Solved

Setting Server Variables--How?

Posted on 2000-04-05
10
336 Views
Last Modified: 2010-08-05
I have a server variable being checked by someone else's code.  It's like this:

If Request.Server("PATH_INFO") <> "login.asp" Then
Response.Redirect("login.asp")
End If

Is there any way for me to set the PATH_INFO variable so that I can fool that line of code into evaluating into true even if the user came from "login.asp" ?
0
Comment
Question by:bsimmons
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 4

Expert Comment

by:FRehman
ID: 2688633
if you click the hyperlink from login.asp page and come to that page which you disscussed above then you simply use HTTP_REFERER
simply write the code in that page so it tell you from where the request are submitted
response.write request.servervariable("HTTP_REFERER")
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2688645
How about this;

If Not Request.ServerVariables("PATH_INFO") <> "login.asp" Then
Response.Redirect("login.asp")

I'm not really sure of what you are trying to do... do you not want the user to go to login.asp, or what?  By getting the path info what are you gaining?
0
 

Author Comment

by:bsimmons
ID: 2689796
The code MUST stay as is.  I need to write an ASP that will allow you to do the login in the background.  This code is just something that checks if they came from a page on that server.  The "login.asp" is coincidental.  I just want to know if I can change the Server("PATH_INFO") variable using another ASP.  In other words: can I set Server("PATH_INFO") to equal anything I want it to?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Expert Comment

by:mgfranz
ID: 2690059
Yes.

Server("PATH_INFO") = TRUE
or
Server("PATH_INFO") = Fred's page

I still don't see the logic behind using PATH_INFO though...
0
 

Author Comment

by:bsimmons
ID: 2690230
Thanks for the insight.  Send me an answer and I'll give you the points.
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2690353
If you are asking if you can set the variable PATH_INFO before it gets to the vaildation page then the answer is no!  I assume you want to set the variable to something other than login.asp in order to trick the <> Redirect into thinking that you already logged in...  The fact is that besides this beig a malitious act, it is impossible to modify the information being passed to the server as a packet.  The server is going to check the info as required, not as you pass it to the script.  I'm sure there is a way to trick the server into thinking the page info being passed to it is = login.asp, but I'm not going to discuss it.  Especially since you stated that the code MUST remain the same..

This is an act of hacking... please do not ask these types of questions here, we do not condone the malitious acts of hackers.

If this is not a malitious act then explain why you request it.
0
 

Author Comment

by:bsimmons
ID: 2690392
I am the Intranet Applications administrator at Ciena Corporation.  I am far from a hacker, however, yes, I am trying to hack MY SERVER.  The code MUST stay as is because it was written by a contractor we hired to write it.  Our MIS team doesn't want us to change his code, but make add-ons.  Essentially what I am trying to do is make the logon occur on a separate server so that users can log on to multiple secure intranet sights via ONE LOGIN.  I can't do that if his code is checking the packets.  Do you see another way around it?
Feel free to call me to validate existance as a non-hacker: 410-694-8189.
Or email bsimmons@ciena.com
0
 
LVL 1

Expert Comment

by:nunya
ID: 2690592
too bad text inputs have no spell check.
;-)
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 50 total points
ID: 2691102
OK, thanks for clarifying this.  :-)  Now on with the good stuff, I imagine this could be done with a Session property that is passed to the server from another server.  Essentially what you would do is when a user logs in, it will set a session property, (you could use a cookie too), the session values would then be used to pass values to the other server.  I think you could set the PATH_USER property this way.  To make ammendments to the Request.ServerValues("PATH_USER") on the other server is not going to happen, you will need to modify the var path to either remove the "" in the var string to make it call a seperate value var of PATH_USER.

But check on the Session value, this might be the ticket...

And I appologize.
0
 

Author Comment

by:bsimmons
ID: 2691121
Thanks for all the help.  I kinda figured I was stuck with no recourse.  I wanted a second opinion.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question