sessions should be used and what the timeout of the sessions should be.

Related Discussions

Related Forums