Solved

security.asp

Posted on 2001-06-15
24
249 Views
Last Modified: 2011-10-03
i would like an include file which checks for session expiration and redirects to login page automatically.

something like this:
<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If Session("UserId") = "" Then
     Session("RequestedURL") = "http://" & _
         Request.ServerVariables("SERVER_NAME") & _
          Request.ServerVariables("SCRIPT_NAME")

     Temp = Request.ServerVariables("QUERY_STRING")
     If (Not(ISNull(Temp)) AND Temp <> "") Then
          Session("RequestedURL") = Session("RequestedURL") & _
              "?" & Temp
     End If
     Response.Redirect("../default.asp")
End If
%>

but its not working.it should redirect automatically and not when the user tries to access a page.thanks a lot.
0
Comment
Question by:p_arsoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 4
  • +4
24 Comments
 
LVL 7

Expert Comment

by:weesiong
ID: 6195635
p_arsoor,

If Session("UserId") = "" Then
    Session("RequestedURL") = "http://" & _
        Request.ServerVariables("SERVER_NAME") & "/" &  _
         Request.ServerVariables("URL_HTTP")

   Response.Redirect("../default.asp")
End If

Regards,
Wee Siong
   
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6195639
Oh...
Sorry is

If Session("UserId") = "" Then
   Session("RequestedURL") = "http://" & _
       Request.ServerVariables("SERVER_NAME") & "/" &  _
        Request.ServerVariables("HTTP_URL")

  Response.Redirect("../default.asp")
End If

0
 
LVL 10

Expert Comment

by:makerp
ID: 6195649
this is best done like this

when the user logs in sucessfully set a Session("user_name") variable to their username.

then at the start of each file just do

IF(Session("username") = "")THEN
   Response.Redirect("...... .asp")
   Response.End
END IF

when the seesion times out all sessions will be deleted therefore after the seesion timeout Session("username") will yeild ""

cool :)
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 

Author Comment

by:p_arsoor
ID: 6195695
makerp

 your script does not redirect automatically.it only redirects if the user tries to access the page again after the session expires.


weesiong

do i have to leave this part in my code or take it out.

<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0


0
 
LVL 10

Expert Comment

by:makerp
ID: 6195713
well what do you mean redirect automatically ?

IF(Session("username") = "")THEN
  Response.Redirect("login.asp")
  Response.End
ELSE
  Response.Redirect("other_page.asp")
END IF

0
 
LVL 10

Expert Comment

by:makerp
ID: 6195719
if you put this code in an include then include it at the start of every file then if a user hits a page and has an username they will be allowed to see if if not they will be sent to the login.asp

<!--#include file="security.inc"-->
<%
' other asp code
%>
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6195722
p_arsoor,

No need, just need:

<%
Response.Expires = 0
If Session("UserId") = "" Then
  Session("RequestedURL") = "http://" & _
      Request.ServerVariables("SERVER_NAME") & "/" &  _
       Request.ServerVariables("HTTP_URL")

 Response.Redirect("../default.asp")
End If
%>

Regards,
Wee Siong
0
 

Author Comment

by:p_arsoor
ID: 6195779
never mind makerp.
    you are not getting my point.if the user loggs in,does some work and goes for a coffee break.by the time he comes back the session would have expired.if he tries to resume his work,since the session expired,he will redirected to login page.

but if he does not do anything--that page will sit there for months.i was trying to redirect even if the user does not do anything.

THE PAGE SHOULD REDIRECT TO LOGIN PAGE AFTER 20 MINUTES OF INACTIVITY.thats whati meant by AUTOMATICALLY.

weesiong
actually my code works,i was not waiting for 20 minutes.now i tested it by shortening the session.timeout = 1 and it works.but thanks anyway.

have a good week end.
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6195845
p_arsoor,

no need 1 min, using

Session.Abandon 'to clear the session for logout

So you can close the question now, and using the ServerVariables() i show, it more short and easy :p

Regards,
Wee Siong
0
 

Author Comment

by:p_arsoor
ID: 6202196
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session.Timeout + 1) * 60)
)

thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).

thanks
0
 

Author Comment

by:p_arsoor
ID: 6202216
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session.Timeout + 1) * 60)
)

thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).

thanks
0
 
LVL 10

Expert Comment

by:makerp
ID: 6202234
whats the url
0
 

Author Comment

by:p_arsoor
ID: 6202440
what URL?

you mean this part of my code?.
Session("RequestedURL") = "http://" & _
        Request.ServerVariables("SERVER_NAME") & _
         Request.ServerVariables("SCRIPT_NAME")

    Temp = Request.ServerVariables("QUERY_STRING")
    If (Not(ISNull(Temp)) AND Temp <> "") Then
         Session("RequestedURL") = Session("RequestedURL") & _
             "?" & Temp
    End If

i do not understand that either.i guess thats not so imp.this is what is imp to me.

<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If Session("UserId") = "" Then
    Response.Redirect("../default.asp")
End If
%>
0
 
LVL 19

Expert Comment

by:webwoman
ID: 6202883
Here's where the problem is -- you've got no way to force the user to redirect ONLY when the session times out.

You can set a cookie or other variable to trigger when they leave or reload the page -- but if they never close it, it's going to sit there.

You can set a meta refresh for a certain time -- but if they DON'T need the refresh, it's still going to happen.

You don't have a way to PUSH something to the client when, and only when, the session times out. Even if you did, there's no guarantee -- what if they disconnect from however they've connected, and leave the browser open? The page will still be there until they close the browser, and you can't do ANYTHING about it -- they're not even connected to your server.

I've seen plenty of sites that timed out -- but ONLY when you attempted to reconnect to them, whether by reloading the page, going to another page on the site, etc. NOT automatically.
0
 
LVL 10

Expert Comment

by:makerp
ID: 6202908
webwoman is right, the web is a PULL based technology. ypu could always set a javascript timer that when expires redirects the apge on the client side
0
 

Author Comment

by:p_arsoor
ID: 6202942
www.myciti.com is doing that.
when the session is about to expire,a window pops out which asks "there is no activity for some time,would you like to continue"

if the user selects yes,it won't time out.if the user selects no or ignores it,the session will expire and brought back to login screen.
0
 
LVL 4

Expert Comment

by:epeele
ID: 6203478
so is that what you'd like to implement?  The timer like at myciti.com?
0
 

Author Comment

by:p_arsoor
ID: 6203495
hi epeele
   how are you?.
yes,exactly like that.can you help?.thanks
0
 
LVL 4

Expert Comment

by:epeele
ID: 6203500
I'll see what I can whip up. :)
0
 
LVL 4

Expert Comment

by:vindevogel
ID: 6203603
p arsoor

In the global.asa, you have the session_end() event.
I think you should program something in there, unfortunately I have to clue what.

But, since I had not seen comment on the global.asa, I wanted to let you know anyway.

Maybe you can test with Response.Redirect in that event.
0
 
LVL 10

Expert Comment

by:makerp
ID: 6203626
javascript !
0
 
LVL 4

Accepted Solution

by:
epeele earned 25 total points
ID: 6203796
You'll want to have Session.Abandon on the page you redirect to.

<script language=javascript>
     if (navigator.appName == "Netscape"){
          document.captureEvents(Event.KEYPRESS | Event.CLICK);
     }

     document.onkeydown = addTime;
     document.onclick = addTime;
     
     var totalTime = 20;
     
     function setTimer(){
          var toTimer;
         
          tTime = 60000;
          toTimer = setTimeout("checkTime()",tTime);
     
     }
     
     function checkTime(){
          if (totalTime < 1){
               window.location.href="login.asp";
          }else{
               subtractTime();
          }
     }
     
     function subtractTime(){
     
          totalTime = totalTime-1;
          setTimer()
     }
     
     function addTime(){
          if (totalTime < 20){
               totalTime = totalTime + 1;
          }else{
               totalTime = 20;
          }
     }

     setTimer();
</script>
0
 
LVL 14

Expert Comment

by:puranik_p
ID: 8647400

        No comment has been added lately, so it's time to clean up this TA.
         I will leave a recommendation in the Cleanup topic area that this question is:

->    Accept epeele's comment as answer

         Please leave any comments here within the next seven days.
         
         PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
         
         puranik_p
         EE Cleanup Volunteer  

0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question