Solved

Persist Session over MSXML2.ServerHTTP.3.0 for login validation (ASP)

Posted on 2006-06-11
4
349 Views
Last Modified: 2007-12-19
Hi ,
THis problem has been bugging me all morning. I've been searching already here and many other locations but noone seems to have had exaclty the situation i have, so here goes! :o)

I am loading a login form over XMLHTTP using MSXML2.ServerHTTP.3.0.
I can get the page to load, and the form to submit and log in the user, but the session is not the same as the one used for the main website, so I need a way to send the login page the correct SESSIONID.

I am using ASP/IIS/MySQL (for user authentication)

I've got as far as including the following:

vCookies = CStr(Request.ServerVariables("HTTP_COOKIE"))
oXMLHTTP.Open "POST", vDoc, False
oXMLHTTP.SetRequestHeader("Cookie") = CStr(vCookies)
oXMLHTTP.SetRequestHeader("Cookie") = CStr(vCookies)

However as soon as I add the SetRequestHeader lines the whole web page refuses to load, returning:

Error Type:
msxml3.dll (0x80072EE2)
The operation timed out
/functions/systemClasses/XSLTransformClass.asp, line 133

My XMLHTTP request is happening server side (no client side js/vbscript). If there are any Request.Form values sent to the main page these are passed to the HTTP Request using
oXMLHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"

If i remove the SetRequestHeader lines it all works again ,but with no session persist. If i view the login page directly, after logging in, the authenticated session is valid, and it tells me i am logged in.

Please can someone shed some light on this?!

Many thanks in advance
0
Comment
Question by:wildtangent
  • 2
  • 2
4 Comments
 
LVL 14

Accepted Solution

by:
huji earned 500 total points
ID: 16881888
I'm not sure if the following will answer your question. I just recommend you take a glance, if you haven't reach this in your own searches:

http://blog.netnerds.net/2006/04/asp-sustain-remote-cookie-sessions-in-an-asp-script-using-vbscript/

Wish I can help
Huji
0
 

Author Comment

by:wildtangent
ID: 16882213
Hi, thanks this may actually be the only reasonable way to achieve this - I will try it out tomorrow and see how i get on.  I managed to get it to accept the cookie without timing out by adding Server.URLEncode(vCookies), but this doesn't pass the authenticated session back to the main page (i probably need to do the above!)

- any more suggestions? Thanks!
0
 
LVL 14

Expert Comment

by:huji
ID: 16888141
Well, I ran out of suggestions! ;) Let's see if the above solves it or not. If not, we will take the next steps.
Wish I can help
Huji
0
 

Author Comment

by:wildtangent
ID: 16934181
Hi huji - ended up using your method suggested so i guess you get the points! It certainly works, just a bit slow - am looking at LDAP authentication for this in future.... Many thanks, as the resource you specified was a lot more concise and accurate than many!!

Best,

Joe
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now