Auto logoff after 30 minutes in ASP-pages...
Hi. I'm working on a webpage connected to an Access database placed on a web-server. I use user authentication on all pages. I use Dreamweaver CS 3.0 to build the webdatabase system.
I just have one problem. When I log into the system, I get logged out after a few minutes. I can't figure out how to control that. I would prefer a session end after 30 minutes or so... at least something I can setup manually in the codes. I have the code below on top of every page, but that doesn't seem to make any difference... except that I can't go back in the history, and that was the point with that code. I just thought that "Response.Expires = 30" would give the user 30 minutes of inactivity before the user gets redirected to the logoff-page.
Can you please help me? I use ASP-VB. Thank you in advance!
Friendly regards
Ullenulle
I just have one problem. When I log into the system, I get logged out after a few minutes. I can't figure out how to control that. I would prefer a session end after 30 minutes or so... at least something I can setup manually in the codes. I have the code below on top of every page, but that doesn't seem to make any difference... except that I can't go back in the history, and that was the point with that code. I just thought that "Response.Expires = 30" would give the user 30 minutes of inactivity before the user gets redirected to the logoff-page.
Can you please help me? I use ASP-VB. Thank you in advance!
Friendly regards
Ullenulle
<%
pStr = "private, no-cache, must-revalidate"
Response.Expires = 30
Response.AddHeader "pragma", "no-cache"
Response.AddHeader "cache-control", pStr
%>
Can't dispute carrzkiss on that one as I have never used Cookies, but I "think" the server timeout setting is going to be an item set at the server regardless of page code. I would have your admin look into it.
GuitarFingers: ( I LOVE your name !!!!!!!!!!!!! )
I did not think about the Server timeout settings.
If he does not have access to it, then that would be when he would want to use cookies.
I use cookies on all my sites.
I usually set them to timeout on about 30-days.
No login for 30-days is pretty sweet.
It is like EE, they use a cookie that last forever.
EE's Cookie
Created: 3/16/2009 10:16:16 PM
Expires: 4/4/2077 1:30:19 AM
Lifetime: 24,855 days 3 hours 14 minutes 3 seconds
Could you imagine if you never cleared your cookies, and never reinstalled your computer.
You would always be on EE. (That is a frightning thought if you really sit back and thing about it.
Sort of makes you feel so small in the universe......
Besides, I would be 106yrs old... That sucks big time.....)
On a brighter note.
I love your name because I play the guitar.
I have a Custom Dean (Which is my baby) and an Acoustic Kramer....
Love playing, unfortunantly, I code better then I play... :(
And I have been playing since I was 13.....
Coding since I was 32, I am 38 now.
Carrzkiss
I did not think about the Server timeout settings.
If he does not have access to it, then that would be when he would want to use cookies.
I use cookies on all my sites.
I usually set them to timeout on about 30-days.
No login for 30-days is pretty sweet.
It is like EE, they use a cookie that last forever.
EE's Cookie
Created: 3/16/2009 10:16:16 PM
Expires: 4/4/2077 1:30:19 AM
Lifetime: 24,855 days 3 hours 14 minutes 3 seconds
Could you imagine if you never cleared your cookies, and never reinstalled your computer.
You would always be on EE. (That is a frightning thought if you really sit back and thing about it.
Sort of makes you feel so small in the universe......
Besides, I would be 106yrs old... That sucks big time.....)
On a brighter note.
I love your name because I play the guitar.
I have a Custom Dean (Which is my baby) and an Acoustic Kramer....
Love playing, unfortunantly, I code better then I play... :(
And I have been playing since I was 13.....
Coding since I was 32, I am 38 now.
Carrzkiss
Session.Timeout = 30
Response.Expires only set's the cache timeout.
ASKER
Hi guys.
Thanks for your replies so far, but response.expires doesn't make any change... I suppose the 30 are measured in minutes and not seconds?
And about the admin on my webhotel, then he didn't know why it kicks me off so fast. He wasn't able to make any changes.
Any more suggestions? ;-)
Friendly regards
Ullenulle
Thanks for your replies so far, but response.expires doesn't make any change... I suppose the 30 are measured in minutes and not seconds?
And about the admin on my webhotel, then he didn't know why it kicks me off so fast. He wasn't able to make any changes.
Any more suggestions? ;-)
Friendly regards
Ullenulle
ASKER
Oh yes... about cookies, Carrzkiss... do you have an example for the codes? :o)
I will get back with you later on this evening with a Cookies example....
Carrzkiss
Carrzkiss
As this is a classic ASP thread, session (login) timeout is controlled by setting the session.timeout property (in minutes). Every cookie you will set will not change the session timeout that is controlled within a session cookie that you can not change directly (as far as I know).
So use:
<%
Session.Timeout = 30 'minutes
%>
So use:
<%
Session.Timeout = 30 'minutes
%>
OK
Sorry that it took me so long to get this over to you.
http://ee.cffcs.com/Q_24252782/login.asp
username: logincookie
password: 12345678
(Type in a bad username (or) password and it will let you know that it is bad)
Code
http://ee.cffcs.com/Q_24252782/Q_24252782.zip
This is pretty simple to understand and use.
The
IsLoggedIn.asp
This is the key, this needs to be placed in the header of all pages that you want to protect.
Use this in place of long codes <%= strUserName %>
If you are doing a SELECT Statement or other type.
Something like this will do.
<!--#include file="IsLoggedIn.asp"-->
sql = "SELECT UserName FROM Users WHERE UserName = " & strUserName & ""
Now, you will have to make sure that the file IsLoggedIn.asp is always in the header of the
Page where you are going to use the strUserName at.
The cookie properties can be found in login_validate.asp
Here you can set the cookie Expire date to as long or short of a time frame that you with.
Right now it is set at a default of 30-days.
you can set it to 1 year if you desire Expires = Now() + 365
That will give you the 1 year, but in my opinion, that is just a bit to much.
About like EE here has theres set to log me out when I turn 106yrs old... ouch...
If you have any questions, please ask away.
Good Luck and enjoy.
Carrzkiss
Sorry that it took me so long to get this over to you.
http://ee.cffcs.com/Q_24252782/login.asp
username: logincookie
password: 12345678
(Type in a bad username (or) password and it will let you know that it is bad)
Code
http://ee.cffcs.com/Q_24252782/Q_24252782.zip
This is pretty simple to understand and use.
The
IsLoggedIn.asp
This is the key, this needs to be placed in the header of all pages that you want to protect.
Use this in place of long codes <%= strUserName %>
If you are doing a SELECT Statement or other type.
Something like this will do.
<!--#include file="IsLoggedIn.asp"-->
sql = "SELECT UserName FROM Users WHERE UserName = " & strUserName & ""
Now, you will have to make sure that the file IsLoggedIn.asp is always in the header of the
Page where you are going to use the strUserName at.
The cookie properties can be found in login_validate.asp
Here you can set the cookie Expire date to as long or short of a time frame that you with.
Right now it is set at a default of 30-days.
you can set it to 1 year if you desire Expires = Now() + 365
That will give you the 1 year, but in my opinion, that is just a bit to much.
About like EE here has theres set to log me out when I turn 106yrs old... ouch...
If you have any questions, please ask away.
Good Luck and enjoy.
Carrzkiss
ASKER
Hi guys. Sorry for my lack of response. I've been on course and busy, but now I will check out the cookie-example. The session.timeout doesn't work... for some weird reason. I'll be back later on with a result. :-)
Firendly regards
Ullenulle
Firendly regards
Ullenulle
ASKER
Hi again.
Bad news. :-((( It doesn't work. Well... the cookie is written. I set it to 1 hour, and I can find the cookie perfectly in my temporary internet files. So far I added the codes in my login-page (creating cookie) and I added the <!--#include file="IsLoggedIn.asp"--> on top of my menu-page. I didn't touch the page for 7 minutes and reloaded it... and I'm redirected to my login-page. :-((( Do you mind taking a look at my codes in my login page and check if something is causing that I get kicked off after less than 5 minutes? I can't see where... but I'm not an expert in ASP yet... :o) I skipped the codes with the form fields. At least I know they don't do any harm. I appreciate your help! I will increase the points to maximum is you can solve this issue. ;-)
Friendly regards
Ullenulle
Bad news. :-((( It doesn't work. Well... the cookie is written. I set it to 1 hour, and I can find the cookie perfectly in my temporary internet files. So far I added the codes in my login-page (creating cookie) and I added the <!--#include file="IsLoggedIn.asp"--> on top of my menu-page. I didn't touch the page for 7 minutes and reloaded it... and I'm redirected to my login-page. :-((( Do you mind taking a look at my codes in my login page and check if something is causing that I get kicked off after less than 5 minutes? I can't see where... but I'm not an expert in ASP yet... :o) I skipped the codes with the form fields. At least I know they don't do any harm. I appreciate your help! I will increase the points to maximum is you can solve this issue. ;-)
Friendly regards
Ullenulle
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="IsLoggedIn.asp"-->
<%
pStr = "private, no-cache, must-revalidate"
Response.Expires = 60
Response.AddHeader "pragma", "no-cache"
Response.AddHeader "cache-control", pStr
%>
<%
' *** Logout the current user.
MM_Logout = CStr(Request.ServerVariables("URL")) & "?MM_Logoutnow=1"
If (CStr(Request("MM_Logoutnow")) = "1") Then
Session.Contents.Remove("MM_Username")
Session.Contents.Remove("MM_UserAuthorization")
MM_logoutRedirectPage = "/crt_survey/crt_survey_logged_out.asp"
' redirect with URL parameters (remove the "MM_Logoutnow" query param).
if (MM_logoutRedirectPage = "") Then MM_logoutRedirectPage = CStr(Request.ServerVariables("URL"))
If (InStr(1, UC_redirectPage, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
MM_newQS = "?"
For Each Item In Request.QueryString
If (Item <> "MM_Logoutnow") Then
If (Len(MM_newQS) > 1) Then MM_newQS = MM_newQS & "&"
MM_newQS = MM_newQS & Item & "=" & Server.URLencode(Request.QueryString(Item))
End If
Next
if (Len(MM_newQS) > 1) Then MM_logoutRedirectPage = MM_logoutRedirectPage & MM_newQS
End If
Response.Redirect(MM_logoutRedirectPage)
End If
%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="standard,readonly,administrator"
MM_authFailedURL="/crt_survey/crt_survey_noaccess.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CRT Survey Menu</title>
<link href="/crt_survey/oneColElsCtrHdr.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi again. :-)
Yes, that works fine. I just deactivated the codes about "restrict access...". Just another question on this case: Now I set the cookie to 3 hours. But these 3 hours doesn't change unless I log off and on again. How can I "refresh" the cookie with a new timeout, when the users use the pages on the website? Example:
Login to menu-page(login time= 10.15 expire=30 minutes expire time=10.45
... now the user talks in the phone for 25 minutes...
Clicks a page on the website or refresh the menu-page at 10.40... How can the "expire time" refreshed to 11.10 (still +30 minutes)?
Thanks a lot for your help. I'll close the question after your response.
Friendly regards
Ullenulle
Yes, that works fine. I just deactivated the codes about "restrict access...". Just another question on this case: Now I set the cookie to 3 hours. But these 3 hours doesn't change unless I log off and on again. How can I "refresh" the cookie with a new timeout, when the users use the pages on the website? Example:
Login to menu-page(login time= 10.15 expire=30 minutes expire time=10.45
... now the user talks in the phone for 25 minutes...
Clicks a page on the website or refresh the menu-page at 10.40... How can the "expire time" refreshed to 11.10 (still +30 minutes)?
Thanks a lot for your help. I'll close the question after your response.
Friendly regards
Ullenulle
Do some cookie searching.
I have never heard about doing it like that. So that is new to me.
The example that I have provided here, will do what you need.
But in order to extend it to do this extra, I have no idea.
I am taking the family out to eat, so once I get back, I will take a look into it and see what I can find out.
Until then, do a search on Google for: ASP Cookie Restrict time..
(I think that would be a good way to put it)
Carrzkiss
I have never heard about doing it like that. So that is new to me.
The example that I have provided here, will do what you need.
But in order to extend it to do this extra, I have no idea.
I am taking the family out to eat, so once I get back, I will take a look into it and see what I can find out.
Until then, do a search on Google for: ASP Cookie Restrict time..
(I think that would be a good way to put it)
Carrzkiss
ullenulle:
Did you find anything about your request on your own yet or not?
Did you find anything about your request on your own yet or not?
Give this a shot in with the code (login_validate.asp)
Response.Cookies("carrzkis
This will expire the cookie in 30-minutes.
Good Luck
Carrzkiss
Response.Cookies("carrzkis
This will expire the cookie in 30-minutes.
Good Luck
Carrzkiss
Sorry.
Replace line: 54
Response.Cookies("carrzkis
With
Response.Cookies("carrzkis
Good Luck
Carrzkiss
Replace line: 54
Response.Cookies("carrzkis
With
Response.Cookies("carrzkis
Good Luck
Carrzkiss
ASKER
You're a genious! ;-) Thank a lot. I might rturn with a new question tomorrow in a new thread of course... again some Dreamweaver-junk... :o)
Friendly regards
Friendly regards
ASKER
A++++ for your help! ;-)
Awesome, glad that is worked for you.
Carrzkiss
Author Comments:
A++++ for your help! ;-)
Carrzkiss
Author Comments:
A++++ for your help! ;-)
This script has been updated, and is not working with md5 Hash.
It is now completely secure for all attacks and possible password hacking.
But like all password protection, if you have a weak password, then chances are, you will get hacked.
New code demostration and links are here.
http://www.cffcs.com/Main.asp?Entry=20
Take Care and Enjoy
Carrzkiss
It is now completely secure for all attacks and possible password hacking.
But like all password protection, if you have a weak password, then chances are, you will get hacked.
New code demostration and links are here.
http://www.cffcs.com/Main.asp?Entry=20
Take Care and Enjoy
Carrzkiss
You need to use Cookies instead.
If Interested let me know?
Carrzkiss