Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

reset the Server.requestvariables

Posted on 2002-03-04
10
Medium Priority
?
488 Views
Last Modified: 2012-06-27
This is my scenario

1-Web site is running base on Windows NT Authentication
2-in default page I get
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
3-I set the sessions
4-On each page I check the session to see if it is expired
5-If it is expired I want to force the user to re-login

Right now if the session is expired, I am forwarding them to login.asp but because Request.ServerVariables still exits they can start using the web site without re_login to the site.

Any idea?
0
Comment
Question by:prokni
10 Comments
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6839392
Instead of checking for Session Expired.... add a flag to session variables indicating the user is valid. And when session timesout, set this flag to false. When the user tries to surf the site without logging in, you can check this flag right at the top of pge. If the flag is set, let the user go through otherwise redirect them back to login page..

<%
   if (Session("userLoggedIn") == false)
   {
      Response.Redirect("login.asp");
   }
%>
0
 
LVL 2

Author Comment

by:prokni
ID: 6839953
I guess, my question was not clear enough.
What you said is what I am doing right now.
Mt problem is, when I redirect them to login.asp, it won't ask the username and password anymore. it keeps the content of Request.ServerVariables("LOGON_USER") and will use that one again. I don't want that happens. I would like to force the user to login again.
BTW, Something is wrong on this web iste. I have not recieved email notification regarding your comments. I just checked it by mylesf.
0
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6840789
Infact I did not see that that in your original question, you mentioned WIndows NT authentication. That informtion changes the scenario quite a bit. If you are using "WIndows Integrated" or inother words NTLM Challenge Response authentication, then you are out of luck. Because in this case, the user's credentials are not communmicated as clear text. In fact the client-server communicate with each other through a hash through whcih server authenticates the client. The user will only be presented with the dialog box if the authentication failes.

But if you are using Basic Authentication, then you can force the user to login again. When you redirect the user to login page because of session exipry, use the following code to force the relogin...

<%
 if (Session("redirectDueToSessionExpire") == true)
 {
   Session("redirectDueToSessionExpire") = false;
   Repsonse.Status = "401 Access Denied";
   Response.End();
 }
%>

The above code will force the logon/password dialog appear on client browser. And then user will have to relogin.

I hope this info helps.

Naveen

PS. EE seems to be having trouble with emails. It has been taking hours before you get any email for any question.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:prokni
ID: 6841699
Unfortunate I am using both type of authentication.
(Windows integrated and basic one). I am using Basic because of Netscape users.
Any idea what to do in this scenario?
0
 
LVL 29

Expert Comment

by:Göran Andersson
ID: 6841910
To get rid of the session variables:

Session.Abandon
0
 
LVL 2

Author Comment

by:prokni
ID: 6842164
Session.Abandon does not work. My problem is not session. my problem is request.servervariables keep the data and when i refresh th page, it won't ask for username and password anymore.
0
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6842537
Winodws Integrated authentication takes precendense over Basic authentication. I don't see any way of accomplishing it with switching to Basic Authentication. Down size of this will be the user's will be presented with that anoyying Login/Password dialog box.
Here is a solution that you may want to consider. When you send 401 status code back to the user, you can oublish your intenet that you want to use basic authentication. And then force the user to enter login informaiton.

<%
if (Session("redirectDueToSessionExpire") == true)
{
  Session("redirectDueToSessionExpire") = false;
  Repsonse.Status = "401 Access Denied";
  Response.Addheader("WWW-Authenticate", "BASIC");
  Response.End();
}
%>


Naveen
0
 
LVL 2

Author Comment

by:prokni
ID: 6844389
Naveen,
I tried it and it did not work.
let me explain it again
this is my login.asp
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
if IsAuth(login_name) then
response.redirect "pag2.asp"
end if

and also on top of each page
I check
if session("Session_started") <> 1 then
response.redirect "login.asp"
end if

when the session expired then I am redirecting them to login.asp.

WHere do you suggest to put your code, I put it in my session_check.asp file and it did not work.

Thanks for your help
0
 
LVL 2

Author Comment

by:prokni
ID: 6889907
Any more idea?
0
 

Accepted Solution

by:
ComTech earned 0 total points
ID: 7002210
This qustion has no defenitive answer, as I will place it in PAQ.

Regads,
ComTech
CS Admin @ EE
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month10 days, 21 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question