Web Wiz Forums - save_new_session

Print Page | Close Window

save_new_session_data

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=31774
Printed Date: 28 March 2026 at 1:39pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: save_new_session_data

Posted By: Roberto Randall
Subject: save_new_session_data
Date Posted: 10 December 2023 at 9:50am

I have entered my forum logs and I have seen that there are many errors in "save_new_session_data" giving the problem "Cannot insert duplicate key in object...". I think the problem is because the forum is accessed from the same computer from several browsers at the same time, but I'm not sure. Is there any way to fix this problem? If when recording a session it is found that it already exists, instead of generating an error, can it be made to generate another session id?

e.g.

If strSessionData = rs(Session_data) Then strSessionData = LCase(hexValue(12))

Thank you,

I am Spanish and I translate with Google translator.

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Replies:

Posted By: WebWiz-Bruce
Date Posted: 10 December 2023 at 12:21pm

As far as I am aware this bugs was fixed a number of years ago.

Please try updating to the latest version and see if that resolves the issue for you.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Roberto Randall
Date Posted: 10 December 2023 at 1:31pm

OK thanks. I will update the forum to the latest version.

Is the update only for the pages? Do we need to modify any tables in the database?

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 10 December 2023 at 3:46pm

It would depend on what version you are upgrading from. You can see the release notes at the version below that details many of the changes.

https://www.webwiz.net/web-wiz-forums/kb/release-notes.htm" rel="nofollow - https://www.webwiz.net/web-wiz-forums/kb/release-notes.htm

It is highly recommended that you replace all the files.

Posted By: Roberto Randall
Date Posted: 11 December 2023 at 5:43pm

I have it updated.

I have been investigating the IPs that generate the error and I have verified that they are robots. For now I have identified the following robots and expanded the function of "Search Robot" in functions_common.asp:

OR inStr(1, strUserAgent, "Twitter", 1) OR inStr(1, strUserAgent, "Semrush", 1) OR inStr(1, strUserAgent, "Petal", 1) OR inStr(1, strUserAgent, "GrapeshotCrawler", 1) OR inStr(1, strUserAgent, "omgili", 1) OR inStr(1, strUserAgent, "MuckRackFeedParser", 1) OR inStr(1, strUserAgent, "semantic-visions", 1) OR inStr(1, strUserAgent, "Buck", 1) OR inStr(1, strUserAgent, "proximic", 1) OR inStr(1, strUserAgent, "GoogleProducer", 1) OR inStr(1, strUserAgent, "CensysInspect", 1) OR inStr(1, strUserAgent, "Criteo", 1)

If you want, when I have more robots identified I can include them in this post.

I have had the forum purchased and running for many years, so I have many robots crawling my website every day. I have had the forum purchased and running for many years, so I have many robots crawling my website every day.

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 12 December 2023 at 9:00am

Its an interesting idea, we have a list of over 100 different bots and that's just a small number of what's out there.

Before adding more to the list I think the way it is handled would need to be changed to prevent it impacting on performance.

Posted By: Roberto Randall
Date Posted: 12 December 2023 at 1:25pm

So, are they going to make this change for a new version?

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 12 December 2023 at 2:57pm

Its on the 'to do' list, and will depend if there is any free time to work on it.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Roberto Randall
Date Posted: 12 December 2023 at 4:23pm

ok, anyway I will publish my progress in this post by adding bots (in case someone doesn't have it).

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: Roberto Randall
Date Posted: 12 December 2023 at 8:20pm

Well, I have found some more IPs that generate duplicity in the session. I have also searched and put all the ones on Google:

inStr(1, strUserAgent, "Twitter", 1) OR inStr(1, strUserAgent, "Semrush", 1) OR inStr(1, strUserAgent, "Petal", 1) OR inStr(1, strUserAgent, "GrapeshotCrawler", 1) OR inStr(1, strUserAgent, "omgili", 1) OR inStr(1, strUserAgent, "MuckRackFeedParser", 1) OR inStr(1, strUserAgent, "semantic-visions", 1) OR inStr(1, strUserAgent, "Buck", 1) OR inStr(1, strUserAgent, "proximic", 1) OR inStr(1, strUserAgent, "GoogleProducer", 1) OR inStr(1, strUserAgent, "CensysInspect", 1) OR inStr(1, strUserAgent, "Criteo", 1) OR inStr(1, strUserAgent, "MuckRack", 1) OR inStr(1, strUserAgent, "SentiBot", 1) OR inStr(1, strUserAgent, "Beloud", 1) OR inStr(1, strUserAgent, "Feedly", 1) OR inStr(1, strUserAgent, "Feedfetcher-Google", 1) OR inStr(1, strUserAgent, "Storebot-Google", 1) OR inStr(1, strUserAgent, "Google-InspectionTool", 1) OR inStr(1, strUserAgent, "GoogleOther", 1) OR inStr(1, strUserAgent, "Google-Extended", 1) OR inStr(1, strUserAgent, "APIs-Google", 1) OR inStr(1, strUserAgent, "AdsBot-Google-Mobile", 1) OR inStr(1, strUserAgent, "AdsBot-Google", 1) OR inStr(1, strUserAgent, "FeedFetcher-Google", 1)

I think putting more is bad for performance and I think I should stop.

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 13 December 2023 at 7:34am

I have a list of 123 bots, and that's a tiny percentage of what's out there. You can also get bot software that allows you to set your own bot name, so the list could be endless. You may want to just cover the most popular bots rather than trying to add them all.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Roberto Randall
Date Posted: 13 December 2023 at 5:15pm

With these three sections they do filter many bots:

inStr(1, strUserAgent, "bot", 1) OR inStr(1, strUserAgent, "crawler", 1) OR inStr(1, strUserAgent, "spider", 1)

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 14 December 2023 at 7:06am

That looks good.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Roberto Randall
Date Posted: 14 December 2023 at 7:49am

I am reviewing the generated log every day.

As a test, I created a connection before recording the IP in the sessions table, which checks if the session exists and if it exists, it creates a new session code.

Today when I checked the log file I saw that there are still errors due to duplicity (which is impossible because I have put a connection before the connection to record the session so that it can verify if it exists).

Checking the log I have seen that at the same time (hour, minute and second) there are more than 10 duplicity and database blocking errors with the same IP. In milliseconds they have tried to access.

2023-12-14 03:53:12 - 49.12.9.78 - Invitado - ERROR - File: database_connection.asp - Error Details: err_SQLServer_db_connection - Microsoft OLE DB Driver for SQL Server - Invalid connection string attribute (this same line more than 10 times)

2023-12-14 04:04:00 - 49.12.9.78 - Invitado - ERROR - File: functions_session_data.asp - Error Details: err_SQLServer_save_new_session_data - Microsoft OLE DB Driver for SQL Server - Violation of PRIMARY KEY constraint 'PK__tblNPSes__E9CBB3125D6845C6'. Cannot insert duplicate key in object 'dbo.tblNPSession'. The duplicate key value is (6500-c4dcdz172ad65951111f1694444444). (this same line more than 10 times)

My last action has been to block these IPs that are "bombing" my forum.

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 14 December 2023 at 8:21am

Its quite complicated but due to Classic ASP not being able to generate true random numbers.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Roberto Randall
Date Posted: 14 December 2023 at 2:44pm

I have attached a screenshot of the connection I created so that you can verify that the session code does not exist. To ensure that it is not duplicated again, I add three new random digits.

With this code we can ensure that a user (not a machine) if they open the forum in two browsers (or more) at the same time and have the same session code, a different one will be created without duplication.

I hope it helps you (if you don't want the image that I have inserted of the code in this forum to remain, delete it (in any case, I will delete it from my domain after a few days). This is just for you, to help you) .

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 14 December 2023 at 3:01pm

Thanks Roberto.

I believe the idea was not to have an extra database lookup for performance reasons, and while a bot may visit the forum multiple time in the same second from the same IP it is very unlikely that a real person could open the forum in multiple web browsers in the same second.

Cookies are shared between browser tabs so opening a second tab in the same browser the user would be linked to the same session.

Posted By: Roberto Randall
Date Posted: 14 December 2023 at 3:12pm

You're right. It's just something to keep in mind in case in the future...

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 14 December 2023 at 3:32pm

Posted By: Roberto Randall
Date Posted: 14 December 2023 at 6:26pm

One last question.

By tracking the IPs that appear in the log as a duplicate session, I have seen that there are IPs from Google and others from Microsoft that appear identified as Android or Windows.

https://network-tools.webwiz.net/ip-information.htm?ip=34.86.226.77" rel="nofollow - https://network-tools.webwiz.net/ip-information.htm?ip=34.86.226.77

https://network-tools.webwiz.net/ip-information.htm?ip=20.75.14.144" rel="nofollow - https://network-tools.webwiz.net/ip-information.htm?ip=20.75.14.144

Would anything happen if the error line was deleted and the forum was allowed to continue?

That is, delete the error line when recording the session:

'If an error has occurred write an error to the page
If Err.Number <> 0 Then Call errorMsg("An error has occurred while writing to the database.", "save_new_session_data" & strSessionErrorText, "functions_session_data.asp")

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: Roberto Randall
Date Posted: 15 December 2023 at 6:51am

I think I created a function (modified createForumSessionID() function) to create a session id without duplicating it. I left it on all night and when I woke up I accessed the log and no error for a duplicate session appears. I'm going to spend more time testing and if it works I'll copy the code I created or send it to you by email (whatever you want).

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 15 December 2023 at 8:47am

The two IP address from Google and Microsoft are for their Cloud Services and would likely be people running bots on their Cloud Service. These maybe research bots, content scrappers, or more often that not these days malicious bots looking for things like SQL Injection vulnerabilities.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: WebWiz-Bruce
Date Posted: 15 December 2023 at 8:56am

I am just look through the code for the createForumSessionID() function and it uses an application variable that is incremented by one for each new session ID created.

'Application session number to ensure that the sessions ID is unquie
Application("SessionNum") = Application("SessionNum") + 1

Are you running the latest version that has this code in the createForumSessionID() ?

Posted By: Roberto Randall
Date Posted: 15 December 2023 at 2:04pm

Yes, I have the latest version and it duplicates the session.

With this change I have made there have been no duplicate sessions:

Private Function createForumSessionID()

    Dim dblNowDate
    Dim strClientIP
    Dim TypeLib
    Dim strSessionIDFunc

    'Generate unique session ID
   Set TypeLib = CreateObject("Scriptlet.TypeLib")
        strSessionIDFunc = LCase(Mid(Replace(CStr(TypeLib.Guid), "-", ""), 2, 20))
   Set TypeLib = Nothing

    'Get the time as a double number
    dblNowDate = CDbl(Now())
    dblNowDate = Mid(dblNowDate, InStr(1, dblNowDate, ".")+1, Len(dblNowDate))

    'Application session number to ensure that the sessions ID is unquie
   Application("SessionNum") = Application("SessionNum") + 1

   'Calculate a code for the user
    createForumSessionID= Application("SessionNum") & "-" & strSessionIDFunc & dblNowDate

End Function

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 15 December 2023 at 3:20pm

Thanks will have to look in to this.

I am not sure though is Scriptlet.TypeLib is available on all servers.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Roberto Randall
Date Posted: 15 December 2023 at 3:38pm

My server is windows server 2022 and Scriptlet.TypeLib works very well for me. Now the attacks in err_SQLServer_SqlInjectionTest() appear fine in the logs and I can insert the dangerous IPs into my firewall.

If it is not compatible with all servers, you can put in the forum security menu that if the server is compatible, the owner can activate it. In this way the forum has both options.

Thanks to this code, my server's CPU is lower by being able to eliminate malicious IPs.

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: WebWiz-Bruce
Date Posted: 15 December 2023 at 5:30pm

Thanks Reberto for posting the code, if I get time next week, I will take a look.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: WebWiz-Bruce
Date Posted: 20 December 2023 at 1:38pm

I had some time to look at this and came up with the following;

Private Function createForumSessionID()

  	Dim dblNowDate 
  	Dim strClientIP
  	Dim objTypeLib
  	Dim strTypeLibGUID
  	
  	
  	'Set error trapping in case the system doesn't support Scriptlet.TypeLib
	On Error Resume Next
  	
  	 'Generate unique session ID
	Set objTypeLib = CreateObject("Scriptlet.TypeLib")
		strTypeLibGUID = LCase(Mid(CStr(objTypeLib.Guid), 2, 36))
	Set objTypeLib = Nothing

	
	'Disable error trapping
	On Error goto 0

	
	'If we have got a GUID from the system use that for the session ID
	If NOT strTypeLibGUID = "" Then
		createForumSessionID = strTypeLibGUID
  	
  	'Else we need to create a session ID
	Else
	  	'Get the time as a double number
	  	dblNowDate = CDbl(Now())
	  	dblNowDate = Mid(dblNowDate, InStr(1, dblNowDate, ".")+1, Len(dblNowDate))
	  	
		
	  	'Application session number to ensure that the sessions ID is unquie
		Application("SessionNum") = Application("SessionNum") + 1
	  	
		'Calculate a code for the user
		createForumSessionID = Application("SessionNum") & "-" & LCase(hexValue(20)) & dblNowDate
	End If

	
End Function

This will attempt to use Scriptlet.TypeLib to create the session ID and if that fails it will use the old method to create the session ID.

I have been testing this for a few days and not seen any issues with duplicate sessions and it will be included in the next release.

Thanks for your help with this.

Posted By: Roberto Randall
Date Posted: 20 December 2023 at 2:47pm

It's perfect. Thanks to you for your forum. Thumbs Up

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat