Multiple session cookies problem [Answered]RSS

6 replies

Last post Oct 31, 2013 11:13 AM by Anton Palyok

  • Multiple session cookies problem

    Feb 27, 2009 06:13 PM|neitakk|LINK

    Hi. I'm gonna try to explain the problem in short terms: On a shared Windows server which my host provide me, I'm getting multiple session cookies stored in the browser. This regards all browser types. [list] [*]A clean ASP file with no code other then "response.write("Hello") [*]Updating the page in e.g. 5 minutes intervals [*]Every new session seems to make a new session cookie with a new ID [*]Eventually the cookie storage is full [/list] Why this is a problem? After the storage get's filled up, there is impossible to write custom cookies like for a login. This makes big problems for my users who never close the browser. The only way to get rid of the cookies is by manually deleting them or restarting the browser. How is it possible to avoid this problem?

    ASP IIS classic ASP .NET coexists asp help asp classic

  • Re: Multiple session cookies problem

    Feb 28, 2009 08:35 PM|steve schofield|LINK

    Have you contacted your shared provider and explained the issue?

    Steve Schofield
    Windows Server MVP - IIS
    http://iislogs.com/steveschofield
    http://www.IISLogs.com
    Log archival solution
    Install, Configure, Forget

  • Re: Multiple session cookies problem

    Mar 01, 2009 04:22 AM|neitakk|LINK

    Yes I have. They told me to try this forum.

    Here is an extract of what they answered:

    Hello Name1

    I think it's caused by the application pool recycle, as we said originally the ASP Session ID is destroyed and a new one created when the application recycles ... the problem is that application does not then delete the old ID because it has no prior knowledge of it .. I doubt they factored in for the fact that some users such of yourself would have visitors with browsers open for such long periods of time, when they designed it.

    We have increased the application recycle time of application pool your site utilises, this will help as you should only now have 6 ASPSESSIONID's being created per 24 hours.

  • Re: Multiple session cookies problem

    Mar 01, 2009 05:59 AM|neitakk|LINK

    Is it possible to make IIS set an expiration date on the Session Cookie? That would have solved my problem permanently.
  • Re: Multiple session cookies problem

    Mar 01, 2009 08:41 AM|neitakk|LINK

    I have created my own sollution for this problem, and would like to share it with everyone else:

    Add this code in your header

    <!-- Javascript function to set an expiration date on the ASP Session Cookies in order to destroy them if multiple Session Cookies -->

    <script type="text/javascript">
    function setCookie(c_name,value,expiredays)
    {
    var exdate=new Date();
    exdate.setDate(exdate.getDate()+expiredays);
    document.cookie=c_name+ "=" +escape(value)+
    ((expiredays==null) ? "" : ";expires="+exdate.toGMTString());
    }
    </script>

    <%
    Dim strSessionCookie, arrSessionCookie, a, i
    i = 0
    a = 1
    strSessionCookie = Request.ServerVariables("HTTP_COOKIE")

    if strSessionCookie <> "" then

    Dim intCookieValueStart, intCookieValueEnd, intCookieValueLength, strSessionCookieName, strSessionCookieValue

    arrSessionCookie = Split(strSessionCookie,";")

    if Ubound(arrSessionCookie) > 0 then

    if InStr(strSessionCookie,"YourLoginCookie") = 0 then a = 0

    if Ubound(arrSessionCookie) > a AND InStr(arrSessionCookie(Ubound(arrSessionCookie)),"NULL") = 0 then

    For i = 0 to Ubound(arrSessionCookie)
    if i = a AND InStr(arrSessionCookie(i),"ASPSESSIONID") then
    intCookieValueStart = InStr(arrSessionCookie(i),"=")
    intCookieValueEnd = Len(arrSessionCookie(i))
    intCookieValueLength = intCookieValueEnd - intCookieValueStart
    strSessionCookieName = Mid(arrSessionCookie(i),1,intCookieValueStart-1)
    strSessionCookieValue = Mid(arrSessionCookie(i),intCookieValueStart+1,intCookieValueLength)
    response.write("<script type=""text/javascript"">")
    response.write("setCookie('" & strSessionCookieName & "','NULL',0)")
    response.write("</script>")
    end if
    Next

    end if

    end if

    end if
    %>
  • Re: Multiple session cookies problem

    Mar 01, 2009 06:19 PM|steve schofield|LINK

    Thanks for posting this solution.   The root issue is the application pool recycles which when using a shared provider, you are at their mercy for configuration.   The application should account for situations like this and code accordingly, which you did. 

    Steve Schofield
    Windows Server MVP - IIS
    http://iislogs.com/steveschofield
    http://www.IISLogs.com
    Log archival solution
    Install, Configure, Forget

  • Re: Multiple session cookies problem

    Oct 31, 2013 11:13 AM|Anton Palyok|LINK

    I was able to remove those cookies with Javascript.

    Just add next script to the end of login page. This will remove all "ASPSESSIONIDXXXXXXX" cookies before user will login to website:

    <script type="text/javascript">
        //Clear any session cookies
        (function(){
            var i;
            var cookiesArr;
            var cItem;
    
            cookiesArr = document.cookie.split("; ");
            for (i = 0; i < cookiesArr.length; i++) {
                cItem = cookiesArr[i].split("=");
                if (cItem.length > 0 && cItem[0].indexOf("ASPSESSIONID") == 0) {
                    deleteCookie(cItem[0]);
                }
            }
    
            function deleteCookie(name) {
                var expDate = new Date();
                expDate.setTime(expDate.getTime() - 86400000); //-1 day
                var value = "; expires=" + expDate.toGMTString() + ";path=/";
                document.cookie = name + "=" + value;
            }
        })();
    </script>