> mike.bi***@gmail.com wrote:
> > I have an ASP page that is using an XMLHTTP object to request various
> > pages from my server.
> Is this being done in client-side code? or are you really using the
> XMLHTTPServer object?
>
> > I  keep a single session throughout the
> > XMLHTTP requests by bassing the ASPSESSIONID cookie through the
> > XMLHTTP object.
>
> If using XMLHTTP from client-side code, I do not believe this is
> necessary.
> >
> > However, when the page requested through the XML object makes a
> > <%Response.Redirect()%>
>
> > call, a new session is created each time.
> >
> This test fails to duplicate your behavior:
>
> xmlhttp_session.asp:
> <%
> session("test")="Z"
> %>
> <HTML>
> <HEAD>
> <script type="text/javascript">
>  function test()
>  {
>   var oHTTP = new ActiveXObject("Microsoft.XMLHTTP");
>   oHTTP.open("POST","getsessionval.asp", false);
>   oHTTP.send();
>   alert(oHTTP.responseText)
>  }
> </script>
> </HEAD>
> <BODY>
> <INPUT type="button" value="Button" id=button1 name=button1
> onclick="test();">
> </BODY>
> </HTML>
>
>
> getsessionval.asp:
> <%response.redirect "getsessionval2.asp"%>
>
> getsessionval2.asp:
> <%response.write session("test")%>
>
> Clicking the button results in "Z" being alerted.
>
> Have I just wasted my time? Are you really using XMLHTTPServer in
> server-side code?
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.

news:1158852732.629403.287340@i42g2000cwa.googlegroups.com...
>
> Bob Barrows [MVP] wrote:
> > mike.bi***@gmail.com wrote:
> > > I have an ASP page that is using an XMLHTTP object to request various
> > > pages from my server.
> > Is this being done in client-side code? or are you really using the
> > XMLHTTPServer object?
> >
> > > I  keep a single session throughout the
> > > XMLHTTP requests by bassing the ASPSESSIONID cookie through the
> > > XMLHTTP object.
> >
> > If using XMLHTTP from client-side code, I do not believe this is
> > necessary.
> > >
> > > However, when the page requested through the XML object makes a
> > > <%Response.Redirect()%>
> >
> > > call, a new session is created each time.
> > >
> > This test fails to duplicate your behavior:
> >
> > xmlhttp_session.asp:
> > <%
> > session("test")="Z"
> > %>
> > <HTML>
> > <HEAD>
> > <script type="text/javascript">
> >  function test()
> >  {
> >   var oHTTP = new ActiveXObject("Microsoft.XMLHTTP");
> >   oHTTP.open("POST","getsessionval.asp", false);
> >   oHTTP.send();
> >   alert(oHTTP.responseText)
> >  }
> > </script>
> > </HEAD>
> > <BODY>
> > <INPUT type="button" value="Button" id=button1 name=button1
> > onclick="test();">
> > </BODY>
> > </HTML>
> >
> >
> > getsessionval.asp:
> > <%response.redirect "getsessionval2.asp"%>
> >
> > getsessionval2.asp:
> > <%response.write session("test")%>
> >
> > Clicking the button results in "Z" being alerted.
> >
> > Have I just wasted my time? Are you really using XMLHTTPServer in
> > server-side code?
> >
> > --
> > Microsoft MVP -- ASP/ASP.NET
> > Please reply to the newsgroup. The email account listed in my From
> > header is my spam trap, so I don't check it very often. You will get a
> > quicker response by posting to the newsgroup.
>
> Bob, I apologize for not making myself more clear.  I am indeed using
> ServerXMLHTTP.
>
> Setting up an example isn't necessarily simple, but I'll give it a
> shot.
>
> Page1.asp:
> <%
> <!--#include file="includes/classes/cookie.asp" -->
> Function ProcessResponseHeaders(sHeaders)
> Set reCookies = New RegExp
> reCookies.IgnoreCase = true
> reCookies.Global = true
> reCookies.Pattern = "Set-Cookie: [^\n]*\n"
> Set oMatches = reCookies.Execute(sHeaders)
> for each oMatch in oMatches
> Set oCookie = New Cookie
> oCookie.ParseCookieHeader(oMatch.Value)
> if(oCookie.IsSessionCookie)then
> Session("CookieName") = oCookie.Name
> Session("CookieValue") = oCookie.Value
> else
> oCookie.WriteToResponse()
> end if
> next
> End Function
>
> sSessionCookie = Session("CookieName")
> sSessionCookieValue = Session("CookieValue")
>
> Set oHTTPpost = Server.CreateObject("Msxml2.ServerXMLHTTP")
> oHTTPpost.open "GET", "http:/url.tld/testsession.asp" , false
> oHTTPpost.SetRequestHeader "Cookie", sSessionCookie & "=" &
> sSessionCookieValue
> oHTTPpost.send(null)
> sReturnValue = oHTTPpost.responseText
> ProcessResponseHeaders(oHTTPPost.GetAllResponseHeaders)
> Response.Write(sReturnValue)
> %>
>
> testsession.asp
> <%
> Response.Redirect("redirecttarget.asp")
> Response.Write(Session.SessionID)
> %>
>
> redirecttarget.asp
> <%
> Response.Write(Session.SessionID)
> %>
>
> cookie.asp:
> <%
> Class Cookie
> Public Name
> Public Value
> Public Expires
> Public Path
>
> Private Sub Class_Initialize
> Me.Name = ""
> Me.Value = ""
> Me.Expires = ""
> Me.Path = ""
> End Sub
>
> Private Sub Class_Terminate
>
> End Sub
>
> Public Function ParseCookieHeader(sHeader)
> Set reCookie = New RegExp
> reCookie.IgnoreCase = true
> reCookie.Global = true
> reCookie.Pattern = "[^\s]*=[^\n;]*"
> Set oMatches = reCookie.Execute(sHeader)
> for each oMatch in oMatches
> a_sMatch = split(oMatch.value,"=")
> sName = a_sMatch(0)
> sValue = a_sMatch(1)
> select case lcase(sName)
> case "path": Me.Path =  URLDecode(sValue)
> case "expires": Me.Expires =  URLDecode(sValue)
> case else: Me.Name = URLDecode(sName)
>    Me.Value = URLDecode(sValue)
> end select
> next
> End Function
>
> Public Function WriteToResponse()
> if(Me.Name <> "")then
> Response.Cookies(Me.Name) = Me.Value
> if(Me.Path <> "")then
> Response.Cookies(Me.Name).Path = Me.Path
> end if
> if(Me.Expires <> "")then
> Response.Cookies(Me.Name).Expires = Me.Expires
> end if
> end if
> End Function
>
> Function URLDecode(sConvert)
> Dim aSplit
> Dim sOutput
> Dim I
> If IsNull(sConvert) Then
>    URLDecode = ""
>    Exit Function
> End If
>
> ' convert all pluses to spaces
> sOutput = REPLACE(sConvert, "+", " ")
>
> ' next convert %hexdigits to the character
> aSplit = Split(sOutput, "%")
>
> If IsArray(aSplit) Then
>   sOutput = aSplit(0)
>   For I = 0 to UBound(aSplit) - 1
> sOutput = sOutput & _
>   Chr("&H" & Left(aSplit(i + 1), 2)) &_
>   Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
>   Next
> End If
>
> URLDecode = sOutput
> End Function
> End Class
> %>
>
> So, in this example, page1.asp requests testsession.asp via the
> ServerXMLTTP object.  page1.asp maintains the ASP session ID by passing
> the ASPSESSIONID cookie to through the ServerXMLHTTP object.
> ProcessFunctionHeaders and the cookie class are responsible for this.
> Once requested, testsession.asp writes a redirect header to the client
> (in this case the ServerXMLHTTP object).  The client then redirects to
> redirecttarget.asp, which prints the current session id.)  As you will
> see, the value printed by page1.asp will increment with ever refresh of
> page1.asp. Commenting the first line of testsession.asp (commenting out
> the redirect) causes the sessionid to remain constant with every
> refresh of page1.asp.
>
> This leads me to believe that the ServerXMLHTTP object fails to pass
> the cookies to the server if the server has responded with a 302
> redirect header (issued by response.redirect).  Can anyone confirm or
> deny this issue?
>

> Many thanks.
> Mike Biang
> Software Developmer
> Cramer Development
> mike.bi***@gmail.com
>