ASP 101 - Active Server Pages 101 - Web06
The Place ASP Developers Go!

Please visit our partners


Windows Technology Windows Technology
15 Seconds
4GuysFromRolla.com
ASP 101
ASP Wire
VB Forums
VB Wire
WinDrivers.com
internet.commerce internet.commerce
Partners & Affiliates














ASP 101 is an
internet.com site
ASP 101 is an internet.com site
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

ASP 101 News Flash ASP 101 News Flash



 Top ASP 101 Stories Top ASP 101 Stories
What is Adovbs.inc and Why Do I Need It?
An Overview of ASP.NET
Connections, Commands, And Procedures

QUICK TIP:
Basic authentication vs. NT Challenge and Response
Show All Tips >>
ASP 101 RSS Feed ASP 101 Updates


When Sessions End - Once And For All!

by John Peterson

Introduction

Maybe it's that I've written a couple of articles on sessions, applications, and global.asa or maybe it's just a difficult topic for beginners to grasp, but I've been getting questions about when a session ends for what seems like forever. Well it's time to put the final nail in the coffin and put this issue to rest once and for all.

Why Now? ...Because You Keep Asking!

I've answered this question a lot! I've addressed it in two articles ( Applications, Sessions, and Global.asa and Counting Active Users ) , some forum posts, and countless email messages and yet people still ask. Well at least now I'll have someplace to send them... here!

The Final Straw

This email was the one that finally convinced me this had to be done. I've left out the name and done some editing, but you'll get the idea.

Note: It is not my intention to put down the author of this particular message. In fact it was the ernest and honest request for clarification that made me take notice of it in the first place. My thanks go out to the author... you know who you are.

Here's the body of the email:

Hi John,

I love your tutorial on global.asa. I tried everything to access this file not knowing that I had to make my directory an application. I have one problem... my favorite online "school" is [site name removed to protect the guilty] and they clearly state:

"[bulk of the description removed... again to protect the guilty; however, what remains is word for word...] A session also ends if the user closes the web browser, or goes to someone else's web page."

I cannot find Microsoft's official word on this, but I would think the session ends when you close the browser. If it did not, this would be a drain on server resources and would have been fixed in later releases of IIS. You seem very adamant on this point and this makes me really want to know the correct answer.

Can you guide me to the correct source?

Here's the bulk of my reply:

     I'm 110% sure. Sessions DO NOT end when a user closes their browser. There is no communication with the server when a browser is closed so there is no way the server can know to end the session. The same is true when you leave the site for another. Again no communication takes place between your browser and the site you're leaving so the server never knows you've left.

     You can illustrate this by creating a routine in the Session_OnEnd event that logs a timestamp to a textfile. Then hit a page in the application and close your browser. There will be no entry logged in the text file until 20 minutes later (or whatever timout you're app is set to) when the Session_OnEnd Routine is fired.

Docs from MS:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iisref/html/psdk/asp/glob2y90.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdo/html/_olemsg_the_session_onend_function.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnproasp/html/usingapplicationssessions.asp

Other reputable sources:
http://www.aspfaqs.com/webtech/092098-2.shtml
http://www.learnasp.com/learn/sessionoverview.asp

     They all basically say the same thing:

"The Session_OnEnd event occurs either when a current Session is abandoned by using the Session.Abandon method, or when it times out. By default this is 20 minutes after the last request for a page from the application, though this can be changed either by setting the Session.Timeout property or by editing the registry."

     The docs are vague in areas when using the phrase "session is abandoned" and that may have led to some of the confusion in the community, but the correct interpretation is as in the quote above... meaning a script made a manual call to the Abandon method of the Session object. Even this can be tricky; however, since after calling Session.Abandon, any other hit to an asp page in your application (that doesn't have sessions specifically disabled) will start a new session.

Hope this helps clarify things,
John

And Just In Case It Doesn't...

Here's a sample of the type of code I spoke of in the message above. It's all zipped up and ready for you to play with.

There are 3 files: global.asa, session.asp, and session.log. You'll need to unzip them to the root of an application on your server, but be sure to back up any files that you have with the same name first... global.asa is pretty common! You'll need to set the NTFS permissions on the .log file to give the user write permissions and edit the path to the .log file in global.asa (if needed). Besides that everything should work fine. Request session.asp from the server and follow the instructions.

If seeing with your own eyes doesn't convince you then I guess I might as well give up...


Update: Javascript Session Ender

After writing this article, I got a lot of email from people asking if there was some way to make sessions end when the browser is closed or the user moves on. Well there is... sort of...

Basically the only solution I know of is to set up a client-side event to call a server-side script to abandon the session when the user leaves. It's not fool-proof, browser-proof, or crash-proof, but it should work with most javascipt-enabled browsers and will abandon the majority of your sessions when the user leaves.

Being ever the lazy webmaster... here's one version of this type of solution submitted by one of our visitors:

hi john,

i just finished reading your "When Sessions End - Once And For All!". i thought it was pretty much common sense that closing a browser doesn't end a session but nothing suprises me. anyway, heres how i end a session everytime someone closes a browser. its nothing special but it works. keep up the good work with the site.

later,
nick

Here's the zip file containing the sample code. Thanks Nick!


Update: FAQ: Can I Access Session Variables In Session_OnEnd?

Yes... but don't take my word for it. Here's a code snippet that you can use to replace the original Session_OnEnd routine from the sample script above. It reads the session variable "Start" and writes it's value to the log file along with the session's end time from within Session_OnEnd.

Sub Session_OnEnd
  Dim objFSO, objFile
  Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
  Set objFile = objFSO.OpenTextFile(strLogFilePath, 8, True)
  Set objFSO = Nothing
  objFile.WriteLine "Session: " & Session.SessionID _
      & " started at " & Session("Start")
  objFile.WriteLine "Session: " & Session.SessionID _
      & " ended at " & Now ()
  objFile.Close
  Set objFile = Nothing
End Sub

Home |  News |  Samples |  Articles |  Lessons |  Resources |  Forum |  Links |  Search |  Feedback

Internet.com
The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers