Re: Detecting loss of session

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Kevin Spencer (kspencer_at_takempis.com)
Date: 08/25/04 

Date: Wed, 25 Aug 2004 09:52:10 -0400

> If the the browser is closed then the cookie in gone and the session
> should rightly be ended and a new one started when the user next sends
> a request. From what I've read on session cookies (no expiry set?)
> this might not work with all browsers because they delete (or stop
> sending) them as soon as they expire, not when the browser is closed?

That's a good question, Chris. If you don't set the expiration on a Cookie,
it expires at the end of the browser Session. However, you may have heard
right (I don't know) that some browsers may delete Session Cookies when the
browser navigates away from a domain (although I haven't heard of it),
rather than when the browser closes. It would be worth investigating. 

-- 
HTH,
Kevin Spencer
.Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
"Chris" <freewonga@surf.to> wrote in message
news:57373c17.0408250500.dd05214@posting.google.com...
> Kevin,
>
> I was thinking of a session cookie so that from the browsers
> perspective that cookie will exist so long as the browser isn't
> closed, even if something happens on the server that looses the
> session such a timeout.
>
> If the the browser is closed then the cookie in gone and the session
> should rightly be ended and a new one started when the user next sends
> a request. From what I've read on session cookies (no expiry set?)
> this might not work with all browsers because they delete (or stop
> sending) them as soon as they expire, not when the browser is closed?
>
> Brad - How does your user control work? I want to put the code in a
> base page class that all other pages on the site derive from but I
> might be able to do something similar.
>
> Thanks all.
>
> "Kevin Spencer" <kspencer@takempis.com> wrote in message
news:<eSrD2GfiEHA.596@TK2MSFTNGP11.phx.gbl>...
> > Hi Chris,
> >
> > I believe you could indeed store the SessionID in a Cookie. If the
current
> > SessionID is not the same as the Cookie, the user has started a new
Session.
> > If the Cookie is not present, the user has not been there before.
However,
> > the problem is going to be getting rid of the Cookie. For example, if
the
> > user starts a Session, which sets the Cookie, closes his/her browser,
and
> > comes back 2 hours later, the Cookie will have a SessionID in it, and it
> > will not match the current SessionID. But in this case, the user's
Session
> > has not been interrupted.
> >
> > Perhaps you should rethink this problem in terms of requirements. There
may
> > be a better way to achieve what your requirements dictate.
> >
> > -- 
> > HTH,
> > Kevin Spencer
> > .Net Developer
> > Microsoft MVP
> > Big things are made up
> > of lots of little things.
> >
> > "Chris" <freewonga@surf.to> wrote in message
> > news:57373c17.0408240710.6803507b@posting.google.com...
> > > When a request comes into a page on my ASP.net site and a session is
> > > not found, I want to detect whether the request is an initial request
> > > or if the user did have a session going that has now been lost and
> > > show an explanatory message before restarting the session.
> > >
> > > Rather than tagging a 'session in progress' flag on the end of every
> > > request querystring I'd like to detect it using data sent in every
> > > request.
> > >
> > > One idea I had was that when a browser expecting a session sends a
> > > sessionId cookie that no longer matches a stored session in IIS, this
> > > indicates a lost session.
> > >
> > > Am I right in thinking that looking for the sessionId cookie is
> > > reliable way to detect the loss of a session and is there a better way
> > > that will work seemlessly for cookieless sessions as well?

Relevant Pages

  • Re: What is URL rewriting?
    ... URL rewriting is the option when the client browser doesn't accept ... browser doesn't accept cookies. ... user information is usually stored as session object. ... so that the user agent can send that ID back on its next request. ...
    (comp.lang.java.programmer)
  • Re: _SESSION weirdness behind a NAT firewall/router: bug?
    ... that the 'sess_deleted' file is actually being used as a session ID. ... force the cookie to expire. ... Any $_SESSION values introduced by one browser become part of the ... I re-load the non-logged-in index page in Opera. ...
    (comp.lang.php)
  • Re: HttpWebRequest times out with ASP.NET_SessionId cookie
    ... I can't get the session cookie ... from a priming request because my app it authenticated already. ... cookie has already been created, ... I was figuring that my problem is that somehow the request isn't done yet, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: php session without cookie useage
    ... >>> browser or the application to maintain the state if needed. ... >>> transfer a session key created on login to subsequent pages via a POST ... >>> browser via a cookie or via POST or GET. ... > That may block legitimate users using a round-robin proxy (different ...
    (comp.lang.php)
  • Re: Is Session Always Cleared?
    ... If the first user closes his browser after he is finished, the session cookie is forgotten. ...
    (microsoft.public.dotnet.framework.aspnet)