p_arsoor
asked on
security.asp
i would like an include file which checks for session expiration and redirects to login page automatically.
something like this:
<%Response.AddHeader "Refresh",CStr(CInt(Sessio n.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0
If Session("UserId") = "" Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S ERVER_NAME ") & _
Request.ServerVariables("S CRIPT_NAME ")
Temp = Request.ServerVariables("Q UERY_STRIN G")
If (Not(ISNull(Temp)) AND Temp <> "") Then
Session("RequestedURL") = Session("RequestedURL") & _
"?" & Temp
End If
Response.Redirect("../defa ult.asp")
End If
%>
but its not working.it should redirect automatically and not when the user tries to access a page.thanks a lot.
something like this:
<%Response.AddHeader "Refresh",CStr(CInt(Sessio
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0
If Session("UserId") = "" Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S
Request.ServerVariables("S
Temp = Request.ServerVariables("Q
If (Not(ISNull(Temp)) AND Temp <> "") Then
Session("RequestedURL") = Session("RequestedURL") & _
"?" & Temp
End If
Response.Redirect("../defa
End If
%>
but its not working.it should redirect automatically and not when the user tries to access a page.thanks a lot.
Oh...
Sorry is
If Session("UserId") = "" Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S ERVER_NAME ") & "/" & _
Request.ServerVariables("H TTP_URL")
Response.Redirect("../defa ult.asp")
End If
Sorry is
If Session("UserId") = "" Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S
Request.ServerVariables("H
Response.Redirect("../defa
End If
this is best done like this
when the user logs in sucessfully set a Session("user_name") variable to their username.
then at the start of each file just do
IF(Session("username") = "")THEN
Response.Redirect("...... .asp")
Response.End
END IF
when the seesion times out all sessions will be deleted therefore after the seesion timeout Session("username") will yeild ""
cool :)
when the user logs in sucessfully set a Session("user_name") variable to their username.
then at the start of each file just do
IF(Session("username") = "")THEN
Response.Redirect("...... .asp")
Response.End
END IF
when the seesion times out all sessions will be deleted therefore after the seesion timeout Session("username") will yeild ""
cool :)
ASKER
makerp
your script does not redirect automatically.it only redirects if the user tries to access the page again after the session expires.
weesiong
do i have to leave this part in my code or take it out.
<%Response.AddHeader "Refresh",CStr(CInt(Sessio n.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0
your script does not redirect automatically.it only redirects if the user tries to access the page again after the session expires.
weesiong
do i have to leave this part in my code or take it out.
<%Response.AddHeader "Refresh",CStr(CInt(Sessio
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0
well what do you mean redirect automatically ?
IF(Session("username") = "")THEN
Response.Redirect("login.a sp")
Response.End
ELSE
Response.Redirect("other_p age.asp")
END IF
IF(Session("username") = "")THEN
Response.Redirect("login.a
Response.End
ELSE
Response.Redirect("other_p
END IF
if you put this code in an include then include it at the start of every file then if a user hits a page and has an username they will be allowed to see if if not they will be sent to the login.asp
<!--#include file="security.inc"-->
<%
' other asp code
%>
<!--#include file="security.inc"-->
<%
' other asp code
%>
p_arsoor,
No need, just need:
<%
Response.Expires = 0
If Session("UserId") = "" Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S ERVER_NAME ") & "/" & _
Request.ServerVariables("H TTP_URL")
Response.Redirect("../defa ult.asp")
End If
%>
Regards,
Wee Siong
No need, just need:
<%
Response.Expires = 0
If Session("UserId") = "" Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S
Request.ServerVariables("H
Response.Redirect("../defa
End If
%>
Regards,
Wee Siong
ASKER
never mind makerp.
you are not getting my point.if the user loggs in,does some work and goes for a coffee break.by the time he comes back the session would have expired.if he tries to resume his work,since the session expired,he will redirected to login page.
but if he does not do anything--that page will sit there for months.i was trying to redirect even if the user does not do anything.
THE PAGE SHOULD REDIRECT TO LOGIN PAGE AFTER 20 MINUTES OF INACTIVITY.thats whati meant by AUTOMATICALLY.
weesiong
actually my code works,i was not waiting for 20 minutes.now i tested it by shortening the session.timeout = 1 and it works.but thanks anyway.
have a good week end.
you are not getting my point.if the user loggs in,does some work and goes for a coffee break.by the time he comes back the session would have expired.if he tries to resume his work,since the session expired,he will redirected to login page.
but if he does not do anything--that page will sit there for months.i was trying to redirect even if the user does not do anything.
THE PAGE SHOULD REDIRECT TO LOGIN PAGE AFTER 20 MINUTES OF INACTIVITY.thats whati meant by AUTOMATICALLY.
weesiong
actually my code works,i was not waiting for 20 minutes.now i tested it by shortening the session.timeout = 1 and it works.but thanks anyway.
have a good week end.
p_arsoor,
no need 1 min, using
Session.Abandon 'to clear the session for logout
So you can close the question now, and using the ServerVariables() i show, it more short and easy :p
Regards,
Wee Siong
no need 1 min, using
Session.Abandon 'to clear the session for logout
So you can close the question now, and using the ServerVariables() i show, it more short and easy :p
Regards,
Wee Siong
ASKER
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session. Timeout + 1) * 60)
)
thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).
thanks
)
thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).
thanks
ASKER
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session. Timeout + 1) * 60)
)
thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).
thanks
)
thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).
thanks
whats the url
ASKER
what URL?
you mean this part of my code?.
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S ERVER_NAME ") & _
Request.ServerVariables("S CRIPT_NAME ")
Temp = Request.ServerVariables("Q UERY_STRIN G")
If (Not(ISNull(Temp)) AND Temp <> "") Then
Session("RequestedURL") = Session("RequestedURL") & _
"?" & Temp
End If
i do not understand that either.i guess thats not so imp.this is what is imp to me.
<%Response.AddHeader "Refresh",CStr(CInt(Sessio n.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0
If Session("UserId") = "" Then
Response.Redirect("../defa ult.asp")
End If
%>
you mean this part of my code?.
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S
Request.ServerVariables("S
Temp = Request.ServerVariables("Q
If (Not(ISNull(Temp)) AND Temp <> "") Then
Session("RequestedURL") = Session("RequestedURL") & _
"?" & Temp
End If
i do not understand that either.i guess thats not so imp.this is what is imp to me.
<%Response.AddHeader "Refresh",CStr(CInt(Sessio
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0
If Session("UserId") = "" Then
Response.Redirect("../defa
End If
%>
Here's where the problem is -- you've got no way to force the user to redirect ONLY when the session times out.
You can set a cookie or other variable to trigger when they leave or reload the page -- but if they never close it, it's going to sit there.
You can set a meta refresh for a certain time -- but if they DON'T need the refresh, it's still going to happen.
You don't have a way to PUSH something to the client when, and only when, the session times out. Even if you did, there's no guarantee -- what if they disconnect from however they've connected, and leave the browser open? The page will still be there until they close the browser, and you can't do ANYTHING about it -- they're not even connected to your server.
I've seen plenty of sites that timed out -- but ONLY when you attempted to reconnect to them, whether by reloading the page, going to another page on the site, etc. NOT automatically.
You can set a cookie or other variable to trigger when they leave or reload the page -- but if they never close it, it's going to sit there.
You can set a meta refresh for a certain time -- but if they DON'T need the refresh, it's still going to happen.
You don't have a way to PUSH something to the client when, and only when, the session times out. Even if you did, there's no guarantee -- what if they disconnect from however they've connected, and leave the browser open? The page will still be there until they close the browser, and you can't do ANYTHING about it -- they're not even connected to your server.
I've seen plenty of sites that timed out -- but ONLY when you attempted to reconnect to them, whether by reloading the page, going to another page on the site, etc. NOT automatically.
webwoman is right, the web is a PULL based technology. ypu could always set a javascript timer that when expires redirects the apge on the client side
ASKER
www.myciti.com is doing that.
when the session is about to expire,a window pops out which asks "there is no activity for some time,would you like to continue"
if the user selects yes,it won't time out.if the user selects no or ignores it,the session will expire and brought back to login screen.
when the session is about to expire,a window pops out which asks "there is no activity for some time,would you like to continue"
if the user selects yes,it won't time out.if the user selects no or ignores it,the session will expire and brought back to login screen.
so is that what you'd like to implement? The timer like at myciti.com?
ASKER
hi epeele
how are you?.
yes,exactly like that.can you help?.thanks
how are you?.
yes,exactly like that.can you help?.thanks
I'll see what I can whip up. :)
p arsoor
In the global.asa, you have the session_end() event.
I think you should program something in there, unfortunately I have to clue what.
But, since I had not seen comment on the global.asa, I wanted to let you know anyway.
Maybe you can test with Response.Redirect in that event.
In the global.asa, you have the session_end() event.
I think you should program something in there, unfortunately I have to clue what.
But, since I had not seen comment on the global.asa, I wanted to let you know anyway.
Maybe you can test with Response.Redirect in that event.
javascript !
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
-> Accept epeele's comment as answer
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
puranik_p
EE Cleanup Volunteer
If Session("UserId") = "" Then
Session("RequestedURL") = "http://" & _
Request.ServerVariables("S
Request.ServerVariables("U
Response.Redirect("../defa
End If
Regards,
Wee Siong