One of the most important things that you need to keep in mind when using the Session object is its scope. Any information you store with session-level scope is in scope for the duration of the user's session in a given application. This is a fine point. For example, assume your code deals with a session-level variable that was defined in the context of the Search application on your web site. This application's virtual directory, /search, reflects the following physical directory:

D:\www\apps\search

The current script, SearchStart.ASP, resides in this directory. Assume that you have initialized a session-level variable, strSearchPref, in this script. Now the user moves to another application script, ContribMain.ASP, that resides in a separate application whose virtual directory, /contrib, reflects the following physical directory:

D:\www\apps\contrib

If this user does not return to a script in the virtual directory encompassing the Search application within 20 minutes (or whatever the session duration is set to), the strSearchPref session-level variable value is reset. This is an important source of errors in complex web applications. A user session's session-level variables expire when the session ends, even if the time spent away from the application was spent in applications on the same web site.

One way to avoid this problem is to nest applications. For example, you can place the /contrib virtual directory underneath the search directory, as reflected ...