View Full Version : Can This Be Done? Related To ASP-Session

01-20-2003, 03:57 AM
Hi all,

I don't know if the following can be done and if it is possible, how should I go about doing it.

I had created about 5 asp programs and had an index page linking these five programs together.

However, these 5 programs are created individually and each of these programs has their own set of session, user_ID and password in-order for users to login to the system.

On all these 5 asp programs, I had created some security issue, which is user must login to the program before they can access to the content. If user tries to by-pass the login page by entering the program content's URL, the program will take user to the program login page and prompt him to login to the system.

Here is my question. I had created another login page using session. User have to login to this page in-order to access the index page, which is linking the 5 asp programs. The main aim of this new login page created is to prevent user from bypassing the index page and go straight to any of the 5-asp program Login page.

Is there a way to take user back to the main login page and prompt user to login if there are trying to bypass the main login and go directly to login to one of the 5 programs?

I had created a code
If Session("UserLoggedIn") <> "true" Then
End If
Session("UserLoggedIn") = ""
and works on the index page. With these codes, user will be re-directed to the main login page if they try to access the index page with logging in and it works.

However, I had some question creating the same thing in the 5 asp programs login pages as each of them have their own session and database storing the all user ID and Password.


01-20-2003, 06:51 AM
Actually this is a simple fix.

thre trick is to use cookies set at the root. cookies are domain specific not application specific. Since the cookie only contains the login file name is safe to be temporarily stored on the client.

The Fix...
In the root directory's global.asp add a redirect cookie collection with pointers to the index page pathed from the webroot.

Root Web Global.ASA:

Sub Application_OnStart
' Application Code
Application("AppId") = "RootApps"
End Sub
Sub Application_OnEnd
'Application cleanup code
Application("AppId") = ""
End Sub
Sub Session_OnStart
Response.Cookies("Redirects")("Homepage") = "/Default.asp"
Response.Cookies("Redirects")("logonpage") = "/login.asp"
End Sub
Sub Session_OnEnd
' Kill the cookie collection when the session ends
End Sub

Now create a SSI file such as "VerAccess.inc" with the following code:

If Session("UserLogon") <> True Then
' If the requestor is not validated redirect to the logonpage or logon page
End If

Add the following Line at the top of the any webpage to be protected.

<!-- #include file="/includes/ValAccess.inc" -->

Hope this helps


01-20-2003, 07:34 AM

I had try the method but I don't reallt understand how it works.
I get a lot of error in cookies.

I did not really learn global.asa in school as the book did not give much example and explaination.

Is there a simpler way to get this done?

Thank You

01-20-2003, 08:09 AM

Global.asa files are configuration files for web applications. It is a very important file for managing shared application objects and sessions.
The file resided in each web directory that you have "created" an application for in IIS.

Cookies are basically little temp file that are written to the the end user's computer to store information.

Here is some references on the Global.Asa file

Setting Up the Global.asa File (http://search.microsoft.com/gomsuri.asp?n=4&c=rp_Results&siteid=us/dev&target=http://msdn.microsoft.com/library/en-us/wmrm/htm/settinguptheglobalasafile.asp)
Global.asa Reference (http://search.microsoft.com/gomsuri.asp?n=5&c=rp_Results&siteid=us/dev&target=http://msdn.microsoft.com/library/en-us/iisref60/htm/ref_scrpt_globalasaref.asp) The Role of the Global.asa File (http://search.microsoft.com/gomsuri.asp?n=8&c=rp_Results&siteid=us/dev&target=http://msdn.microsoft.com/library/en-us/comsrv2k/htm/cs_sp_introtoprog_ttia.asp)

The reason I used a Server-Side Include file is that. if I make a change to the logon script. Now, instead of having to find every page that contains the verification scriptlet, and make the change in each page, all I have to do is update the *.inc file. The changes will take effect in all of the web pages.

Do you have Admin access to your IIS server?