Session ID makes random URL appearance

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Session ID makes random URL appearance

Patrick Larkin-2
Hello -

Lasso 8.6 question.

I have a site that uses sessions.  It invokes a session on every page whether a session is in use or not.  (This way, if a person does log in, it keeps their session going anywhere on the site.)  When the person actually logs in, it replaces the empty session with an actual session.  Anyway, I use the -UseAuto flag to store as a cookie.  Every once in a while, the session ID will appear in the URL and will mess up some of the existing URL structures.  I did a search on the entire site for any lingering “-UseLink” flags but it found none.  

So what would cause this to happen?  Does anyone have any idea?  Sometimes I can witness this happening but cannot trace the steps to why.  It’s not reproducible on demand.  

Patrick Larkin
Information Systems
Bethlehem Area School District
https://www.beth.k12.pa.us




#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

Jonathan Guthrie-3
Hi Patrick,

UseAuto will use session links as a fallback option. I suggest using the -useCookie option instead.

Thanks
Jono

On Apr 29, 2014, at 10:55 AM, Patrick Larkin <[hidden email]> wrote:

> Hello -
>
> Lasso 8.6 question.
>
> I have a site that uses sessions.  It invokes a session on every page whether a session is in use or not.  (This way, if a person does log in, it keeps their session going anywhere on the site.)  When the person actually logs in, it replaces the empty session with an actual session.  Anyway, I use the -UseAuto flag to store as a cookie. Every once in a while, the session ID will appear in the URL and will mess up some of the existing URL structures.  I did a search on the entire site for any lingering “-UseLink” flags but it found none.  
>
> So what would cause this to happen?  Does anyone have any idea?  Sometimes I can witness this happening but cannot trace the steps to why.  It’s not reproducible on demand.  
>
> Patrick Larkin
> Information Systems
> Bethlehem Area School District
> https://www.beth.k12.pa.us



Jono

----------------------------
Jonathan Guthrie
[hidden email]
@iamjono
LassoSoft Inc.
AIM Chatroom: lassochat

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

stevepiercy
In reply to this post by Patrick Larkin-2
 From the Language Guide:

-UseAuto    This option automatically uses -UseCookie if cookies
are available on the visitor's browser or -UseLink otherwise.

Suggest using -UseCookie instead.  The downside, a minor one, is
that this might affect some users whose browsers do not accept cookies.

--steve


On 4/29/14 at 10:55 AM, [hidden email] (Patrick Larkin) pronounced:

>Hello -
>
>Lasso 8.6 question.
>
>I have a site that uses sessions.  It invokes a session on
>every page whether a session is in use or not.  (This way, if a
>person does log in, it keeps their session going anywhere on
>the site.)  When the person actually logs in, it replaces the
>empty session with an actual session.  Anyway, I use the
>-UseAuto flag to store as a cookie.  Every once in a while, the
>session ID will appear in the URL and will mess up some of the
>existing URL structures.  I did a search on the entire site for
>any lingering “-UseLink” flags but it found none.
>So what would cause this to happen?  Does anyone have any
>idea?  Sometimes I can witness this happening but cannot trace
>the steps to why.  It’s not reproducible on demand.
>Patrick Larkin
>Information Systems
>Bethlehem Area School District
>https://www.beth.k12.pa.us
>
>
>
>
>#############################################################
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
Steve Piercy               Web Site Builder              
Soquel, CA
<[hidden email]>                  <http://www.StevePiercy.com/>

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

James Harvard
In reply to this post by Patrick Larkin-2
As others have said, -useauto will fall back to using session IDs in links. Logically, for this to work, the first page a user visits would always have links 'decorated' with session IDs, but then links would not decorated on subsequent pages *if* a session cookie is detected. So, AFAIK, you'll always have some session IDs in links at least at the start of a user's visit. (I guess you could test by just deleting all cookies for your domain in your browser before trying it yourself.)

Don't forget the search engine bots are unlikely to support cookies, so will probably be indexing your pages with session IDs in the URLs. It might be that users are arriving via a search engine, or a similar link on some other external site, which contains a session ID.

Also potentially relevant is a change in how Lasso reacts to unrecognised (eg old & expired) session IDs in 8.6.3 - see my bug report here http://www.lassosoft.com/rhinotrac?id=7731

HTH,
James

On 29 Apr 2014, at 15:55, Patrick Larkin wrote:

> Hello -
>
> Lasso 8.6 question.
>
> I have a site that uses sessions.  It invokes a session on every page whether a session is in use or not.  (This way, if a person does log in, it keeps their session going anywhere on the site.)  When the person actually logs in, it replaces the empty session with an actual session.  Anyway, I use the -UseAuto flag to store as a cookie.  Every once in a while, the session ID will appear in the URL and will mess up some of the existing URL structures.  I did a search on the entire site for any lingering “-UseLink” flags but it found none.  
>
> So what would cause this to happen?  Does anyone have any idea?  Sometimes I can witness this happening but cannot trace the steps to why.  It’s not reproducible on demand.  
>
> Patrick Larkin

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

Patrick Larkin-2
In reply to this post by Jonathan Guthrie-3
But it should never fall back if cookies are enabled, right?  I don’t know why it would fall back if my cookies are enabled.

Patrick Larkin
Information Systems
Bethlehem Area School District
https://www.beth.k12.pa.us




On Apr 29, 2014, at 11:02 AM, Jonathan Guthrie <[hidden email]> wrote:

> Hi Patrick,
>
> UseAuto will use session links as a fallback option. I suggest using the -useCookie option instead.
>
> Thanks
> Jono
>
> On Apr 29, 2014, at 10:55 AM, Patrick Larkin <[hidden email]> wrote:
>
>> Hello -
>>
>> Lasso 8.6 question.
>>
>> I have a site that uses sessions.  It invokes a session on every page whether a session is in use or not.  (This way, if a person does log in, it keeps their session going anywhere on the site.)  When the person actually logs in, it replaces the empty session with an actual session.  Anyway, I use the -UseAuto flag to store as a cookie. Every once in a while, the session ID will appear in the URL and will mess up some of the existing URL structures.  I did a search on the entire site for any lingering “-UseLink” flags but it found none.  
>>
>> So what would cause this to happen?  Does anyone have any idea?  Sometimes I can witness this happening but cannot trace the steps to why.  It’s not reproducible on demand.  
>>
>> Patrick Larkin
>> Information Systems
>> Bethlehem Area School District
>> https://www.beth.k12.pa.us
>
>
>
> Jono
>
> ----------------------------
> Jonathan Guthrie
> [hidden email]
> @iamjono
> LassoSoft Inc.
> AIM Chatroom: lassochat
>
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

Patrick Larkin-2
In reply to this post by James Harvard
Thanks.  These are some of the reasons I use -UseAuto.  

Why would the first page have to have visible IDs?  I’d think they’d only be seen if the user has cookies disabled.  

Patrick Larkin
Information Systems
Bethlehem Area School District
https://www.beth.k12.pa.us




On Apr 29, 2014, at 1:33 PM, James Harvard <[hidden email]> wrote:

> As others have said, -useauto will fall back to using session IDs in links. Logically, for this to work, the first page a user visits would always have links 'decorated' with session IDs, but then links would not decorated on subsequent pages *if* a session cookie is detected. So, AFAIK, you'll always have some session IDs in links at least at the start of a user's visit. (I guess you could test by just deleting all cookies for your domain in your browser before trying it yourself.)
>
> Don't forget the search engine bots are unlikely to support cookies, so will probably be indexing your pages with session IDs in the URLs. It might be that users are arriving via a search engine, or a similar link on some other external site, which contains a session ID.
>
> Also potentially relevant is a change in how Lasso reacts to unrecognised (eg old & expired) session IDs in 8.6.3 - see my bug report here http://www.lassosoft.com/rhinotrac?id=7731
>
> HTH,
> James
>
> On 29 Apr 2014, at 15:55, Patrick Larkin wrote:
>
>> Hello -
>>
>> Lasso 8.6 question.
>>
>> I have a site that uses sessions.  It invokes a session on every page whether a session is in use or not.  (This way, if a person does log in, it keeps their session going anywhere on the site.)  When the person actually logs in, it replaces the empty session with an actual session.  Anyway, I use the -UseAuto flag to store as a cookie.  Every once in a while, the session ID will appear in the URL and will mess up some of the existing URL structures.  I did a search on the entire site for any lingering “-UseLink” flags but it found none.  
>>
>> So what would cause this to happen?  Does anyone have any idea?  Sometimes I can witness this happening but cannot trace the steps to why.  It’s not reproducible on demand.  
>>
>> Patrick Larkin
>
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

Mason Miller
In reply to this post by Patrick Larkin-2
We are having problems with 8.6 killing sessions prematurely. We have -uselink and -usecookie enabled. Maybe there is a relationship to these problems.

Mason

Sent from my iPhone

> On Apr 29, 2014, at 1:57 PM, Patrick Larkin <[hidden email]> wrote:
>
> But it should never fall back if cookies are enabled, right?  I don’t know why it would fall back if my cookies are enabled.
>
> Patrick Larkin
> Information Systems
> Bethlehem Area School District
> https://www.beth.k12.pa.us
>
>
>
>
>> On Apr 29, 2014, at 11:02 AM, Jonathan Guthrie <[hidden email]> wrote:
>>
>> Hi Patrick,
>>
>> UseAuto will use session links as a fallback option. I suggest using the -useCookie option instead.
>>
>> Thanks
>> Jono
>>
>>> On Apr 29, 2014, at 10:55 AM, Patrick Larkin <[hidden email]> wrote:
>>>
>>> Hello -
>>>
>>> Lasso 8.6 question.
>>>
>>> I have a site that uses sessions.  It invokes a session on every page whether a session is in use or not.  (This way, if a person does log in, it keeps their session going anywhere on the site.)  When the person actually logs in, it replaces the empty session with an actual session.  Anyway, I use the -UseAuto flag to store as a cookie. Every once in a while, the session ID will appear in the URL and will mess up some of the existing URL structures.  I did a search on the entire site for any lingering “-UseLink” flags but it found none.  
>>>
>>> So what would cause this to happen?  Does anyone have any idea?  Sometimes I can witness this happening but cannot trace the steps to why.  It’s not reproducible on demand.  
>>>
>>> Patrick Larkin
>>> Information Systems
>>> Bethlehem Area School District
>>> https://www.beth.k12.pa.us
>>
>>
>>
>> Jono
>>
>> ----------------------------
>> Jonathan Guthrie
>> [hidden email]
>> @iamjono
>> LassoSoft Inc.
>> AIM Chatroom: lassochat
>>
>> #############################################################
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

Wade Maxfield
In reply to this post by Patrick Larkin-2
On 30/04/2014, at 5:59 AM, Patrick Larkin <[hidden email]> wrote:
>
> Why would the first page have to have visible IDs?  I’d think they’d only be seen if the user has cookies disabled.  

Cookies are sent to the server in the request header. So the very first page they visit won't have a valid session cookie (whether cookies are enabled or not). Lasso doesn't know they have cookies enabled or disabled on the first page they visit so it tries setting a cookie, and as a backup it populates the links with the session as well.  Only on the next page can we check to see if the cookie we tried to set on the first page actually exists (so cookies are enabled and working), and if it does then it switches to cookies only. Otherwise it keeps populating the links.

 - Wade


#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Session ID makes random URL appearance

James Harvard
In reply to this post by Mason Miller
Hello, Mason. Did you see the link to my bug report that I posted earlier in this thread? That might be a factor in the problem you're experiencing.

I posted in more depth about it here: http://www.lassotalk.com/Re-sessions-being-duplicated.lasso?274863

HTH,
James

On 29 Apr 2014, at 20:30, Mason Miller wrote:

> We are having problems with 8.6 killing sessions prematurely. We have -uselink and -usecookie enabled. Maybe there is a relationship to these problems.
>
> Mason
>
> Sent from my iPhone
>
>> On Apr 29, 2014, at 1:57 PM, Patrick Larkin <[hidden email]> wrote:
>>
>> But it should never fall back if cookies are enabled, right?  I don’t know why it would fall back if my cookies are enabled.
>>
>> Patrick Larkin
>> Information Systems
>> Bethlehem Area School District
>> https://www.beth.k12.pa.us
>>
>>
>>
>>
>>> On Apr 29, 2014, at 11:02 AM, Jonathan Guthrie <[hidden email]> wrote:
>>>
>>> Hi Patrick,
>>>
>>> UseAuto will use session links as a fallback option. I suggest using the -useCookie option instead.
>>>
>>> Thanks
>>> Jono
>>>
>>>> On Apr 29, 2014, at 10:55 AM, Patrick Larkin <[hidden email]> wrote:
>>>>
>>>> Hello -
>>>>
>>>> Lasso 8.6 question.
>>>>
>>>> I have a site that uses sessions.  It invokes a session on every page whether a session is in use or not.  (This way, if a person does log in, it keeps their session going anywhere on the site.)  When the person actually logs in, it replaces the empty session with an actual session.  Anyway, I use the -UseAuto flag to store as a cookie. Every once in a while, the session ID will appear in the URL and will mess up some of the existing URL structures.  I did a search on the entire site for any lingering “-UseLink” flags but it found none.  
>>>>
>>>> So what would cause this to happen?  Does anyone have any idea?  Sometimes I can witness this happening but cannot trace the steps to why.  It’s not reproducible on demand.  
>>>>
>>>> Patrick Larkin
>>>> Information Systems
>>>> Bethlehem Area School District
>>>> https://www.beth.k12.pa.us
>>>
>>>
>>>
>>> Jono
>>>
>>> ----------------------------
>>> Jonathan Guthrie
>>> [hidden email]
>>> @iamjono
>>> LassoSoft Inc.
>>> AIM Chatroom: lassochat
>>>
>>> #############################################################
>>> This message is sent to you because you are subscribed to
>>> the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>
>> #############################################################
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>