Advertisement Jump to content
Sign in to follow this  

[web] ASP: Session gets lost randomly

This topic is 4895 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I’m having a real frustrating problem with sessions. I have a login page that assigns a login name and password to a session variable if they match up (the session variable gets set to True). I can login and it all works fine, except sometimes a page will lose the session variable it seems and ask me to log back in. If I go back a page and try to get to that screen again without logging in again (I should already be logged in from before) it suddenly finds the session variable and works as normal. It seems like some pages never have this problem, and others I have to keep hitting back and clicking the link again and again until it finally finds the session variable. Very annoying. The top of each page contains -
If Not Session("loginpassed") Then
    Response.Redirect "login.asp"
End If
Any idea as to why this might be behaving so randomly?

Share this post

Link to post
Share on other sites
Consider setting the session timeout to a higher value, it may be that. Does it always happen or are you leaving it alone for a while?

Share this post

Link to post
Share on other sites
How good is your internet connection?
Whenever the internet connection is lost here (even resetting the hub borks it) so are all the sessions, meaning that we have to log in again.
One solution would be to have an automatic login (using cookies) so that if you were logged out it would try to recover itself using the stored cookies, and if not then redirect to the login page.

Share this post

Link to post
Share on other sites
Possible causes of this are:

1. Host name inconsistency - not all of your users are using the same host name to access your site (beware, site aliases ARE signficant), and some of your pages are using absolute URLs.

This causes cookies to be lost because they are specific to the *exact* host name used, i.e. cookies won't be sent to

2. IIS falling over / crashing

In ASP, session variables are stored entirely in memory. If the ASP app server needs to restart for any reason (planned or unplanned), they are deleted. This can be caused by:

- Modifying global.asa
- Some types of change to the IIS configuration
- IIS crashing or halting as a result of some internal error (usually a dodgy DLL component, for example COM server DLL or ODBC driver) - but can also be caused by attacks on vulnerable components by worms, for example (if this is the case, your machine is probably compromised)
- Someone manually restarting IIS (for example with the iisreset command, or service control manager)
- A reboot

3. Session timing out or being abandoned

The session timeout can be changed in the IIS manager, or overridden on a per session basis in the ASP code. A common place to set this is in global.asa session_onstart or in your login page (for example, use a short session timeout for anonymous users and a longer one for logged in people)

Beware that having too many sessions will use up loads of memory.

Under no circumstances place nontrivial objects in the session variable - only strings, integers etc should be used (No ADO objects etc)

If there are too many sessions, I'm not sure what IIS does.

Session.Abandon() is a function which will explicitly throw a session away (I think it actually survives until the end of page execution and is then removed)


Share this post

Link to post
Share on other sites
Sign in to follow this  

  • Advertisement

Important Information

By using, you agree to our community Guidelines, Terms of Use, and Privacy Policy. is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!