Link to home
Start Free TrialLog in
Avatar of teelions
teelions

asked on

I need a ServerVariables("HTTP_REFERER") login script

I have three asp pages:

Search.asp
Add_Topic.asp
Login.asp

On Search.asp, when you click the "AddTopic" button, you are taken to the Add_Topic.asp page.

At the top of the of the Add_Topic.asp page is a login-check that looks for the existence a session variable:

if Session("pass") <> "ok" then
response.redirect("login.asp")
else %>

Now Session("pass") is only written from the Login.asp page. So coming from Search.asp, there is no existance of the variable and so the browser is redirected to Login.asp.

Upon entering Login.asp, a new session variable captures the URL of the referring page, Add_Topic.asp, for later reference:

If (Request.Form("pass")) <> "yes" then
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")

After self-posting, if Login.asp then receives the correct password (yes) it goes to the Else statement which writes:

Else  
Session("pass") = "ok"
Response.Redirect("" & Session("lastpage") & "")
End If

The idea is that the page should be redirected to Add_Topic.asp. Instead, it goes back to the Search.asp page.

How do I fix this?

Avatar of mberumen
mberumen
You might want to try displaying http_referrer on each page to see which values are being posted.

Perhaps when you are posting Login.asp to itself with the username and password a value is being left out.


how about explicitly setting session("lastpage") in each of your pages? (except for login.asp)

session("lastpage")="Add_topic.asp"




Avatar of newknew
newknew
In you code:

If (Request.Form("pass")) <> "yes" then
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")

I think '<>' should be '='.  The way it is now, you are setting the redirect when the WRONG password is entered.

Therefore, when the CORRECT password is entered, your Else statement is executed.  The target has not been set so the redirect goes to the last set instance of session("lastpage") which must be "search.asp" from a previous login.

tim
Avatar of teelions
teelions

ASKER

To the first responder;

OK. I did what you suggested. I added this to the top of the Login page:

Dim lastpage
lastpage = Request.ServerVariables("HTTP_REFERER")

Response.Write(lastpage)
Response.End

then I clicked the Add_Topic link from Search.asp. The result was that Search.asp WAS written to the page. But how can that be?

So I tested again. This time from Add_Topic.asp, I took away this part:

if Session("pass") <> "ok" then
response.redirect("login.asp")
else %>

then clicked the Add_Topic link from Search.asp. It went straight to Add_Topic.asp. This shows that the link goes to Add_Topic then is redirected to Login. Then isn't Add_Topic the referrer? By the way, did I spell "HTTP_REFERER" incorrectly?

I cannot explicitly set session("lastpage") because there will be other pages within this app that will be accessing Login.asp. For instance, (for authenticity purposes) if page "X" is redirected to Login.asp, you would be referred back to page "X". And if page "N" is redirected to Login.asp, you would be referred back to page "N". Am I using the wrong server variable for my purpose?
----------------------------------------------------------
To the second responder:

(Request.Form("pass") is the login form on Login.asp. But I tried what you said and replaced the top script with this:

If (Request.Form("pass")) = "resin" then
Dim lastpage
lastpage = Request.ServerVariables("HTTP_REFERRER")
Response.Redirect(lastpage)
Else
'write login form...

The page response was:
Response object error 'ASP 0158 : 80004005'
Missing URL
/Ref_Lib/login.asp, line 15
A URL is required.


Avatar of newknew
newknew
Well as long as this login page is posting to itself, I think there is going to be a problem... because ultimately the referrer is going to be the login page.

How about:

A) When we load the page.  Read the value of the Hidden form field (assigned below).  If it's empty then set it now.  - this will protect the redirect from getting re-written each time the login page loads.

strRedirectTarget = Request.Form("redirecttarget")
If strRedirectTarget = "" then
   strRedirectTarget = Request.ServerVariables("HTTP_REFERER")
End If

B) Begin the form as below.  I'm using "post" instead of "get" to protect the password and user name.  Using a hidden field to pass the redirect back to the page when it is re-loaded to check for correct password.

<form name="login_form" action="" method="post" >
   <input type="hidden" name="redirecttarget" value="<%=strRedirectTarget%>">

[put the rest of your form here]


C) Then change your code to read:

If (Request.Form("pass")) <> "yes" then
   Response.Write("You entered the wrong password")
Else  
   Session("pass") = "ok"
   Response.Redirect(strRedirectTarget)
End If

tim
Avatar of newknew
newknew
Well as long as this login page is posting to itself, I think there is going to be a problem... because ultimately the referrer is going to be the login page.

How about:

A) When we load the page.  Read the value of the Hidden form field (assigned below).  If it's empty then set it now.  - this will protect the redirect from getting re-written each time the login page loads.

strRedirectTarget = Request.Form("redirecttarget")
If strRedirectTarget = "" then
   strRedirectTarget = Request.ServerVariables("HTTP_REFERER")
End If

B) Begin the form as below.  I'm using "post" instead of "get" to protect the password and user name.  Using a hidden field to pass the redirect back to the page when it is re-loaded to check for correct password.

<form name="login_form" action="" method="post" >
   <input type="hidden" name="redirecttarget" value="<%=strRedirectTarget%>">

[put the rest of your form here]


C) Then change your code to read:

If (Request.Form("pass")) <> "yes" then
   Response.Write("You entered the wrong password")
Else  
   Session("pass") = "ok"
   Response.Redirect(strRedirectTarget)
End If

tim
Avatar of mberumen
mberumen
I experience the same behaviour,  the "add_topic.asp" page is not recognized as the referrer when you use response.redirect.  I guess that since the page is not processed it doesn't populate the server variables.

I was also unable to populate the http_referrer variable through Javascript .

This DID NOT work either..

<SCRIPT>
<%if Session("pass") <> "ok" then

 response.write "window.location.href='logintest.asp?test=';"

end if%>
</SCRIPT>

Not sure if metatags would work either


Avatar of newknew
newknew
teelions, in a quick test, the follow code worked for me:


<%
strRedirectTarget = Request.Form("redirecttarget")
If strRedirectTarget = "" then
  strRedirectTarget = Request.ServerVariables("HTTP_REFERER")
End If

%>
<form name="login_form" action="" method="post" >
  <input type="hidden" name="redirecttarget" value="<%=strRedirectTarget%>">
  Enter Password:
  <input type="password" name="pass" value="">
</form>

<%
If (Request.Form("pass")) <> "yes" then
   'nothing
Else  
  Session("pass") = "ok"
  Response.Redirect(strRedirectTarget)
End If
%>
Avatar of apollois
apollois
Hi teelions,

I would not use Session variables to track the last requested page.  Use URL QueryString variables instead.  Something like this:


**** AddTopic.asp ****  OR any other page that requires logon.

============================================================
if Session("pass") <> "ok" then

     '--- GET THE PATH OF THE CURRENT PAGE AND PASS TO LOGIN.ASP ---

     strURLRedirect = "login.asp?URL=" & Request.ServerVariables("PATH_INFO")
     response.redirect strURLRedirect

else %>
===========================================================


******** Login.asp ********

======================================
If (Request.Form("pass")) <> "yes" then

     'After self-posting, if Login.asp then receives the correct
     'password (yes) it goes to the Else statement which writes:

Else  
     Session("pass") = "ok"
     strURL = Request.QueryString("URL")
     Response.Redirect strURL
End If

======================================

Best Regards,
apollois
Avatar of teelions
teelions

ASKER

I get this error msg with Response.Redirect strURL:

Response object error 'ASP 0158 : 80004005'
Missing URL
login.asp, line 54
A URL is required.

Is there no generic login script which will simply send back to the referer?
Avatar of apollois
apollois
teelions,
>>>I get this error msg with Response.Redirect strURL:

That means that the querystring is empty.  Please post your code for each page.

Best Regards,
apollois
Avatar of iozturk
iozturk
Flag of Türkiye image
try
Response.Redirect(Session("lastpage"))
Avatar of Wakie
Wakie
Flag of Australia image
Hi teelions, you may also like to give this a shot:

<script language="javascript">
<!--
function goRefer(Dest)     {
     location = Dest + '?refer=' + location;
     }
//-->
</script>

<a href="javascript:goRefer('http://www.yourserver.com/yourscript.asp')">Home Page</a>

Then simply do this:

<%
Refer = Request.ServerVariables("HTTP_REFERER")
If len(Refer) = 0 Then
     Refer = Request.QueryString("Refer")
End If
Session("Refer") = Refer
%>

Regards,
Wakie.
Avatar of teelions
teelions

ASKER

Here's the code:

SEARCH.ASP

<a href="Add_Topic.asp">Add Topic</a>
---------------------------------------------------
ADD_TOPIC.ASP

<%  
'check for login
if Session("pass") <> "ok" then
response.redirect("login.asp")
else %>

<HTML>
<BODY>

<form>...
<INPUT>
<SUBMIT>
</form>

</BODY>
</HTML>
--------------------------------------------------
LOGIN.ASP



<%
If (Request.Form("pass")) <> "yes" then
Session("lastpage")=Request.ServerVariables"HTTP_REFERER")
%>

<html>
<body>

<form method="post">
 <p>Password: <input type="password" name="pass" size="10"> <!-- value="yes"-->

            <p><input type="submit" value="Submit">
</form>
</body>
</html>
<%
ElseIf (Request.Form("pass")) <> "yes" then
Response.Write "<H2>HTTP Error 401</H2><P><STRONG>401.1 Unauthorized: Logon Failed</STRONG></P><P>This error indicates that the credentials passed to the server do not match the credentials required to log on to the server.</P>"
     
     Response.End

Else
Session("pass") = "ok"
Response.Redirect("" & Session("lastpage") & "")

  End If %>
Avatar of teelions
teelions

ASKER

WOW! Did everybody give up already??
Avatar of apollois
apollois
teelions,

>>>WOW! Did everybody give up already??

Of course not! <bg>

Did you try the code I posted?
If you got any errors, or unexpected results, then output some debug info like:

Response.write "<BR>PathInfo: " & Request.ServerVariables("PATH_INFO") & "<BR>"

Output the data you are getting from the user and from the QueryString.
Post this data.

Best Regards,
>apollois<
ASKER CERTIFIED SOLUTION
Avatar of newknew
newknew
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of newknew
newknew
Sorry, I left some remnants of some previous testing.  The code still works fine, but the top portion of login.asp should be re-worked to look like:

--------------------------------------------
login.asp
---------------------------------------------
<%
strRedirectTargetURL = Request.QueryString("RedirectTargetURL")
strRedirectTargetQueryString = Request.QueryString("RedirectTargetQueryString")
strFormAction = "login.asp?RedirectTargetURL=" & Server.URLEncode(strRedirectTargetURL) & "&RedirectTargetQueryString=" & Server.URLEncode(strRedirectTargetQuerystring)
%>

<form name="login_form" action="<%=strFormAction%>" method="post" >
     Enter Password:
     <input type="password" name="pass" value="">
</form>

<%
If (Request.Form("pass")) <> "yes" then
     'nothing
Else  
     Session("pass") = "ok"
     Response.Redirect(strRedirectTargetURL & "?" & strRedirectTargetQueryString)
End If
%>
Avatar of teelions
teelions

ASKER

newknew YES! This works! Thanks very much for your help. Now I can go on with my project. Thanks for everyone that lent a hand.