|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
session timeout
how would go about making a session timeout expire with a method like
you can expire a cookie by going Date() - 1 isaac2004 wrote on 09 mrt 2006 in microsoft.public.inetserver.asp.general:
> how would go about making a session timeout expire with a method like Why would you want to do that?> you can expire a cookie by going Date() - 1 > > session.abandon is the way to go. -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress) >Why would you want to do that? i have a db driven shopping cart that uses a session id as a variblefor storring individual carts and items >session.abandon is the way to go.\ isnt this method unefficient and is there any other wayisaac2004 wrote on 10 mrt 2006 in microsoft.public.inetserver.asp.general:
>>Why would you want to do that? Yes, so?> > i have a db driven shopping cart that uses a session id as a varible > for storring individual carts and items One advice, never use systemvariables directly in code. For one it precludes efficient testing with virtual values. And now you see for yourself you will have to use measures the system is not ment for. say you want to keep the session identity of the user for other reasons? >>session.abandon is the way to go.\ Why? > > isnt this method unefficient What would be "inefficient" about it, and why would that matter to you? setting the session timeout to a time in the past [if possible?] IS!! abandoning the session, IMHO!!! > and is there any other way Yes, Do not use the session id for other things than identifying the user's session. -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress) "isaac2004" <isaac_2***@yahoo.com> wrote in message Session.SessionID is _very_ unreliable!news:1141976493.491036.240080@i39g2000cwa.googlegroups.com... > >Why would you want to do that? > > i have a db driven shopping cart that uses a session id as a varible > for storring individual carts and items > >>session.abandon is the way to go.\ > > isnt this method unefficient and is there any other way This is because the SessionID is just a numeric value, that can be reset at any time, and it is not a unique number! Identify your basket using a string-GUID for instance, -- compatible web farm Session replacement for Asp and Asp.Net (1.1) http://www.nieropwebconsult.nl/asp_session_manager.htm Egbert Nierop (MVP for IIS) wrote on 12 mrt 2006 in
microsoft.public.inetserver.asp.general: Show quote > And how many sessions would you need to have at one time to come near the > "isaac2004" <isaac_2***@yahoo.com> wrote in message > news:1141976493.491036.240080@i39g2000cwa.googlegroups.com... >> >Why would you want to do that? >> >> i have a db driven shopping cart that uses a session id as a varible >> for storring individual carts and items >> >>>session.abandon is the way to go.\ >> >> isnt this method unefficient and is there any other way > > Session.SessionID is _very_ unreliable! > This is because the SessionID is just a numeric value, that can be > reset at any time, and it is not a unique number! number that the session ID has a reasonable chance of being duplicated? > Identify your basket using a string-GUID for instance, Isn't that just as resettable?=========== Read further, I do not advice abandoning the session, just to throw away a basket. -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress) hey i found out that i can just use the delete part of a SQL statement
to erase all fields, the only problem is that it gives me this error [Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 1. doesnt this mean that i am trying to delete something that doesnt exist, here is the delete SQL code strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " & strSessionID objRS.Open strDeleteSQL, objConn, adOpenForwardOnly, adLockOptimistic does this look right thanks for the help isaac2004 wrote on 12 mrt 2006 in microsoft.public.inetserver.asp.general:
> hey i found out that i can just use the delete part of a SQL statement Please quote what you are replying to. > If you want to post a followup via groups.google.com, don't use the "Reply" link at the bottom of the article. Click on "show options" at the top of the article, then click on the "Reply" at the bottom of the article headers. <http://www.safalra.com/special/googlegroupsreply/> -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress) >Please quote what you are replying to. sorry alot of people were giving advice so i thought just by doing thatit would limit confusion anyway i started this thread with an original problem that i fixed, now there is another problem, i get this error [Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 1. doesnt this mean that i am trying to delete something that doesnt exist, here is the delete SQL code strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " & strSessionID objRS.Open strDeleteSQL, objConn, adOpenForwardOnly, adLockOptimistic does this look right thank you all for the help isaac2004 wrote on 12 mrt 2006 in microsoft.public.inetserver.asp.general:
>>Please quote what you are replying to. Again a lack of Usenet Netiquette. > > sorry alot of people were giving advice so i thought just by doing that > it would limit confusion > > anyway i started this thread with an original problem that i fixed, now > there is another problem, i get this error Do not ask a new unrelated question in an old thread. Start a new thread with a new telling subject text. -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress) isaac2004 wrote:
>> Please quote what you are replying to. http://www.aspfaq.com/show.asp?id=2126> > sorry alot of people were giving advice so i thought just by doing > that it would limit confusion > > anyway i started this thread with an original problem that i fixed, > now there is another problem, i get this error > > [Microsoft][ODBC Microsoft Access Driver] > Too few parameters. Expected No. It means you've specified an object, either a table or a field name,> 1. > > doesnt this mean that i am trying to delete something that doesnt > exist, here is the delete SQL code > that does not exist in your database. It could also mean that you used a reserved keyword to name one of the objects that is specified in the query without using brackets to delimit that word. However, I see no reserved keywords in your query so that's not the problem. > I don't know. Does your tblCart table really have a field called> strDeleteSQL = "DELETE FROM tblCart WHERE strSessionID = " & > strSessionID > objRS.Open strDeleteSQL, objConn, adOpenForwardOnly, > adLockOptimistic > > > does this look right "strSessionID"? -- Microsoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup.
Show quote
"Evertjan." <exjxw.hannivo***@interxnl.net> wrote in message Well at least with windows 2000, this was just a sequential number. I did news:Xns9784B9873378Ceejj99@194.109.133.242... > Egbert Nierop (MVP for IIS) wrote on 12 mrt 2006 in > microsoft.public.inetserver.asp.general: > >> >> "isaac2004" <isaac_2***@yahoo.com> wrote in message >> news:1141976493.491036.240080@i39g2000cwa.googlegroups.com... >>> >Why would you want to do that? >>> >>> i have a db driven shopping cart that uses a session id as a varible >>> for storring individual carts and items >>> >>>>session.abandon is the way to go.\ >>> >>> isnt this method unefficient and is there any other way >> >> Session.SessionID is _very_ unreliable! >> This is because the SessionID is just a numeric value, that can be >> reset at any time, and it is not a unique number! > > And how many sessions would you need to have at one time to come near the > number that the session ID has a reasonable chance of being duplicated? not test it for windows xp/2003 but the number is just a hashcode to a bucket. It is not the right way to be unique. >> Identify your basket using a string-GUID for instance, no.> > Isn't that just as resettable? The chance for duplicates is nill. Show quote > =========== > > Read further, I do not advice abandoning the session, just to throw away a > basket. Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in
microsoft.public.inetserver.asp.general: >> And how many sessions would you need to have at one time to come near Under W2003 it is a very long string. Unicity is not needed, only relative >> the number that the session ID has a reasonable chance of being >> duplicated? > > Well at least with windows 2000, this was just a sequential number. I > did not test it for windows xp/2003 but the number is just a hashcode > to a bucket. It is not the right way to be unique. > unicity. -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress)
Show quote
"Evertjan." <exjxw.hannivo***@interxnl.net> wrote in message Possibly they've changed the number as a hashcode from a GUID.news:Xns978876DADF65eejj99@194.109.133.242... > Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in > microsoft.public.inetserver.asp.general: > >>> And how many sessions would you need to have at one time to come near >>> the number that the session ID has a reasonable chance of being >>> duplicated? >> >> Well at least with windows 2000, this was just a sequential number. I >> did not test it for windows xp/2003 but the number is just a hashcode >> to a bucket. It is not the right way to be unique. >> > > Under W2003 it is a very long string. Unicity is not needed, only relative > unicity. Still, I would not use the SessionID as unique identifier. It is not documented to be unique. Egbert Nierop (MVP for IIS) wrote on 16 mrt 2006 in
microsoft.public.inetserver.asp.general: Show quote > But that was not my point, Egbert. > "Evertjan." <exjxw.hannivo***@interxnl.net> wrote in message > news:Xns978876DADF65eejj99@194.109.133.242... >> Egbert Nierop (MVP for IIS) wrote on 15 mrt 2006 in >> microsoft.public.inetserver.asp.general: >> >>>> And how many sessions would you need to have at one time to come >>>> near the number that the session ID has a reasonable chance of >>>> being duplicated? >>> >>> Well at least with windows 2000, this was just a sequential number. >>> I did not test it for windows xp/2003 but the number is just a >>> hashcode to a bucket. It is not the right way to be unique. >>> >> >> Under W2003 it is a very long string. Unicity is not needed, only >> relative unicity. > > Possibly they've changed the number as a hashcode from a GUID. > > Still, I would not use the SessionID as unique identifier. It is not > documented to be unique. You do not need a unique identifier for a shopping card, as the number of concurent users is very small, compared to, say, a database filled with all inhabitantss of the Netherlands. if you keep the chance of concurrency below, say, once in a hundred thousand years, wouldn't that be enough? btw: an "unique identifier" is not unique at all, it is just a pseudo random string and it only is unique compared to the practical chance of doublures during time spans like the age of the universe. -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress)  |
|||||||||||||||||||||||
Other interesting topics