Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

reset the Server.requestvariables

Posted on 2002-03-04
10
Medium Priority
?
487 Views
Last Modified: 2012-06-27
This is my scenario

1-Web site is running base on Windows NT Authentication
2-in default page I get
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
3-I set the sessions
4-On each page I check the session to see if it is expired
5-If it is expired I want to force the user to re-login

Right now if the session is expired, I am forwarding them to login.asp but because Request.ServerVariables still exits they can start using the web site without re_login to the site.

Any idea?
0
Comment
Question by:prokni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6839392
Instead of checking for Session Expired.... add a flag to session variables indicating the user is valid. And when session timesout, set this flag to false. When the user tries to surf the site without logging in, you can check this flag right at the top of pge. If the flag is set, let the user go through otherwise redirect them back to login page..

<%
   if (Session("userLoggedIn") == false)
   {
      Response.Redirect("login.asp");
   }
%>
0
 
LVL 2

Author Comment

by:prokni
ID: 6839953
I guess, my question was not clear enough.
What you said is what I am doing right now.
Mt problem is, when I redirect them to login.asp, it won't ask the username and password anymore. it keeps the content of Request.ServerVariables("LOGON_USER") and will use that one again. I don't want that happens. I would like to force the user to login again.
BTW, Something is wrong on this web iste. I have not recieved email notification regarding your comments. I just checked it by mylesf.
0
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6840789
Infact I did not see that that in your original question, you mentioned WIndows NT authentication. That informtion changes the scenario quite a bit. If you are using "WIndows Integrated" or inother words NTLM Challenge Response authentication, then you are out of luck. Because in this case, the user's credentials are not communmicated as clear text. In fact the client-server communicate with each other through a hash through whcih server authenticates the client. The user will only be presented with the dialog box if the authentication failes.

But if you are using Basic Authentication, then you can force the user to login again. When you redirect the user to login page because of session exipry, use the following code to force the relogin...

<%
 if (Session("redirectDueToSessionExpire") == true)
 {
   Session("redirectDueToSessionExpire") = false;
   Repsonse.Status = "401 Access Denied";
   Response.End();
 }
%>

The above code will force the logon/password dialog appear on client browser. And then user will have to relogin.

I hope this info helps.

Naveen

PS. EE seems to be having trouble with emails. It has been taking hours before you get any email for any question.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Author Comment

by:prokni
ID: 6841699
Unfortunate I am using both type of authentication.
(Windows integrated and basic one). I am using Basic because of Netscape users.
Any idea what to do in this scenario?
0
 
LVL 29

Expert Comment

by:Göran Andersson
ID: 6841910
To get rid of the session variables:

Session.Abandon
0
 
LVL 2

Author Comment

by:prokni
ID: 6842164
Session.Abandon does not work. My problem is not session. my problem is request.servervariables keep the data and when i refresh th page, it won't ask for username and password anymore.
0
 
LVL 23

Expert Comment

by:naveenkohli
ID: 6842537
Winodws Integrated authentication takes precendense over Basic authentication. I don't see any way of accomplishing it with switching to Basic Authentication. Down size of this will be the user's will be presented with that anoyying Login/Password dialog box.
Here is a solution that you may want to consider. When you send 401 status code back to the user, you can oublish your intenet that you want to use basic authentication. And then force the user to enter login informaiton.

<%
if (Session("redirectDueToSessionExpire") == true)
{
  Session("redirectDueToSessionExpire") = false;
  Repsonse.Status = "401 Access Denied";
  Response.Addheader("WWW-Authenticate", "BASIC");
  Response.End();
}
%>


Naveen
0
 
LVL 2

Author Comment

by:prokni
ID: 6844389
Naveen,
I tried it and it did not work.
let me explain it again
this is my login.asp
login_name= Ucase(Request.ServerVariables("LOGON_USER"))
if IsAuth(login_name) then
response.redirect "pag2.asp"
end if

and also on top of each page
I check
if session("Session_started") <> 1 then
response.redirect "login.asp"
end if

when the session expired then I am redirecting them to login.asp.

WHere do you suggest to put your code, I put it in my session_check.asp file and it did not work.

Thanks for your help
0
 
LVL 2

Author Comment

by:prokni
ID: 6889907
Any more idea?
0
 

Accepted Solution

by:
ComTech earned 0 total points
ID: 7002210
This qustion has no defenitive answer, as I will place it in PAQ.

Regads,
ComTech
CS Admin @ EE
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question