[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ServerXMLHTTP and session variable

Posted on 2005-05-13
13
Medium Priority
?
427 Views
Last Modified: 2008-01-09
I have a printpage.asp page that I pass a page URL to in the querystring. using ServerXMLHTTP, this page grabs the referenced page, looks in it to find a portion between the <printhere> and </printhere> tags.

Then it simply returns the resulting html (between these tags) to show only the printable portion or the referenced page.

Simply stating, I use ServerXMLHTTP to retrieve a portion of another page. This works fine, except for then I want to retrieve inforamtion from a page that is password protected (username / login) with a response.redirect if the required session variable is not set.

Hence when I try to print a "protected" page, I am redirected to the login page.

Clear as mud? Can someone help anyway? Cookies will do the same think methinks.

no https involved. all files on same domain.
0
Comment
Question by:yyilmaz
  • 4
  • 3
  • 3
  • +2
13 Comments
 
LVL 5

Expert Comment

by:frrf
ID: 13994010
what does the referenced page's return look like?

If it can look like below, then your problem is resolved
<Response>
    <errors>
        <error code=1>UserName is not valid</error>
        <error code=2>Password doesn't match</error>
    <errors>
    <data>
        <printThere>PRINT_THERE</printThere>  
        <printhere>PRINTHERE</printhere>
        <printThereAgain>PRINT_THERE_AGAIN</printThereAgain>
    </data>
</Response>

Then in your printPage.asp
returnXML = serverXMLHTTP_Obj.responseXML

if hasError(returnXML) then
    response.redirect Login.asp
end if

Show_Content_Of_PrintHere_Tag
0
 
LVL 15

Expert Comment

by:deighc
ID: 13994271
How do you "protect" your pages?

If you're using a pure ASP Session based system then you're out of luck because ASP Session's are propogated by cookies, and the cookie resides on the client browser - the server end knows nothing about it.

You **may** be able to "log in" to the system using XMLHTTP ie. first do a request to the login page so that XMLHTTP gets a Session cookie, then call the page in question. But I've never tried this.

But if you're using a different authentication system like Basic then there are workarounds.
0
 
LVL 9

Expert Comment

by:AlfaNoMore
ID: 13994553
As deighc suggests, when you use an instance of the ServerXMLHTTP object, you're effectively asking the server to open a copy of a browser and navigate to your page. So if your requested page reads or writes session variables, they cannot be passed on to the client.

Ways around this could be sending session information into the request via headers:

objHTTP.Open "GET", URL, False
objHTTP.SetRequestHeader "loggedin", Session.Contents("loggedin")
objHTTP.Send()

Your referenced page can then try to validate if the user is logged in by looking at the session object first, or if that fails, looking at the Request.ServerVariables("HTTP_loggedin") value and seeing if this is equal to true (or whatever your session normally valuates to)?????
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Accepted Solution

by:
Danielcmorris earned 260 total points
ID: 14000958
The best way to do this is to make another page to interface for you.

Suppose you want to call "mysite.com\purchase_order.asp?orderid=123

but, you have to be logged in to get that information, so you make another page called "pass.asp"

from your xmlhttp you call pass.asp?page=purchase_order&orderid=123&username=myusernam&password=mypassword

on the "pass.asp" page, you run the login script just like they were logging in, using the username and password provided.  Then, you use "Server.Transfer" to give them the page they want using the querystring they want.

-works for me.
0
 
LVL 2

Author Comment

by:yyilmaz
ID: 14016163
AlfaNoMore, Deighc

Thanks for that.. It has confirmed my thoughts... But that is what I'm doing. There are certain pages in the site that look up session variables to either display or redirect to a login page (which sets the settion vars in the first place if successful login).

    if not session("ETF_loggedin") then response.redirect("login.asp")

So when I try to pull data out with XMLHTTP, the session is not recognised, hence I get the login page.

I tried sending session information into the request via headers as AlfaNoMore suggested but it didn't work - using the following code:

    Set objXMLHTTP = Server.CreateObject("Microsoft.XMLHTTP")
    objXMLHTTP.Open "GET", RefPage, False
    objXMLHTTP.SetRequestHeader "ETF_loggedin", Session.Contents("ETF_loggedin")
    objXMLHTTP.Send
    RefPageContent = objXMLHTTP.responseText
    Set objXMLHTTP = Nothing

Do I need to pass all session variables individually? There are 3 session vars that I need to pass:

    session("ETF_loggedin")
    session("ETF_usertype")
    session("ETF_username")

Danielcmorris, I wil try your solution. It does sound like a long work around, but I'll give it a go.
0
 
LVL 2

Author Comment

by:yyilmaz
ID: 14016241
I have hit nother hurdle.

Allow me to describe more of what I'm trying to achieve...

My print friendly icon goes to a printpage.asp which is called as such: (eg)
printpage.asp?ref=http://intranet/calendar/index.asp
The <a> tag for the icon is written dynamically with javascript window.location.href

printpage.asp then gets the ref and looks into that to find the 2 tags <printhere> and </printhere> - which effectively only encapsulates the body content that I want to print. It does this extraction using the XMLHTML

No probs so far.. However, my session password protected application resides in
http://intranet/application/

and there are many pages there, all protected by this session. These pages can have many querystring arguments being passed around, such as
    ?id=xxx&optional=yyy&somethingelse=zzz

NOW... (phew)
using Danielcmorris' suggestion, my print icon's <a href=''> href ends up looking like this:
    http://intranet/printpage.asp?ref=http://intranet/application/details.asp?id=xxx&optional=yyy&somethingelse=zzz

Hence, when I try to retrieve the request("ref"), I can't grab the whole thing... I only end up grabbing
    http://intranet/application/details.asp?id=xxx

since after the & is construed to be another variable.

And ths is not enough to send to a pass page as per Danielcmorris' suggestion:
    pass.asp?ref=http://intranet/application/details.asp?id=xxx&optional=yyy&somethingelse=zzz&orderid=123&username=myusernam&password=mypassword

since my printpage.asp will not pick up all the variables.

The printpage icon and its dynamic js generated href are parts of a template, and they remain consistent thru the entire site. I am pretty much limited to making my printpage.asp as smart as I can.

Is this making sense? clear as mud?

I had thought that this was going to be a simple answer, with some way to transfer session variables..
0
 
LVL 9

Assisted Solution

by:AlfaNoMore
AlfaNoMore earned 240 total points
ID: 14016718
0
 
LVL 9

Expert Comment

by:AlfaNoMore
ID: 14016734
If you're goping to need these values in your authentication script, then pass them in.

    Set objXMLHTTP = Server.CreateObject("Microsoft.XMLHTTP")
    objXMLHTTP.Open "GET", RefPage, False
    objXMLHTTP.SetRequestHeader "ETFloggedin", Session.Contents("ETF_loggedin")  'don't include underscores in header names, as these get interpreted as spaces!
    objXMLHTTP.SetRequestHeader "ETFusertype", Session.Contents("ETF_usertype")
    objXMLHTTP.SetRequestHeader "ETFusername", Session.Contents("ETF_username")
    objXMLHTTP.Send
    RefPageContent = objXMLHTTP.responseText
    Set objXMLHTTP = Nothing

Please remember, however, that asking for Session.Contents("ETF_loggedin") in your ref page will result in nothing. I'd suggest you'll need to do this in your printpage.asp file to overcome this issue:

Session.Contents("ETF_loggedin") = Request.ServerVariables("http_ETFloggedin")
Session.Contents("ETF_usertype") = Request.ServerVariables("http_ETFusertype")
Session.Contents("ETF_username") = Request.ServerVariables("http_ETFusername")

And then your Server.Execute(Request.QueryString("ref")) will be able to retrieve these session values ;-)

happy programming
0
 
LVL 4

Expert Comment

by:Danielcmorris
ID: 14019346
Just a footnote:

I just had an irate client call me at 5am.  It seems that a function on their site which does an external call, via Server.CreateObject("Microsoft.XMLHTTP") suddenly failed..... of course, it failed during an interview with a reporter....

anyway, it was because I had installed microsoft's Office Web Components on that server yesterday.  You see, the Microsoft.XMLHTTP object is replaced by the new versions after 1 of 1000 different types of microsoft upgrades.  Lukily I'd run in to this before and was able to fix it in a matter of minutes.

So... basically, before you wrap this project up, make sure to install the most recent version of the XMLHTTP object, which I believe, is "Msxml2.ServerXMLHTTP.3.0".  
0
 
LVL 9

Expert Comment

by:AlfaNoMore
ID: 14019458
OUCH! Bad luck Daniel. Hope the client will still keep using their system (and possibly paying you for the privilege!!!!)
0
 
LVL 15

Expert Comment

by:deighc
ID: 14019465
>> most recent version of the XMLHTTP object, which
>> I believe, is "Msxml2.ServerXMLHTTP.3.0"

Actually, 4.0 SP2 is the latest release and 5.0 is currently in beta :-)

With each successive version you have an option of doing a side-by-side install or a full replacement install. A side-by-side install means that you can only create objects from the newer versions by using different prog id's. This means that existing code **should** continue to work because it continues to use objects from the older .dll.

A full replacement install means that code that uses the older prog id's will actually create objects from the newer .dll. Since many changes have been made to MSXML over the years this often results in broken code.
0
 
LVL 4

Expert Comment

by:Danielcmorris
ID: 14019713
Hey Alfa,  No worries about that client.  I blamed it on one of our vendors and then billed them to repair the problem  :)  Insurance companies, gotta love'em

deighc,  Thanks for the tip about the new/latest release.  

yyilmaz, Alpha's server.URLencode("your querystring") will fix your problem.

Have a nice day everyone, I'm going to go write up some invoices.  :)
0
 
LVL 2

Author Comment

by:yyilmaz
ID: 14023306
Thank you guys.
I have used the URLencode method, passing to a passRedirect page. (hence the split in the points! :-)
Thanks for the tips also.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question