0

I have a site written in two languages, Classic ASP and PHP. I have a system to keep a user logged in on both languages that basically involves ASP asking a PHP script "hey, am I logged in?" via Post. Overall it works pretty well, but there is an issue where the ASP Session will occasionally end unexpectedly, but the user is still logged in on the PHP end.

So what I'm trying to do is set up the ASP Global.asa file with a Session_OnEnd sub that redirects to the PHP script that logs the user off PHP. That way, if the ASP Session ends, the user is just logged off entirely, rather than remaining "half logged in"

This is my entire Global.asa file:

<!--METADATA TYPE="TypeLib" NAME="Microsoft ActiveX Data Objects 2.8 Library" UUID="{2A75196C-D9EB-4129-B803-931327F72D5C}" VERSION="2.8"-->
<script language="vbscript" runat="server">
    sub Session_OnStart
        Session.CodePage = 65001
        Session.LCID = 1033
    end sub
    sub Session_OnEnd
        Response.Redirect("/login.php?logout")
    end sub
</script>

Long story short, the redirect doesn't work. I'm testing by running an ASP script that does a Session.Abandon. The session ends, but no redirect happens.

The server is IIS 10 running on Windows Server 2016.

Any idea what I'm doing wrong?

UPDATE: I'm pretty sure the Sub is simply not being triggered; and its not a failure of the redirect itself

Stephen R
  • 3,512
  • 1
  • 28
  • 45
  • 1
    Have a look at this: [Session_OnEnd, Classic ASP and IIS 7.0](https://blogs.iis.net/lprete/session-onend-classic-asp-and-iis-7-0). Seems related. – Kul-Tigin Feb 10 '21 at 19:41
  • @Kul-Tigin I saw that article. Adding the `runOnEndAnonymously="false"` in `web.config`did not fix the problem. – Stephen R Feb 10 '21 at 19:43
  • 1
    Then I can't see a way out with `global.asa`. Are you open to different solutions? I can take a look at it in my spare time. I remember the `via POST` method a little from [here](https://stackoverflow.com/q/43357406/893670). – Kul-Tigin Feb 10 '21 at 20:02
  • Am I correct in believing that `Session.Abandon` is the proper way to test this? – Stephen R Feb 12 '21 at 20:03
  • 1
    Yes, you're. But not for expecting `Response.Redirect` to work in an event called asynchronously. – Kul-Tigin Feb 12 '21 at 20:29
  • Not asyncronous. I'm calling a file `test.asp` that contains `<% Session.Abandon %>` – Stephen R Feb 12 '21 at 20:34
  • 1
    `Session_OnEnd` is the asynchronous one here. It's not part of your `test.asp` request, just an extension to the ASP application. – Kul-Tigin Feb 12 '21 at 21:20
  • Okay, I'm confused. Are you saying that `Response.Redirect` simply cannot be made to work within `Session_OnEnd`? So (maybe) I'm activating the sub correctly, but this particular command isn't going to work there? I've seen a few old posts/articles online where people seem to have made this work. – Stephen R Feb 12 '21 at 21:53
  • 1
    Yes, you got it right. Unlike `Session_OnStart`, `Session_OnEnd` is run asynchronously. The articles you saw would probably contain examples for `_OnStart`. Have a look at [Session_OnStart Event](https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524776(v=vs.90)) and [Session_OnEnd Event](https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524689(v=vs.90)). And please read the definitions carefully. You will understand how both events work differently. – Kul-Tigin Feb 12 '21 at 22:04
  • 1
    Yep. `Response` object is not available. There's my answer. :-( Thanks – Stephen R Feb 12 '21 at 22:06

0 Answers0