Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Aug 2002
    Location
    Hong Kong
    Posts
    124
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Can This Be Done? Related To ASP-Session

    Hi all,

    I don't know if the following can be done and if it is possible, how should I go about doing it.

    I had created about 5 asp programs and had an index page linking these five programs together.

    However, these 5 programs are created individually and each of these programs has their own set of session, user_ID and password in-order for users to login to the system.

    On all these 5 asp programs, I had created some security issue, which is user must login to the program before they can access to the content. If user tries to by-pass the login page by entering the program content's URL, the program will take user to the program login page and prompt him to login to the system.

    Here is my question. I had created another login page using session. User have to login to this page in-order to access the index page, which is linking the 5 asp programs. The main aim of this new login page created is to prevent user from bypassing the index page and go straight to any of the 5-asp program Login page.

    Is there a way to take user back to the main login page and prompt user to login if there are trying to bypass the main login and go directly to login to one of the 5 programs?

    I had created a code
    <%
    If Session("UserLoggedIn") <> "true" Then
    Response.Redirect("login.asp")
    End If
    Session("UserLoggedIn") = ""
    %>
    and works on the index page. With these codes, user will be re-directed to the main login page if they try to access the index page with logging in and it works.

    However, I had some question creating the same thing in the 5 asp programs login pages as each of them have their own session and database storing the all user ID and Password.

    Thanks

  • #2
    New Coder
    Join Date
    Sep 2002
    Posts
    82
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Actually this is a simple fix.

    thre trick is to use cookies set at the root. cookies are domain specific not application specific. Since the cookie only contains the login file name is safe to be temporarily stored on the client.

    The Fix...
    In the root directory's global.asp add a redirect cookie collection with pointers to the index page pathed from the webroot.

    Root Web Global.ASA:
    Code:
    <SCRIPT LANGUAGE="VBScript" RUNAT="Server">
    Sub Application_OnStart
    	' Application Code
    	Application("AppId") = "RootApps"
    End Sub
    Sub Application_OnEnd
    	'Application cleanup code
    	Application("AppId") = ""
    End Sub
    Sub Session_OnStart
    	Response.Cookies("Redirects")("Homepage") = "/Default.asp"	
    	Response.Cookies("Redirects")("logonpage") = "/login.asp"
    End Sub
    Sub Session_OnEnd
    	' Kill the cookie collection when the session ends
    	Response.Cookies("Redirects").expires=-1
    End Sub
    </SCRIPT>
    Now create a SSI file such as "VerAccess.inc" with the following code:
    Code:
    <%
    If Session("UserLogon") <> True Then 
     	' If the requestor is not validated redirect to the logonpage or logon page
     	Response.Redirect(Response.Cookies("Redirects")("logonpage"))
    End If
    %>
    Add the following Line at the top of the any webpage to be protected.

    <!-- #include file="/includes/ValAccess.inc" -->

    Hope this helps

    a credit card for a newbie from Amex: The Amex Blue card would like to start developing a credit history.

  • #3
    Regular Coder
    Join Date
    Aug 2002
    Location
    Hong Kong
    Posts
    124
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi,

    I had try the method but I don't reallt understand how it works.
    I get a lot of error in cookies.

    I did not really learn global.asa in school as the book did not give much example and explaination.

    Is there a simpler way to get this done?

    Thank You

  • #4
    New Coder
    Join Date
    Sep 2002
    Posts
    82
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Victoria,

    Global.asa files are configuration files for web applications. It is a very important file for managing shared application objects and sessions.
    The file resided in each web directory that you have "created" an application for in IIS.

    Cookies are basically little temp file that are written to the the end user's computer to store information.

    Here is some references on the Global.Asa file

    Setting Up the Global.asa File
    Global.asa Reference The Role of the Global.asa File

    The reason I used a Server-Side Include file is that. if I make a change to the logon script. Now, instead of having to find every page that contains the verification scriptlet, and make the change in each page, all I have to do is update the *.inc file. The changes will take effect in all of the web pages.

    Do you have Admin access to your IIS server?
    a credit card for a newbie from Amex: The Amex Blue card would like to start developing a credit history.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •