[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

security.asp

Posted on 2001-06-15
24
Medium Priority
?
254 Views
Last Modified: 2011-10-03
i would like an include file which checks for session expiration and redirects to login page automatically.

something like this:
<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If Session("UserId") = "" Then
     Session("RequestedURL") = "http://" & _
         Request.ServerVariables("SERVER_NAME") & _
          Request.ServerVariables("SCRIPT_NAME")

     Temp = Request.ServerVariables("QUERY_STRING")
     If (Not(ISNull(Temp)) AND Temp <> "") Then
          Session("RequestedURL") = Session("RequestedURL") & _
              "?" & Temp
     End If
     Response.Redirect("../default.asp")
End If
%>

but its not working.it should redirect automatically and not when the user tries to access a page.thanks a lot.
0
Comment
Question by:p_arsoor
  • 7
  • 6
  • 4
  • +4
23 Comments
 
LVL 7

Expert Comment

by:weesiong
ID: 6195635
p_arsoor,

If Session("UserId") = "" Then
    Session("RequestedURL") = "http://" & _
        Request.ServerVariables("SERVER_NAME") & "/" &  _
         Request.ServerVariables("URL_HTTP")

   Response.Redirect("../default.asp")
End If

Regards,
Wee Siong
   
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6195639
Oh...
Sorry is

If Session("UserId") = "" Then
   Session("RequestedURL") = "http://" & _
       Request.ServerVariables("SERVER_NAME") & "/" &  _
        Request.ServerVariables("HTTP_URL")

  Response.Redirect("../default.asp")
End If

0
 
LVL 10

Expert Comment

by:makerp
ID: 6195649
this is best done like this

when the user logs in sucessfully set a Session("user_name") variable to their username.

then at the start of each file just do

IF(Session("username") = "")THEN
   Response.Redirect("...... .asp")
   Response.End
END IF

when the seesion times out all sessions will be deleted therefore after the seesion timeout Session("username") will yeild ""

cool :)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:p_arsoor
ID: 6195695
makerp

 your script does not redirect automatically.it only redirects if the user tries to access the page again after the session expires.


weesiong

do i have to leave this part in my code or take it out.

<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0


0
 
LVL 10

Expert Comment

by:makerp
ID: 6195713
well what do you mean redirect automatically ?

IF(Session("username") = "")THEN
  Response.Redirect("login.asp")
  Response.End
ELSE
  Response.Redirect("other_page.asp")
END IF

0
 
LVL 10

Expert Comment

by:makerp
ID: 6195719
if you put this code in an include then include it at the start of every file then if a user hits a page and has an username they will be allowed to see if if not they will be sent to the login.asp

<!--#include file="security.inc"-->
<%
' other asp code
%>
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6195722
p_arsoor,

No need, just need:

<%
Response.Expires = 0
If Session("UserId") = "" Then
  Session("RequestedURL") = "http://" & _
      Request.ServerVariables("SERVER_NAME") & "/" &  _
       Request.ServerVariables("HTTP_URL")

 Response.Redirect("../default.asp")
End If
%>

Regards,
Wee Siong
0
 

Author Comment

by:p_arsoor
ID: 6195779
never mind makerp.
    you are not getting my point.if the user loggs in,does some work and goes for a coffee break.by the time he comes back the session would have expired.if he tries to resume his work,since the session expired,he will redirected to login page.

but if he does not do anything--that page will sit there for months.i was trying to redirect even if the user does not do anything.

THE PAGE SHOULD REDIRECT TO LOGIN PAGE AFTER 20 MINUTES OF INACTIVITY.thats whati meant by AUTOMATICALLY.

weesiong
actually my code works,i was not waiting for 20 minutes.now i tested it by shortening the session.timeout = 1 and it works.but thanks anyway.

have a good week end.
0
 
LVL 7

Expert Comment

by:weesiong
ID: 6195845
p_arsoor,

no need 1 min, using

Session.Abandon 'to clear the session for logout

So you can close the question now, and using the ServerVariables() i show, it more short and easy :p

Regards,
Wee Siong
0
 

Author Comment

by:p_arsoor
ID: 6202196
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session.Timeout + 1) * 60)
)

thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).

thanks
0
 

Author Comment

by:p_arsoor
ID: 6202216
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session.Timeout + 1) * 60)
)

thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).

thanks
0
 
LVL 10

Expert Comment

by:makerp
ID: 6202234
whats the url
0
 

Author Comment

by:p_arsoor
ID: 6202440
what URL?

you mean this part of my code?.
Session("RequestedURL") = "http://" & _
        Request.ServerVariables("SERVER_NAME") & _
         Request.ServerVariables("SCRIPT_NAME")

    Temp = Request.ServerVariables("QUERY_STRING")
    If (Not(ISNull(Temp)) AND Temp <> "") Then
         Session("RequestedURL") = Session("RequestedURL") & _
             "?" & Temp
    End If

i do not understand that either.i guess thats not so imp.this is what is imp to me.

<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If Session("UserId") = "" Then
    Response.Redirect("../default.asp")
End If
%>
0
 
LVL 19

Expert Comment

by:webwoman
ID: 6202883
Here's where the problem is -- you've got no way to force the user to redirect ONLY when the session times out.

You can set a cookie or other variable to trigger when they leave or reload the page -- but if they never close it, it's going to sit there.

You can set a meta refresh for a certain time -- but if they DON'T need the refresh, it's still going to happen.

You don't have a way to PUSH something to the client when, and only when, the session times out. Even if you did, there's no guarantee -- what if they disconnect from however they've connected, and leave the browser open? The page will still be there until they close the browser, and you can't do ANYTHING about it -- they're not even connected to your server.

I've seen plenty of sites that timed out -- but ONLY when you attempted to reconnect to them, whether by reloading the page, going to another page on the site, etc. NOT automatically.
0
 
LVL 10

Expert Comment

by:makerp
ID: 6202908
webwoman is right, the web is a PULL based technology. ypu could always set a javascript timer that when expires redirects the apge on the client side
0
 

Author Comment

by:p_arsoor
ID: 6202942
www.myciti.com is doing that.
when the session is about to expire,a window pops out which asks "there is no activity for some time,would you like to continue"

if the user selects yes,it won't time out.if the user selects no or ignores it,the session will expire and brought back to login screen.
0
 
LVL 4

Expert Comment

by:epeele
ID: 6203478
so is that what you'd like to implement?  The timer like at myciti.com?
0
 

Author Comment

by:p_arsoor
ID: 6203495
hi epeele
   how are you?.
yes,exactly like that.can you help?.thanks
0
 
LVL 4

Expert Comment

by:epeele
ID: 6203500
I'll see what I can whip up. :)
0
 
LVL 4

Expert Comment

by:vindevogel
ID: 6203603
p arsoor

In the global.asa, you have the session_end() event.
I think you should program something in there, unfortunately I have to clue what.

But, since I had not seen comment on the global.asa, I wanted to let you know anyway.

Maybe you can test with Response.Redirect in that event.
0
 
LVL 10

Expert Comment

by:makerp
ID: 6203626
javascript !
0
 
LVL 4

Accepted Solution

by:
epeele earned 100 total points
ID: 6203796
You'll want to have Session.Abandon on the page you redirect to.

<script language=javascript>
     if (navigator.appName == "Netscape"){
          document.captureEvents(Event.KEYPRESS | Event.CLICK);
     }

     document.onkeydown = addTime;
     document.onclick = addTime;
     
     var totalTime = 20;
     
     function setTimer(){
          var toTimer;
         
          tTime = 60000;
          toTimer = setTimeout("checkTime()",tTime);
     
     }
     
     function checkTime(){
          if (totalTime < 1){
               window.location.href="login.asp";
          }else{
               subtractTime();
          }
     }
     
     function subtractTime(){
     
          totalTime = totalTime-1;
          setTimer()
     }
     
     function addTime(){
          if (totalTime < 20){
               totalTime = totalTime + 1;
          }else{
               totalTime = 20;
          }
     }

     setTimer();
</script>
0
 
LVL 14

Expert Comment

by:puranik_p
ID: 8647400

        No comment has been added lately, so it's time to clean up this TA.
         I will leave a recommendation in the Cleanup topic area that this question is:

->    Accept epeele's comment as answer

         Please leave any comments here within the next seven days.
         
         PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
         
         puranik_p
         EE Cleanup Volunteer  

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question