Reputation: 81
Classic ASP JQuery AJAX not maintaining session
I'm building a system using JQuery and AJAX calls to classic ASP pages which handle the server stuff.
This system requires a user to be logged in. I'm using the session to store the username.
The problem is that the session times out after the default 20 mins and users are being redirected to the sign in page. I'm assuming that for some reason the AJAX calls are not maintaining the session.
Here's how I'm doing things:
When the user logs in I post an AJAX call as follows:
$.ajax({
type: "POST",
url: "admin/ajax/signin.asp",
data: {
'username': username,
'userpassword': userpassword
},
cache: false,
success: function(data, textStatus, jqXHR) {
if (jqXHR.getResponseHeader('REQUIRES_AUTH') === '1'){
$('#failed').show();
}
else {
location.href = "admin/"
}
}
});
signin.asp checks the users details against the database, if ok this page stores the username in a session variable.
Session("userid") = Request("username")
The user is now logged in.
Whilst the user is using the system every page checks the REQUIRES_AUTH header on every AJAX request and handles the logout redirection as follows:
/* Check user logged in on every ajax request */
$('body').ajaxComplete(function(event,request,settings){
if (request.getResponseHeader('REQUIRES_AUTH') === '1'){
location.href="../signin.html"
};
});
/* End */
Every ASP page that is called using an AJAX post does a check on the session, if it's not there then it sets the REQUIRES_AUTH header as follows:
If (trim(Session("userid")) = "") Then
'No session so clear variable
Session.Contents.Remove("userid")
'Redirect to Login page
Response.AddHeader "REQUIRES_AUTH", "1"
Else
Session("userid") = Session("userid")
End If
I made the assumption that using Session("userid") = Session("userid") and the fact that I'm calling an ASP page which does something on the server would be enough to maintain the session but it appears not, all advice greatly appreciated. Do I have something fundamentally wrong?
Upvotes: 7
Views: 2639
Answers (2)
Reputation: 594
you can set an auto refresh in JavaScript every 15 min with a hidden count down or pass a unique token in your client site javascript
Upvotes: 1
Reputation: 4681
Unfortunately there is no sliding expiration in classic asp sessions. I can figure out two suggestion:
- Use a cookie in place of the session to identify the user. Maybe the hash of the User Id will be suitable.
- Extend the
Session.Timeoutvalue for something larger than 20 min.
Upvotes: 0
Related Questions
- Constantly Loosing Session State ASP.NET
- session cleared on second ajax call
- Classic ASP + Ajax
- jquery setting session in asp.net
- ASP.NET Prevent AJAX request from keeping session alive
- Keep ASP.Net session alive during Ajax calls
- Session values lost in an ASP.NET application
- Session is lost on new request in classic asp site
- JQuery Session problem
- ASP Classic and JavaScript check for session status