Solved

reset the Server.requestvariables

Posted on 2002-03-04
10
482 Views
Last Modified: 2012-06-27
This is my scenario

1-Web site is running base on Windows NT Authentication
2-in default page I get
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
3-I set the sessions
4-On each page I check the session to see if it is expired
5-If it is expired I want to force the user to re-login

Right now if the session is expired, I am forwarding them to login.asp but because Request.ServerVariables still exits they can start using the web site without re_login to the site.

Any idea?
0
Comment
Question by:prokni
10 Comments
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6839392
Instead of checking for Session Expired.... add a flag to session variables indicating the user is valid. And when session timesout, set this flag to false. When the user tries to surf the site without logging in, you can check this flag right at the top of pge. If the flag is set, let the user go through otherwise redirect them back to login page..

<%
   if (Session("userLoggedIn") == false)
   {
      Response.Redirect("login.asp");
   }
%>
0
 
LVL 2

Author Comment

by:prokni
ID: 6839953
I guess, my question was not clear enough.
What you said is what I am doing right now.
Mt problem is, when I redirect them to login.asp, it won't ask the username and password anymore. it keeps the content of Request.ServerVariables("LOGON_USER") and will use that one again. I don't want that happens. I would like to force the user to login again.
BTW, Something is wrong on this web iste. I have not recieved email notification regarding your comments. I just checked it by mylesf.
0
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6840789
Infact I did not see that that in your original question, you mentioned WIndows NT authentication. That informtion changes the scenario quite a bit. If you are using "WIndows Integrated" or inother words NTLM Challenge Response authentication, then you are out of luck. Because in this case, the user's credentials are not communmicated as clear text. In fact the client-server communicate with each other through a hash through whcih server authenticates the client. The user will only be presented with the dialog box if the authentication failes.

But if you are using Basic Authentication, then you can force the user to login again. When you redirect the user to login page because of session exipry, use the following code to force the relogin...

<%
 if (Session("redirectDueToSessionExpire") == true)
 {
   Session("redirectDueToSessionExpire") = false;
   Repsonse.Status = "401 Access Denied";
   Response.End();
 }
%>

The above code will force the logon/password dialog appear on client browser. And then user will have to relogin.

I hope this info helps.

Naveen

PS. EE seems to be having trouble with emails. It has been taking hours before you get any email for any question.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 2

Author Comment

by:prokni
ID: 6841699
Unfortunate I am using both type of authentication.
(Windows integrated and basic one). I am using Basic because of Netscape users.
Any idea what to do in this scenario?
0
 
LVL 29

Expert Comment

by:Göran Andersson
ID: 6841910
To get rid of the session variables:

Session.Abandon
0
 
LVL 2

Author Comment

by:prokni
ID: 6842164
Session.Abandon does not work. My problem is not session. my problem is request.servervariables keep the data and when i refresh th page, it won't ask for username and password anymore.
0
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6842537
Winodws Integrated authentication takes precendense over Basic authentication. I don't see any way of accomplishing it with switching to Basic Authentication. Down size of this will be the user's will be presented with that anoyying Login/Password dialog box.
Here is a solution that you may want to consider. When you send 401 status code back to the user, you can oublish your intenet that you want to use basic authentication. And then force the user to enter login informaiton.

<%
if (Session("redirectDueToSessionExpire") == true)
{
  Session("redirectDueToSessionExpire") = false;
  Repsonse.Status = "401 Access Denied";
  Response.Addheader("WWW-Authenticate", "BASIC");
  Response.End();
}
%>


Naveen
0
 
LVL 2

Author Comment

by:prokni
ID: 6844389
Naveen,
I tried it and it did not work.
let me explain it again
this is my login.asp
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
if IsAuth(login_name) then
response.redirect "pag2.asp"
end if

and also on top of each page
I check
if session("Session_started") <> 1 then
response.redirect "login.asp"
end if

when the session expired then I am redirecting them to login.asp.

WHere do you suggest to put your code, I put it in my session_check.asp file and it did not work.

Thanks for your help
0
 
LVL 2

Author Comment

by:prokni
ID: 6889907
Any more idea?
0
 

Accepted Solution

by:
ComTech earned 0 total points
ID: 7002210
This qustion has no defenitive answer, as I will place it in PAQ.

Regads,
ComTech
CS Admin @ EE
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Live mode in DW, need to creae Session 4 107
Summernote required 3 180
rebind a grid after user clicks on node in treeview 1 41
html Uncheck Checkbox 2 25
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question