Global.asa and sessions....

Results 1 to 3 of 3

Thread: Global.asa and sessions....

  1. #1
    Join Date
    Dec 1969

    Default Global.asa and sessions....

    YOUR RESPONSE:<BR>global.asa and sessions...<BR>Rahenkamp - 27 Jan - 11:14:57 AM<BR>------------------------------------------------------------------------<BR>I am trying to create a passwording system that will log you off at the end of the session. I have the following global.asa file and it doesn&#039;t seem to work. I have waited well over the 20 minute session default time and I have tried to set the session time using session.timeout=x .... Now I am pretty darn sure that I am doing something wrong I just don&#039;t know what.... Any help? <BR>TIA <BR>Dan Rahenkamp<BR>&#060;Script Language=vbscript runat=server&#062;<BR>SUB Application_OnStart<BR>End Sub<BR>Sub Application_OnEnd<BR>Response.Redirect "log_off_user.asp"<BR>End Sub<BR>Sub Session_OnStart<BR>End Sub<BR>Sub Session_OnEnd<BR>Response.Cookies("Forum").expires =Now()<BR>response.Redirect "log_off_user.asp"<BR>End Sub<BR>&#060;/Script&#062;

  2. #2
    Join Date
    Dec 1969

    Default Can't depend on Session_onEnd

    This event is notorious for not firing...

  3. #3
    Join Date
    Dec 1969

    Default RE: Global.asa and sessions....

    quoting from the doc&#039;s:<BR><BR>"The Session_OnEnd event occurs when a session is abandoned or times out. Of the server built-in objects, only the Application, Server, and Session objects are available."<BR><BR>Thus the RESPONSE-object is not available, nor is the REDIRECT (if You, by redirecting, request a page in Your application You are saying &#039;start session&#039; in the OnEnd-event!). You should see signs of this in the server Event Log.<BR><BR>A better way for ID&#039;ing users are to take advantage of the Session.SessionID property: A variant I&#039;ve used is to glue this property together with a username and password, thus creating a very unique string.<BR><BR>1) at user log on: check username/password - if they are correct, a) capture them in Session-variables, b) create a SESSION("OKUSER")=CSTR(Session("Username")&Session ("Password")&Session.SessionID)<BR><BR>2) on every page of Your protected application, ask at the top of the page:<BR>if not SESSION("OKUSER")=CSTR(Session("Username")&Session ("Password")&Session.SessionID) then<BR>response.redirect "logon.asp"<BR>else<BR>end if<BR><BR>At Session_OnEnd, the SESSION("OKUSER") is destroyed, along with the Session("Username") and Session("Password") variables. If a user as much as clicks on the page displayed but timed-out, the redirect will occur immedeately to "logon.asp"<BR><BR>regards lumen<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts