Hello everybody,

I'm kind of new to ASP, although I've been a VB programmer for a while now, and there's a little thing that's really bothering me, so maybe someone can help me out:

I have this ASP page, which relies on sessions. When someone clicks on a given link, the page calls itself with a URL parameter to trigger the abandon session. That works great, and the message that the session has been abandonned appears. However, if I then return to the previous page and even click refresh, the session is still alive and well and everything appears to be as before. So what gives, am I missing something?

Thanks in advance,

JMik

By re-requesting the page from the web server, you are beginning a new session.

Josh

Hi,

In addition to session.abandon, I would set the session variable = " "

Good luck!

CG

Try:


session.expires=0


it will never be store in the cache of your browser

is that what you need!!

Hey Guys,

I want to thank everybody for their help, but unfortunately, none of this seems to work:

JoshT:
The whole problem is, it's not starting a new session. The session ID remains the same, despite the fact that the session.abandon was triggered during the last operation.

compuGeek:
I'm not sure how I would go about doing this, since Session = "", Set Session = Nothing and Session.Value = "" all seemed to be invalid operations. What did you mean exactly?

sebs:
"Expires" doesn't seem to be a valid method of the Session object. Could you explain that a little more?

Thanks again guys,

JMik

You can try:




session("NameofSessionVar") = " "

-or-

session("NameofSessionVar") = NULL

-or-

session.contents.remove 'NameofSessionVar' (sans the quotes)

sorry, i meant
response.expires = 0

sorry, it will work!

Hello again everybody,

Sebs, expiring the page didn't seem to have any effect either, which is getting very puzzling.

CompuGEEK, I'm not using session name variables in the way you describe, which leads me to believe that maybe I don't understand this whole session thing at all. This is the way I currently have it set up when a user visits the page:

1) The page checks the current Session ID value and compares it to the value stored within the user's cookie.

2) If there is a match, brings the user to the main page.

3) If not, presents the login page. Once the user logins successfully, the current session's ID is stored in the user's cookie and then goes back to 1.

So, given this system, I don't see why I would need to use session name variables... Unless I'm missing something?

Thanks to everyone for their help,

JMik

JMik,

But how are you initializing your session ID variable? Could you post your code?

Cool

CG

Sure, here it is... I trimmed it a bit (it was quite long), but the principals are intact.




Function ValidLogin

Dim strEmail
Dim strPass

strEmail = Request.Form.Item("Addr")
strPass = Request.Form.Item("Pwrd")

If Trim(strEmail) = "" Or Trim(strPass) = "" Then
ValidLogin = False
Else

OpenDB

If ValidEmail(strEmail) And CorrectPassword(strEmail, strPass) Then
ValidLogin = True
Else
ValidLogin = False
End If

CloseDB

End If

End Function

'----------------------------------------------

Function ValidCookie

If Trim(strUserID) = "" Or Trim(strSessionID) = "" Then
ValidCookie = False
Else

OpenDB

' ValidEmail is a simple function that checks to see if the user id exists in the database. Returns true if it does.
If strSessionID = Session.SessionID And _
ValidEmail(strUserID) = True Then
ValidCookie = True
Else
ValidCookie = False
End if

CloseDB

End if

End Function

'----------------------------------------------

strUserID = Request.Cookies("ThisPage")("UID")
strSessionID = Request.Cookies("ThisPage")("SID")

'----------------------------------------------

If ValidCookie Then

'> Valid Cookie

' Check for url parameters
If Request.Form.Count = 0 And Request.QueryString = "" Then

' No Parameteres, display main page
DisplayMainPage()

Else
'> Parameters were specified

If Request.QueryString <> "" Then

If Instr(1, Request.QueryString, "=") = 0 Then

Select Case LCase(Request.QueryString)
Case "goodbye"
Response.Write("Goodbye!")
Session.Abandon
Case Else
Response.Write("Sorry, this is not a valid request.")
End Select

End If

End If

End If
Else

'> Invalid Cookie

If Request.Form.Count = 0 And Request.QueryString = "" Then

DisplayLoginPage()

Else

If ValidLogin Then

'Set cookie with this session's id and user id

Response.Cookies("ThisPage") = ""
Response.Cookies("ThisPage")("UID") = Request.Form.Item("Addr")
Response.Cookies("ThisPage")("SID") = Session.SessionID

'Reload this page

Response.Redirect("ThisPage.asp")

Else
'Bad name or password

Response.Write("Invalid Login. Your e-mail address or password may be incorrect. Please try again.")

End If

End If

End If




JMik

With Session.Abandon, it's important to remember that your session variables aren't actually destroyed until the every script on the page has been processed. So, you could put Session.Abandon as the very last statement of your code.

Another way is to use a For loop using Session.Contents


<%
For Each x in Session.Contents
Session.Contents.Remove(x)
End If
Next
%>


Anyway, I hope you're able to find a solution.

CG