How to retain IIS session ? - WeOnlyDo Discussion board

How to retain IIS session ? (General questions)

by Don, Saturday, March 07, 2009, 20:26 (5743 days ago)

Hello,

When using HttpDLX, to retreive a webpage from within the same URL...

The issue we are running into is each request calls a page that retreives a wait, header and footer pages. Each call establishes a new IIS session... thus each user actually has 4 session with the first hit. Each page load establishes 3 more sessions.

How can I retain the current IIS session state when calling HttpDLX from and to the same website in IIS ?

Regards,
Don

Re: How to retain IIS session ?

by wodDamir, Saturday, March 07, 2009, 21:08 (5743 days ago) @ Don

Don,

You need to provide your session headers/cookies to your new request. You can do that by simply copying the Headers/Cookies from response to your next request. I.e:

For i = 0 To http1.Response.Headers.Count - 1
http1.Request.Headers.Add http1.Response.Headers(i)
Next i

You should do the same for cookies.

Can you try something like that?

Regards,
Damba

Re: How to retain IIS session ?

by Don, Saturday, March 07, 2009, 21:25 (5743 days ago) @ wodDamir

Hi,

Thanks for the quick response.

I tried this, but objHTTP.Response.Headers.Count and objHTTP.Response.Cookies.Count both return 0 for some reason.


Don

Re: How to retain IIS session ?

by wodDamir, Saturday, March 07, 2009, 21:29 (5743 days ago) @ Don

Don,

Where exactly do you see session count? On IIS machine?

What happens if you load the same page using IE or some other browser?

Can you show me an example of your code?

Regards,
Damba

Re: How to retain IIS session ?

by Don, Saturday, March 07, 2009, 21:52 (5743 days ago) @ wodDamir

Let me try to explain the steps/issue:

1) A remote webpage has 3 javascript src include calls (wait, header and footer). The javascript calls an ASP page and returns the content.

2) The ASP page called (from the Javascript) contains the HttpDLX code to then retreive an ASP page from the same site (loader.asp). The response is massaged and returned in Javascript document.write format back to #1. This same process occurs for the wait, header and footer javascript calls.

3) One session exists on the intial server.

Another session exists on the server containing the HttpDLX code (loader.asp). Each call to this page retains the current session.

Each call to HttpDLX from within the loader.asp page calls another page on the same site. Each time HttpDLX is called, another session is established. AS a user changes from page to page (with the wait, header and footer calls) 3 new sessions are established (each page load).


Re: How to retain IIS session ?

by wodDamir, Saturday, March 07, 2009, 22:11 (5743 days ago) @ Don

Don,

Can you use some Http analyzing software (such as IEWatch) and check what exactly is sent/received in it? You can then try using the same request as a regular browser does. Can you please try doing that?

The server should provide Session id, a header or a cookie which client uses to identify and use the same session.

Regards,
Damba

Re: How to retain IIS session ?

by Don, Saturday, March 07, 2009, 23:26 (5743 days ago) @ wodDamir

Note sure if this helps... but the following is what is retreived from the loader.asp page (before HttpDLX is called):

[code]
HTTP_ACCEPT=*/*
HTTP_ACCEPT_LANGUAGE=en-us
HTTP_CONNECTION=Keep-Alive
HTTP_HOST=www.abcabc.ca
HTTP_REFERER=http://www.defdef.ca/loader_test.asp
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
HTTP_COOKIE=ASPSESSIONIDQADTBCCD=BDDDFNCBDBGGJOCFGOJNECFH
HTTP_ACCEPT_ENCODING=gzip, deflate
[/code]

This is what is retreived from the page HttpDLX calls:

[code]
HTTP_HOST=www.abcabc.ca
HTTP_ACCEPT_ENCODING=gzip,deflate
HTTP_HTTP_ACCEPT=
HTTP_HTTP_ACCEPT_LANGUAGE=
HTTP_HTTP_CONNECTION=
HTTP_HTTP_HOST=
HTTP_HTTP_REFERER=
HTTP_HTTP_USER_AGENT=
HTTP_HTTP_COOKIE=
HTTP_HTTP_ACCEPT_ENCODING=
[/code]

Below is what I am using to attempt passing the Loader HTTP variables through HttpDLX:

[code]
If trim(request.servervariables( SERVER_PORT )) = 443 Then
hReq = https
Else
hReq = http
End If

aliasid = request.querystring( alias )

URL = hReq & ://www.abcabc.ca/ & thisAlias & /includes/ & section & .asp? & request.ServerVariables( QUERY_STRING )

set objHTTP = Server.CreateObject( WeOnlyDo.wodHttpDLXCom.1 )
objHTTP.LicenseKey = XXXXX
objHTTP.Blocking = 1
objHTTP.Authentication = 0
objHTTP.AutoRedirect = 1
objHTTP.Compression = 1

For Each name In Request.ServerVariables
if left(name,5) = HTTP_ then
objHTTP.Request.Headers.Add name,Request.ServerVariables(name)
end if
Next

For Each name In Request.Cookies
objHTTP.response.Cookies.Add name,Request.Cookies(name)
Next

objHTTP.URL = URL
if left(lcase(URL),5) = https then
objHTTP.Secure = 2
objHTTP.Port = 443
else
objHTTP.Secure = 0
objHTTP.Port = 80
end if
objHTTP.Timeout = 20
objHTTP.GET

If objHTTP.Response.StatusCode = 200 Then
HEADER_TEXT =
HEADER_TEXT = HEADER_TEXT & objHTTP.Response.Body
Else
HEADER_TEXT = <span style=color:#CCCCCC;>ERROR: & section & could not be retrieved.</span>
End If

objHTTP.Disconnect
Set objHTTP = Nothing
[/code]

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 01:17 (5742 days ago) @ Don

I modified the .Add line, so that HTTP_ was not being passed:

[code]
objHTTP.request.Headers.Add mid(name,6,len(name)-5), & Request.ServerVariables(name) &
[/code]

and this appears to now pass most header items across.
However, the session state is not retained and a new session is still established.

Maybe IIS can not support this with HttpDLX ?

Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 01:22 (5742 days ago) @ Don

Don,

is server sending cookies at all? Some pages prefer to send cookies through javascript, to ensure page is being loaded from the browser - who can interpret the javascript. Of course, any other client doesn't see them and causes it to malfunction.

If you use Firefox, you can install addon called 'httpfox' so you can see all the data being sent/received, including all the cookies.

Kreso

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 01:46 (5742 days ago) @ wodSupport

Hi,

This issue is the HttpDLX is not retaining the session
for the page it is calling, even though it is on the same site/server.

- user hits site 1
- javascript in site 1 calls page on site 2
- user (via javascript) hits site 2 (* session established)
- HttpDLX calls page on site 2 (** new session established)
and returns content.

Each time HttpDLX is called, a new server session is established.
There is no client side involved, only the server calling another server page.


Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 01:50 (5742 days ago) @ Don

Don,

it's not that 'wodHttpDLX' is retaining the session, wodHttpDLX does not know about sessions, it purely sends and receives HTTP data. Your app should take care of it.

We need to isolate how to retain the session. Are any cookies received from previous get/post which you should return back on additional get/post?

Kreso

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 02:15 (5742 days ago) @ wodSupport

Hi,

If I remove HttpDLX fromthe equation and call the pages directly, the sessions are retained (but I loose the functionality I require).

Only when HttpDLX calls the page, the page no longer see's this as the same user (thus another session).

I am passing everything I possible can from the ASP page to the HttpDLX com. I noted prior what is being accepted over.

I can confirm that HTTP_COOKIE is being passed and received on the other page, but when I display request.cookies in ASP the data was not carried from the header.

I am also noting that nothing carries over unless I have the value as:

[code]
objHTTP.request.Headers.Add mid(name,6,len(name)-5), & Request.ServerVariables(name) &
[/code]

If I use the below, the values across are empty, but the name is there:
[code]
objHTTP.request.Headers.Add mid(name,6,len(name)-5), Request.ServerVariables(name)
[/code]

Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 02:19 (5742 days ago) @ Don

Ok, let's check what's sent. If you do this

Http1.DebugFile = c:\debug.txt

you will see exactly what wodHttpDLX sends and receives - just make sure it is allowed to write to that directory (or point it to somewhere else).

Can you paste what wodHttpDLX sent? Is 'Cookie' header inside?

Kreso

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 02:26 (5742 days ago) @ wodSupport

Hi,

There is no file created.
And no error...not sure why.

Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 02:28 (5742 days ago) @ Don

Permissions, surely. WHere do you run wodHttpDLX from? In ASP page? If so, you're running it as 'guest' user and you cannot create files.

You can create temporary directory and dump log there, but make sure 'Everyone' has 'Full access' to that directory.

Kreso

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 02:33 (5742 days ago) @ wodSupport

Yes, running on IIS6 using ASP.
The file is set to c: empdebug.txt
That directory already has everyone - full control.
Also, the asp file launching HttpDLX is also set to everyone - full control.

Does the ASP page need to run as administrator ?

Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 02:38 (5742 days ago) @ Don

If you're licensed user then you don't need to run it as admin.

Can you dump contents of Http1.Request.Headers.ToString just before you call it's Get/Post method?

Kreso

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 03:11 (5742 days ago) @ wodSupport

Hi,

Yes, I have a licensed version.

Below is what I retreived with header.tostring:

[code]
ACCEPT_LANGUAGE: en-us
CONNECTION: Keep-Alive
HOST: www.abcabc.ca
USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
ACCEPT_ENCODING: gzip, deflate
COOKIE: COOKIE=__utma=105469855.3621766672865152000.1227122525.1227122525.1227122525.1; __utmz=105469855.1227122525.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDQADTBCCD=BDDDFNCBDBGGJOCFGOJNECFH;
[/code]

This is what I receive from cookies.tostring:
[code]
COOKIE=__utma=105469855.3621766672865152000.1227122525.1227122525.1227122525.1; __utmz=105469855.1227122525.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDQADTBCCD=BDDDFNCBDBGGJOCFGOJNECFH
[/code]

I do not understand why COOKIE= is appearing in both, as I do not even have that text anywhere.

Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 03:14 (5742 days ago) @ Don

I have a feeling this line: [code]objHTTP.request.Headers.Add mid(name,6,len(name)-5), & Request.ServerVariables(name) & [/code] produces this = char you're seeing. Can you double-check how you add that header, and what are exact values being added?

Kreso

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 03:20 (5742 days ago) @ wodSupport

Using
[code]
objHTTP.request.Headers.Add mid(name,6,len(name)-5), & Request.ServerVariables(name) &
[/code]

will add
[code]
ACCEPT: */*
ACCEPT_LANGUAGE: en-us
CONNECTION: Keep-Alive
HOST: www.abcabc.ca
USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
ACCEPT_ENCODING: gzip, deflate
COOKIE: COOKIE=__utma=105469855.3621766672865152000.1227122525.1227122525.1227122525.1; __utmz=105469855.1227122525.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDQADTBCCD=BDDDFNCBDBGGJOCFGOJNECFH;
[/code]

Using
[code]
objHTTP.request.Headers.Add mid(name,6,len(name)-5), Request.ServerVariables(name)
[/code]

will add no values (and I have confirmed values are being passed)
[code]
ACCEPT:
ACCEPT_LANGUAGE:
CONNECTION:
HOST:
USER_AGENT:
ACCEPT_ENCODING:
COOKIE:
[/code]

Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 03:23 (5742 days ago) @ Don

Don,

I see what it will add, but it's obviously wrong. You must change the function for adding those headers. I have no idea what would mid(name, 6, len-(name-5)) do since I don't know what are initial values. You have to debug this.

One node - USER_AGENT is wrong, so is any other header that has _ in the name, you should convert those to - (minus)

Kreso

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 03:50 (5742 days ago) @ wodSupport

I grabbing from ASP the current header items and passing them to HttpDLX.

I can not pass HTTP_ to the COM, otherwise it returns on the other side as HTTP_HTTP_HOST and not HTTP_HOST. Thus, I have to remove HTTP_ from the original header item name.

[code]
For Each name In Request.ServerVariables

'capture only HTTP_ header items
if left(name,5) = HTTP_ then

'strip HTTP_ from header item name
varName = mid(name,6,len(name)-5)

'repace _ with - for header add by HttpDLX
varName = replace(varName, _ , - )

if name = HTTP_COOKIE then
'capture cookie items from header for header add by HttpDLX
cookieStr = cookieStr & name & = & Request.ServerVariables(name) & ;

'add cookie item
objHTTP.request.Cookies.Add Request.ServerVariables(name) &
else
'add header item to HttpDLX
objHTTP.request.Headers.Add varName, & Request.ServerVariables(name) &
end if
end if
Next

'add header cookie items to HttpDLX
objHTTP.request.Headers.Add COOKIE , & cookieStr &
[/code]

Re: How to retain IIS session ?

by Don, Sunday, March 08, 2009, 03:51 (5742 days ago) @ Don

Regardless if I add as USER-AGENT or USER_AGENT, it appears from ASP as USER_AGENT.

Re: How to retain IIS session ?

by wodDamir, Sunday, March 08, 2009, 06:15 (5742 days ago) @ Don

Don,

What version of wodHttpDLX are you using? Is there any chance we can connect to that page and duplicate this behaviour?

Also, in one of your logs, you have COOKIE: COOKIE= . This shouldn't be like that. The COKIE= shouldn't be there.

Regards,
Damba

Re: How to retain IIS session ?

by wodSupport, Sunday, March 08, 2009, 13:00 (5742 days ago) @ wodDamir

I think in this line [code]cookieStr = cookieStr & name & = & Request.ServerVariables(name) & ; [/code]you add this '=' which shouldn't be there. If I'm correct, cookie isn't part of QueryVariable, cookie is full variable. But I didn't debug it, so only you can know the answer.

Kreso