[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

security.asp

i would like an include file which checks for session expiration and redirects to login page automatically.

something like this:
<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If Session("UserId") = "" Then
     Session("RequestedURL") = "http://" & _
         Request.ServerVariables("SERVER_NAME") & _
          Request.ServerVariables("SCRIPT_NAME")

     Temp = Request.ServerVariables("QUERY_STRING")
     If (Not(ISNull(Temp)) AND Temp <> "") Then
          Session("RequestedURL") = Session("RequestedURL") & _
              "?" & Temp
     End If
     Response.Redirect("../default.asp")
End If
%>

but its not working.it should redirect automatically and not when the user tries to access a page.thanks a lot.
0
p_arsoor
Asked:
p_arsoor
  • 7
  • 6
  • 4
  • +4
1 Solution
 
weesiongCommented:
p_arsoor,

If Session("UserId") = "" Then
    Session("RequestedURL") = "http://" & _
        Request.ServerVariables("SERVER_NAME") & "/" &  _
         Request.ServerVariables("URL_HTTP")

   Response.Redirect("../default.asp")
End If

Regards,
Wee Siong
   
0
 
weesiongCommented:
Oh...
Sorry is

If Session("UserId") = "" Then
   Session("RequestedURL") = "http://" & _
       Request.ServerVariables("SERVER_NAME") & "/" &  _
        Request.ServerVariables("HTTP_URL")

  Response.Redirect("../default.asp")
End If

0
 
makerpCommented:
this is best done like this

when the user logs in sucessfully set a Session("user_name") variable to their username.

then at the start of each file just do

IF(Session("username") = "")THEN
   Response.Redirect("...... .asp")
   Response.End
END IF

when the seesion times out all sessions will be deleted therefore after the seesion timeout Session("username") will yeild ""

cool :)
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
p_arsoorAuthor Commented:
makerp

 your script does not redirect automatically.it only redirects if the user tries to access the page again after the session expires.


weesiong

do i have to leave this part in my code or take it out.

<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0


0
 
makerpCommented:
well what do you mean redirect automatically ?

IF(Session("username") = "")THEN
  Response.Redirect("login.asp")
  Response.End
ELSE
  Response.Redirect("other_page.asp")
END IF

0
 
makerpCommented:
if you put this code in an include then include it at the start of every file then if a user hits a page and has an username they will be allowed to see if if not they will be sent to the login.asp

<!--#include file="security.inc"-->
<%
' other asp code
%>
0
 
weesiongCommented:
p_arsoor,

No need, just need:

<%
Response.Expires = 0
If Session("UserId") = "" Then
  Session("RequestedURL") = "http://" & _
      Request.ServerVariables("SERVER_NAME") & "/" &  _
       Request.ServerVariables("HTTP_URL")

 Response.Redirect("../default.asp")
End If
%>

Regards,
Wee Siong
0
 
p_arsoorAuthor Commented:
never mind makerp.
    you are not getting my point.if the user loggs in,does some work and goes for a coffee break.by the time he comes back the session would have expired.if he tries to resume his work,since the session expired,he will redirected to login page.

but if he does not do anything--that page will sit there for months.i was trying to redirect even if the user does not do anything.

THE PAGE SHOULD REDIRECT TO LOGIN PAGE AFTER 20 MINUTES OF INACTIVITY.thats whati meant by AUTOMATICALLY.

weesiong
actually my code works,i was not waiting for 20 minutes.now i tested it by shortening the session.timeout = 1 and it works.but thanks anyway.

have a good week end.
0
 
weesiongCommented:
p_arsoor,

no need 1 min, using

Session.Abandon 'to clear the session for logout

So you can close the question now, and using the ServerVariables() i show, it more short and easy :p

Regards,
Wee Siong
0
 
p_arsoorAuthor Commented:
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session.Timeout + 1) * 60)
)

thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).

thanks
0
 
p_arsoorAuthor Commented:
any one willing to give it a try?.my code refreshes the page after 21 minutes(CStr(CInt(Session.Timeout + 1) * 60)
)

thats is not a good thing.if the user is filling out a long form and the page refreshes,he is gonna be plenty mad.
the page has to refresh after the session timeout(after 20 minutes of inactivity).

thanks
0
 
makerpCommented:
whats the url
0
 
p_arsoorAuthor Commented:
what URL?

you mean this part of my code?.
Session("RequestedURL") = "http://" & _
        Request.ServerVariables("SERVER_NAME") & _
         Request.ServerVariables("SCRIPT_NAME")

    Temp = Request.ServerVariables("QUERY_STRING")
    If (Not(ISNull(Temp)) AND Temp <> "") Then
         Session("RequestedURL") = Session("RequestedURL") & _
             "?" & Temp
    End If

i do not understand that either.i guess thats not so imp.this is what is imp to me.

<%Response.AddHeader "Refresh",CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = TRUE
Response.Expires = 0
Response.ExpiresAbsolute = 0

If Session("UserId") = "" Then
    Response.Redirect("../default.asp")
End If
%>
0
 
webwomanCommented:
Here's where the problem is -- you've got no way to force the user to redirect ONLY when the session times out.

You can set a cookie or other variable to trigger when they leave or reload the page -- but if they never close it, it's going to sit there.

You can set a meta refresh for a certain time -- but if they DON'T need the refresh, it's still going to happen.

You don't have a way to PUSH something to the client when, and only when, the session times out. Even if you did, there's no guarantee -- what if they disconnect from however they've connected, and leave the browser open? The page will still be there until they close the browser, and you can't do ANYTHING about it -- they're not even connected to your server.

I've seen plenty of sites that timed out -- but ONLY when you attempted to reconnect to them, whether by reloading the page, going to another page on the site, etc. NOT automatically.
0
 
makerpCommented:
webwoman is right, the web is a PULL based technology. ypu could always set a javascript timer that when expires redirects the apge on the client side
0
 
p_arsoorAuthor Commented:
www.myciti.com is doing that.
when the session is about to expire,a window pops out which asks "there is no activity for some time,would you like to continue"

if the user selects yes,it won't time out.if the user selects no or ignores it,the session will expire and brought back to login screen.
0
 
epeeleCommented:
so is that what you'd like to implement?  The timer like at myciti.com?
0
 
p_arsoorAuthor Commented:
hi epeele
   how are you?.
yes,exactly like that.can you help?.thanks
0
 
epeeleCommented:
I'll see what I can whip up. :)
0
 
vindevogelCommented:
p arsoor

In the global.asa, you have the session_end() event.
I think you should program something in there, unfortunately I have to clue what.

But, since I had not seen comment on the global.asa, I wanted to let you know anyway.

Maybe you can test with Response.Redirect in that event.
0
 
makerpCommented:
javascript !
0
 
epeeleCommented:
You'll want to have Session.Abandon on the page you redirect to.

<script language=javascript>
     if (navigator.appName == "Netscape"){
          document.captureEvents(Event.KEYPRESS | Event.CLICK);
     }

     document.onkeydown = addTime;
     document.onclick = addTime;
     
     var totalTime = 20;
     
     function setTimer(){
          var toTimer;
         
          tTime = 60000;
          toTimer = setTimeout("checkTime()",tTime);
     
     }
     
     function checkTime(){
          if (totalTime < 1){
               window.location.href="login.asp";
          }else{
               subtractTime();
          }
     }
     
     function subtractTime(){
     
          totalTime = totalTime-1;
          setTimer()
     }
     
     function addTime(){
          if (totalTime < 20){
               totalTime = totalTime + 1;
          }else{
               totalTime = 20;
          }
     }

     setTimer();
</script>
0
 
puranik_pCommented:

        No comment has been added lately, so it's time to clean up this TA.
         I will leave a recommendation in the Cleanup topic area that this question is:

->    Accept epeele's comment as answer

         Please leave any comments here within the next seven days.
         
         PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
         
         puranik_p
         EE Cleanup Volunteer  

0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 7
  • 6
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now