I have teh following in teh global.asa (which i put in the web root directory not subdircory that my page is in - is this correct?)

Sub Session_OnEnd

sql="update useraccess set isonline=false where id=" & session("userid")
sobjconn.execute sql
sobjconn.close
set sobjconn=nothing
End Sub

but the session ended and it did not run teh sql.

why would this happen?

esthera,
I too have had problems using this sub in the past and i dont have an answer for you. The Session_OnEnd will fire when the session expires but it seems like sometimes it works and sometimes it does not.

I did a google to revist this topic and it just seems like no one has had much success w/ it. On the other hand Application_OnStart and Session_OnStart seem to work just fine, go figure.

I wish i could tell you something else and maybe someone else has a solution to this problem. I would love to hear what others have to say about it.

russell??????? :D

Probably you won’t like the answer, and I don't have an easy workaround, but…

It comes down to a bug (feature) in IIS since IIS4.0 (and still present in IIS6). The Session_OnEnd event fires under a different user account than the Session_OnStart event.

Most COM and network resource calls seem to fail when called from Session_OnEnd. Check your event logs for errors (unless it's a hosted site -- they won't likely let you see 'em). The fix is to make your web app part of a COM+ or MTS application, or to execute your web app with an administrative account (bad idea).

I've read in the past that if you use the oledb provider (and not the odbc driver) that this will work, but I have serious doubts -- though you should always be using the oledb provider anyway...

Check out these MSDN KB Articles for more info
http://support.microsoft.com/default.aspx/kb/247968
http://support.microsoft.com/default.aspx/kb/277329

and finally this one, which can also solve the problem, but opens you up to serious security concerns -- and if it's a hosted site they won't give ya the pwd anyway --
http://support.microsoft.com/kb/248187/EN-US/

The *best* way to update the db to indicate a user has logged out is to put a "Logout" button on the screen. Then you can update the db while the session is active, then call the Session.Abandon method. If you want to show currently logged in users, store the list in the application object, updating when sessions begin and end. If you must, you can do a number of other things to manage sessions yourself, such as updating the db with every page hit and running a program every few minutes to check how long since the last hit and update if necessary, using javascript and Iframes to ping the server periodically etc. but this is usually a lot of work to solve a problem that doesn’t really need to be solved. There are better ways to manage the login state than in your database.

I store “Last Login” in my database, but not the status (logged in / not logged in). That I handle with asp classes (or com+ classes), cookies and if need be sessions – though I avoid the use of sessions wherever possible.

Long and short is – don’t try to access network or COM resources in the Session_OnEnd or Application_OnEnd.

Oh, and thanks for calling me out lmf!!! Yours is coming...

The *best* way to update the db to indicate a user has logged out is to put a "Logout" button on the screen.

I did this but the problem is if the session passes and the user was away from his machine and didn't log out - he then can't log back in. (the point of this is to keep only one user logged in at a time)

would it be better to store each user and whether he is online or not in the application object? if so how would I go about doing that?