teelions
asked on
I need a ServerVariables("HTTP_REFERER") login script
I have three asp pages:
Search.asp
Add_Topic.asp
Login.asp
On Search.asp, when you click the "AddTopic" button, you are taken to the Add_Topic.asp page.
At the top of the of the Add_Topic.asp page is a login-check that looks for the existence a session variable:
if Session("pass") <> "ok" then
response.redirect("login.a sp")
else %>
Now Session("pass") is only written from the Login.asp page. So coming from Search.asp, there is no existance of the variable and so the browser is redirected to Login.asp.
Upon entering Login.asp, a new session variable captures the URL of the referring page, Add_Topic.asp, for later reference:
If (Request.Form("pass")) <> "yes" then
Session("lastpage") = Request.ServerVariables("H TTP_REFERE R")
After self-posting, if Login.asp then receives the correct password (yes) it goes to the Else statement which writes:
Else
Session("pass") = "ok"
Response.Redirect("" & Session("lastpage") & "")
End If
The idea is that the page should be redirected to Add_Topic.asp. Instead, it goes back to the Search.asp page.
How do I fix this?
Search.asp
Add_Topic.asp
Login.asp
On Search.asp, when you click the "AddTopic" button, you are taken to the Add_Topic.asp page.
At the top of the of the Add_Topic.asp page is a login-check that looks for the existence a session variable:
if Session("pass") <> "ok" then
response.redirect("login.a
else %>
Now Session("pass") is only written from the Login.asp page. So coming from Search.asp, there is no existance of the variable and so the browser is redirected to Login.asp.
Upon entering Login.asp, a new session variable captures the URL of the referring page, Add_Topic.asp, for later reference:
If (Request.Form("pass")) <> "yes" then
Session("lastpage") = Request.ServerVariables("H
After self-posting, if Login.asp then receives the correct password (yes) it goes to the Else statement which writes:
Else
Session("pass") = "ok"
Response.Redirect("" & Session("lastpage") & "")
End If
The idea is that the page should be redirected to Add_Topic.asp. Instead, it goes back to the Search.asp page.
How do I fix this?
In you code:
If (Request.Form("pass")) <> "yes" then
Session("lastpage") = Request.ServerVariables("H TTP_REFERE R")
I think '<>' should be '='. The way it is now, you are setting the redirect when the WRONG password is entered.
Therefore, when the CORRECT password is entered, your Else statement is executed. The target has not been set so the redirect goes to the last set instance of session("lastpage") which must be "search.asp" from a previous login.
tim
If (Request.Form("pass")) <> "yes" then
Session("lastpage") = Request.ServerVariables("H
I think '<>' should be '='. The way it is now, you are setting the redirect when the WRONG password is entered.
Therefore, when the CORRECT password is entered, your Else statement is executed. The target has not been set so the redirect goes to the last set instance of session("lastpage") which must be "search.asp" from a previous login.
tim
ASKER
To the first responder;
OK. I did what you suggested. I added this to the top of the Login page:
Dim lastpage
lastpage = Request.ServerVariables("H TTP_REFERE R")
Response.Write(lastpage)
Response.End
then I clicked the Add_Topic link from Search.asp. The result was that Search.asp WAS written to the page. But how can that be?
So I tested again. This time from Add_Topic.asp, I took away this part:
if Session("pass") <> "ok" then
response.redirect("login.a sp")
else %>
then clicked the Add_Topic link from Search.asp. It went straight to Add_Topic.asp. This shows that the link goes to Add_Topic then is redirected to Login. Then isn't Add_Topic the referrer? By the way, did I spell "HTTP_REFERER" incorrectly?
I cannot explicitly set session("lastpage") because there will be other pages within this app that will be accessing Login.asp. For instance, (for authenticity purposes) if page "X" is redirected to Login.asp, you would be referred back to page "X". And if page "N" is redirected to Login.asp, you would be referred back to page "N". Am I using the wrong server variable for my purpose?
-------------------------- ---------- ---------- ---------- --
To the second responder:
(Request.Form("pass") is the login form on Login.asp. But I tried what you said and replaced the top script with this:
If (Request.Form("pass")) = "resin" then
Dim lastpage
lastpage = Request.ServerVariables("H TTP_REFERR ER")
Response.Redirect(lastpage )
Else
'write login form...
The page response was:
Response object error 'ASP 0158 : 80004005'
Missing URL
/Ref_Lib/login.asp, line 15
A URL is required.
OK. I did what you suggested. I added this to the top of the Login page:
Dim lastpage
lastpage = Request.ServerVariables("H
Response.Write(lastpage)
Response.End
then I clicked the Add_Topic link from Search.asp. The result was that Search.asp WAS written to the page. But how can that be?
So I tested again. This time from Add_Topic.asp, I took away this part:
if Session("pass") <> "ok" then
response.redirect("login.a
else %>
then clicked the Add_Topic link from Search.asp. It went straight to Add_Topic.asp. This shows that the link goes to Add_Topic then is redirected to Login. Then isn't Add_Topic the referrer? By the way, did I spell "HTTP_REFERER" incorrectly?
I cannot explicitly set session("lastpage") because there will be other pages within this app that will be accessing Login.asp. For instance, (for authenticity purposes) if page "X" is redirected to Login.asp, you would be referred back to page "X". And if page "N" is redirected to Login.asp, you would be referred back to page "N". Am I using the wrong server variable for my purpose?
--------------------------
To the second responder:
(Request.Form("pass") is the login form on Login.asp. But I tried what you said and replaced the top script with this:
If (Request.Form("pass")) = "resin" then
Dim lastpage
lastpage = Request.ServerVariables("H
Response.Redirect(lastpage
Else
'write login form...
The page response was:
Response object error 'ASP 0158 : 80004005'
Missing URL
/Ref_Lib/login.asp, line 15
A URL is required.
Well as long as this login page is posting to itself, I think there is going to be a problem... because ultimately the referrer is going to be the login page.
How about:
A) When we load the page. Read the value of the Hidden form field (assigned below). If it's empty then set it now. - this will protect the redirect from getting re-written each time the login page loads.
strRedirectTarget = Request.Form("redirecttarg et")
If strRedirectTarget = "" then
strRedirectTarget = Request.ServerVariables("H TTP_REFERE R")
End If
B) Begin the form as below. I'm using "post" instead of "get" to protect the password and user name. Using a hidden field to pass the redirect back to the page when it is re-loaded to check for correct password.
<form name="login_form" action="" method="post" >
<input type="hidden" name="redirecttarget" value="<%=strRedirectTarge t%>">
[put the rest of your form here]
C) Then change your code to read:
If (Request.Form("pass")) <> "yes" then
Response.Write("You entered the wrong password")
Else
Session("pass") = "ok"
Response.Redirect(strRedir ectTarget)
End If
tim
How about:
A) When we load the page. Read the value of the Hidden form field (assigned below). If it's empty then set it now. - this will protect the redirect from getting re-written each time the login page loads.
strRedirectTarget = Request.Form("redirecttarg
If strRedirectTarget = "" then
strRedirectTarget = Request.ServerVariables("H
End If
B) Begin the form as below. I'm using "post" instead of "get" to protect the password and user name. Using a hidden field to pass the redirect back to the page when it is re-loaded to check for correct password.
<form name="login_form" action="" method="post" >
<input type="hidden" name="redirecttarget" value="<%=strRedirectTarge
[put the rest of your form here]
C) Then change your code to read:
If (Request.Form("pass")) <> "yes" then
Response.Write("You entered the wrong password")
Else
Session("pass") = "ok"
Response.Redirect(strRedir
End If
tim
Well as long as this login page is posting to itself, I think there is going to be a problem... because ultimately the referrer is going to be the login page.
How about:
A) When we load the page. Read the value of the Hidden form field (assigned below). If it's empty then set it now. - this will protect the redirect from getting re-written each time the login page loads.
strRedirectTarget = Request.Form("redirecttarg et")
If strRedirectTarget = "" then
strRedirectTarget = Request.ServerVariables("H TTP_REFERE R")
End If
B) Begin the form as below. I'm using "post" instead of "get" to protect the password and user name. Using a hidden field to pass the redirect back to the page when it is re-loaded to check for correct password.
<form name="login_form" action="" method="post" >
<input type="hidden" name="redirecttarget" value="<%=strRedirectTarge t%>">
[put the rest of your form here]
C) Then change your code to read:
If (Request.Form("pass")) <> "yes" then
Response.Write("You entered the wrong password")
Else
Session("pass") = "ok"
Response.Redirect(strRedir ectTarget)
End If
tim
How about:
A) When we load the page. Read the value of the Hidden form field (assigned below). If it's empty then set it now. - this will protect the redirect from getting re-written each time the login page loads.
strRedirectTarget = Request.Form("redirecttarg
If strRedirectTarget = "" then
strRedirectTarget = Request.ServerVariables("H
End If
B) Begin the form as below. I'm using "post" instead of "get" to protect the password and user name. Using a hidden field to pass the redirect back to the page when it is re-loaded to check for correct password.
<form name="login_form" action="" method="post" >
<input type="hidden" name="redirecttarget" value="<%=strRedirectTarge
[put the rest of your form here]
C) Then change your code to read:
If (Request.Form("pass")) <> "yes" then
Response.Write("You entered the wrong password")
Else
Session("pass") = "ok"
Response.Redirect(strRedir
End If
tim
I experience the same behaviour, the "add_topic.asp" page is not recognized as the referrer when you use response.redirect. I guess that since the page is not processed it doesn't populate the server variables.
I was also unable to populate the http_referrer variable through Javascript .
This DID NOT work either..
<SCRIPT>
<%if Session("pass") <> "ok" then
response.write "window.location.href='log intest.asp ?test=';"
end if%>
</SCRIPT>
Not sure if metatags would work either
I was also unable to populate the http_referrer variable through Javascript .
This DID NOT work either..
<SCRIPT>
<%if Session("pass") <> "ok" then
response.write "window.location.href='log
end if%>
</SCRIPT>
Not sure if metatags would work either
teelions, in a quick test, the follow code worked for me:
<%
strRedirectTarget = Request.Form("redirecttarg et")
If strRedirectTarget = "" then
strRedirectTarget = Request.ServerVariables("H TTP_REFERE R")
End If
%>
<form name="login_form" action="" method="post" >
<input type="hidden" name="redirecttarget" value="<%=strRedirectTarge t%>">
Enter Password:
<input type="password" name="pass" value="">
</form>
<%
If (Request.Form("pass")) <> "yes" then
'nothing
Else
Session("pass") = "ok"
Response.Redirect(strRedir ectTarget)
End If
%>
<%
strRedirectTarget = Request.Form("redirecttarg
If strRedirectTarget = "" then
strRedirectTarget = Request.ServerVariables("H
End If
%>
<form name="login_form" action="" method="post" >
<input type="hidden" name="redirecttarget" value="<%=strRedirectTarge
Enter Password:
<input type="password" name="pass" value="">
</form>
<%
If (Request.Form("pass")) <> "yes" then
'nothing
Else
Session("pass") = "ok"
Response.Redirect(strRedir
End If
%>
Hi teelions,
I would not use Session variables to track the last requested page. Use URL QueryString variables instead. Something like this:
**** AddTopic.asp **** OR any other page that requires logon.
========================== ========== ========== ========== ====
if Session("pass") <> "ok" then
'--- GET THE PATH OF THE CURRENT PAGE AND PASS TO LOGIN.ASP ---
strURLRedirect = "login.asp?URL=" & Request.ServerVariables("P ATH_INFO")
response.redirect strURLRedirect
else %>
========================== ========== ========== ========== ===
******** Login.asp ********
========================== ========== ==
If (Request.Form("pass")) <> "yes" then
'After self-posting, if Login.asp then receives the correct
'password (yes) it goes to the Else statement which writes:
Else
Session("pass") = "ok"
strURL = Request.QueryString("URL")
Response.Redirect strURL
End If
========================== ========== ==
Best Regards,
apollois
I would not use Session variables to track the last requested page. Use URL QueryString variables instead. Something like this:
**** AddTopic.asp **** OR any other page that requires logon.
==========================
if Session("pass") <> "ok" then
'--- GET THE PATH OF THE CURRENT PAGE AND PASS TO LOGIN.ASP ---
strURLRedirect = "login.asp?URL=" & Request.ServerVariables("P
response.redirect strURLRedirect
else %>
==========================
******** Login.asp ********
==========================
If (Request.Form("pass")) <> "yes" then
'After self-posting, if Login.asp then receives the correct
'password (yes) it goes to the Else statement which writes:
Else
Session("pass") = "ok"
strURL = Request.QueryString("URL")
Response.Redirect strURL
End If
==========================
Best Regards,
apollois
ASKER
I get this error msg with Response.Redirect strURL:
Response object error 'ASP 0158 : 80004005'
Missing URL
login.asp, line 54
A URL is required.
Is there no generic login script which will simply send back to the referer?
Response object error 'ASP 0158 : 80004005'
Missing URL
login.asp, line 54
A URL is required.
Is there no generic login script which will simply send back to the referer?
teelions,
>>>I get this error msg with Response.Redirect strURL:
That means that the querystring is empty. Please post your code for each page.
Best Regards,
apollois
>>>I get this error msg with Response.Redirect strURL:
That means that the querystring is empty. Please post your code for each page.
Best Regards,
apollois
try
Response.Redirect(Session( "lastpage" ))
Response.Redirect(Session(
Hi teelions, you may also like to give this a shot:
<script language="javascript">
<!--
function goRefer(Dest) {
location = Dest + '?refer=' + location;
}
//-->
</script>
<a href="javascript:goRefer(' http://www.yourserver.com/yourscript.asp')">Home Page</a>
Then simply do this:
<%
Refer = Request.ServerVariables("H TTP_REFERE R")
If len(Refer) = 0 Then
Refer = Request.QueryString("Refer ")
End If
Session("Refer") = Refer
%>
Regards,
Wakie.
<script language="javascript">
<!--
function goRefer(Dest) {
location = Dest + '?refer=' + location;
}
//-->
</script>
<a href="javascript:goRefer('
Then simply do this:
<%
Refer = Request.ServerVariables("H
If len(Refer) = 0 Then
Refer = Request.QueryString("Refer
End If
Session("Refer") = Refer
%>
Regards,
Wakie.
ASKER
Here's the code:
SEARCH.ASP
<a href="Add_Topic.asp">Add Topic</a>
-------------------------- ---------- ---------- -----
ADD_TOPIC.ASP
<%
'check for login
if Session("pass") <> "ok" then
response.redirect("login.a sp")
else %>
<HTML>
<BODY>
<form>...
<INPUT>
<SUBMIT>
</form>
</BODY>
</HTML>
-------------------------- ---------- ---------- ----
LOGIN.ASP
<%
If (Request.Form("pass")) <> "yes" then
Session("lastpage")=Reques t.ServerVa riables"HT TP_REFERER ")
%>
<html>
<body>
<form method="post">
<p>Password: <input type="password" name="pass" size="10"> <!-- value="yes"-->
<p><input type="submit" value="Submit">
</form>
</body>
</html>
<%
ElseIf (Request.Form("pass")) <> "yes" then
Response.Write "<H2>HTTP Error 401</H2><P><STRONG>401.1 Unauthorized: Logon Failed</STRONG></P><P>This error indicates that the credentials passed to the server do not match the credentials required to log on to the server.</P>"
Response.End
Else
Session("pass") = "ok"
Response.Redirect("" & Session("lastpage") & "")
End If %>
SEARCH.ASP
<a href="Add_Topic.asp">Add Topic</a>
--------------------------
ADD_TOPIC.ASP
<%
'check for login
if Session("pass") <> "ok" then
response.redirect("login.a
else %>
<HTML>
<BODY>
<form>...
<INPUT>
<SUBMIT>
</form>
</BODY>
</HTML>
--------------------------
LOGIN.ASP
<%
If (Request.Form("pass")) <> "yes" then
Session("lastpage")=Reques
%>
<html>
<body>
<form method="post">
<p>Password: <input type="password" name="pass" size="10"> <!-- value="yes"-->
<p><input type="submit" value="Submit">
</form>
</body>
</html>
<%
ElseIf (Request.Form("pass")) <> "yes" then
Response.Write "<H2>HTTP Error 401</H2><P><STRONG>401.1 Unauthorized: Logon Failed</STRONG></P><P>This
Response.End
Else
Session("pass") = "ok"
Response.Redirect("" & Session("lastpage") & "")
End If %>
ASKER
WOW! Did everybody give up already??
teelions,
>>>WOW! Did everybody give up already??
Of course not! <bg>
Did you try the code I posted?
If you got any errors, or unexpected results, then output some debug info like:
Response.write "<BR>PathInfo: " & Request.ServerVariables("P ATH_INFO") & "<BR>"
Output the data you are getting from the user and from the QueryString.
Post this data.
Best Regards,
>apollois<
>>>WOW! Did everybody give up already??
Of course not! <bg>
Did you try the code I posted?
If you got any errors, or unexpected results, then output some debug info like:
Response.write "<BR>PathInfo: " & Request.ServerVariables("P
Output the data you are getting from the user and from the QueryString.
Post this data.
Best Regards,
>apollois<
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry, I left some remnants of some previous testing. The code still works fine, but the top portion of login.asp should be re-worked to look like:
-------------------------- ---------- --------
login.asp
-------------------------- ---------- ---------
<%
strRedirectTargetURL = Request.QueryString("Redir ectTargetU RL")
strRedirectTargetQueryStri ng = Request.QueryString("Redir ectTargetQ ueryString ")
strFormAction = "login.asp?RedirectTargetU RL=" & Server.URLEncode(strRedire ctTargetUR L) & "&RedirectTargetQueryStrin g=" & Server.URLEncode(strRedire ctTargetQu erystring)
%>
<form name="login_form" action="<%=strFormAction%> " method="post" >
Enter Password:
<input type="password" name="pass" value="">
</form>
<%
If (Request.Form("pass")) <> "yes" then
'nothing
Else
Session("pass") = "ok"
Response.Redirect(strRedir ectTargetU RL & "?" & strRedirectTargetQueryStri ng)
End If
%>
--------------------------
login.asp
--------------------------
<%
strRedirectTargetURL = Request.QueryString("Redir
strRedirectTargetQueryStri
strFormAction = "login.asp?RedirectTargetU
%>
<form name="login_form" action="<%=strFormAction%>
Enter Password:
<input type="password" name="pass" value="">
</form>
<%
If (Request.Form("pass")) <> "yes" then
'nothing
Else
Session("pass") = "ok"
Response.Redirect(strRedir
End If
%>
ASKER
newknew YES! This works! Thanks very much for your help. Now I can go on with my project. Thanks for everyone that lent a hand.
Perhaps when you are posting Login.asp to itself with the username and password a value is being left out.
how about explicitly setting session("lastpage") in each of your pages? (except for login.asp)
session("lastpage")="Add_t