Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 361
  • Last Modified:

Persist Session over MSXML2.ServerHTTP.3.0 for login validation (ASP)

Hi ,
THis problem has been bugging me all morning. I've been searching already here and many other locations but noone seems to have had exaclty the situation i have, so here goes! :o)

I am loading a login form over XMLHTTP using MSXML2.ServerHTTP.3.0.
I can get the page to load, and the form to submit and log in the user, but the session is not the same as the one used for the main website, so I need a way to send the login page the correct SESSIONID.

I am using ASP/IIS/MySQL (for user authentication)

I've got as far as including the following:

vCookies = CStr(Request.ServerVariables("HTTP_COOKIE"))
oXMLHTTP.Open "POST", vDoc, False
oXMLHTTP.SetRequestHeader("Cookie") = CStr(vCookies)
oXMLHTTP.SetRequestHeader("Cookie") = CStr(vCookies)

However as soon as I add the SetRequestHeader lines the whole web page refuses to load, returning:

Error Type:
msxml3.dll (0x80072EE2)
The operation timed out
/functions/systemClasses/XSLTransformClass.asp, line 133

My XMLHTTP request is happening server side (no client side js/vbscript). If there are any Request.Form values sent to the main page these are passed to the HTTP Request using
oXMLHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"

If i remove the SetRequestHeader lines it all works again ,but with no session persist. If i view the login page directly, after logging in, the authenticated session is valid, and it tells me i am logged in.

Please can someone shed some light on this?!

Many thanks in advance
0
wildtangent
Asked:
wildtangent
  • 2
  • 2
1 Solution
 
hujiCommented:
I'm not sure if the following will answer your question. I just recommend you take a glance, if you haven't reach this in your own searches:

http://blog.netnerds.net/2006/04/asp-sustain-remote-cookie-sessions-in-an-asp-script-using-vbscript/

Wish I can help
Huji
0
 
wildtangentAuthor Commented:
Hi, thanks this may actually be the only reasonable way to achieve this - I will try it out tomorrow and see how i get on.  I managed to get it to accept the cookie without timing out by adding Server.URLEncode(vCookies), but this doesn't pass the authenticated session back to the main page (i probably need to do the above!)

- any more suggestions? Thanks!
0
 
hujiCommented:
Well, I ran out of suggestions! ;) Let's see if the above solves it or not. If not, we will take the next steps.
Wish I can help
Huji
0
 
wildtangentAuthor Commented:
Hi huji - ended up using your method suggested so i guess you get the points! It certainly works, just a bit slow - am looking at LDAP authentication for this in future.... Many thanks, as the resource you specified was a lot more concise and accurate than many!!

Best,

Joe
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now