Solved

reset the Server.requestvariables

Posted on 2002-03-04
10
478 Views
Last Modified: 2012-06-27
This is my scenario

1-Web site is running base on Windows NT Authentication
2-in default page I get
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
3-I set the sessions
4-On each page I check the session to see if it is expired
5-If it is expired I want to force the user to re-login

Right now if the session is expired, I am forwarding them to login.asp but because Request.ServerVariables still exits they can start using the web site without re_login to the site.

Any idea?
0
Comment
Question by:prokni
10 Comments
 
LVL 23

Expert Comment

by:naveenkohli
Comment Utility
Instead of checking for Session Expired.... add a flag to session variables indicating the user is valid. And when session timesout, set this flag to false. When the user tries to surf the site without logging in, you can check this flag right at the top of pge. If the flag is set, let the user go through otherwise redirect them back to login page..

<%
   if (Session("userLoggedIn") == false)
   {
      Response.Redirect("login.asp");
   }
%>
0
 
LVL 2

Author Comment

by:prokni
Comment Utility
I guess, my question was not clear enough.
What you said is what I am doing right now.
Mt problem is, when I redirect them to login.asp, it won't ask the username and password anymore. it keeps the content of Request.ServerVariables("LOGON_USER") and will use that one again. I don't want that happens. I would like to force the user to login again.
BTW, Something is wrong on this web iste. I have not recieved email notification regarding your comments. I just checked it by mylesf.
0
 
LVL 23

Expert Comment

by:naveenkohli
Comment Utility
Infact I did not see that that in your original question, you mentioned WIndows NT authentication. That informtion changes the scenario quite a bit. If you are using "WIndows Integrated" or inother words NTLM Challenge Response authentication, then you are out of luck. Because in this case, the user's credentials are not communmicated as clear text. In fact the client-server communicate with each other through a hash through whcih server authenticates the client. The user will only be presented with the dialog box if the authentication failes.

But if you are using Basic Authentication, then you can force the user to login again. When you redirect the user to login page because of session exipry, use the following code to force the relogin...

<%
 if (Session("redirectDueToSessionExpire") == true)
 {
   Session("redirectDueToSessionExpire") = false;
   Repsonse.Status = "401 Access Denied";
   Response.End();
 }
%>

The above code will force the logon/password dialog appear on client browser. And then user will have to relogin.

I hope this info helps.

Naveen

PS. EE seems to be having trouble with emails. It has been taking hours before you get any email for any question.
0
 
LVL 2

Author Comment

by:prokni
Comment Utility
Unfortunate I am using both type of authentication.
(Windows integrated and basic one). I am using Basic because of Netscape users.
Any idea what to do in this scenario?
0
 
LVL 29

Expert Comment

by:Göran Andersson
Comment Utility
To get rid of the session variables:

Session.Abandon
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Author Comment

by:prokni
Comment Utility
Session.Abandon does not work. My problem is not session. my problem is request.servervariables keep the data and when i refresh th page, it won't ask for username and password anymore.
0
 
LVL 23

Expert Comment

by:naveenkohli
Comment Utility
Winodws Integrated authentication takes precendense over Basic authentication. I don't see any way of accomplishing it with switching to Basic Authentication. Down size of this will be the user's will be presented with that anoyying Login/Password dialog box.
Here is a solution that you may want to consider. When you send 401 status code back to the user, you can oublish your intenet that you want to use basic authentication. And then force the user to enter login informaiton.

<%
if (Session("redirectDueToSessionExpire") == true)
{
  Session("redirectDueToSessionExpire") = false;
  Repsonse.Status = "401 Access Denied";
  Response.Addheader("WWW-Authenticate", "BASIC");
  Response.End();
}
%>


Naveen
0
 
LVL 2

Author Comment

by:prokni
Comment Utility
Naveen,
I tried it and it did not work.
let me explain it again
this is my login.asp
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
if IsAuth(login_name) then
response.redirect "pag2.asp"
end if

and also on top of each page
I check
if session("Session_started") <> 1 then
response.redirect "login.asp"
end if

when the session expired then I am redirecting them to login.asp.

WHere do you suggest to put your code, I put it in my session_check.asp file and it did not work.

Thanks for your help
0
 
LVL 2

Author Comment

by:prokni
Comment Utility
Any more idea?
0
 

Accepted Solution

by:
ComTech earned 0 total points
Comment Utility
This qustion has no defenitive answer, as I will place it in PAQ.

Regads,
ComTech
CS Admin @ EE
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now