troubleshooting Question

ASP Session ID for security - problem with session ID being reset OnChange event

Avatar of rabbits2
rabbits2 asked on
ASP
12 Comments2 Solutions598 ViewsLast Modified:
I am trying to work out how to use session IDs for security purposes.  I have a login page which is then checed and if the user and password are correct a session ID is set.  I then have an include page at the top of all secure pages to chekc if this session ID is set to authenticated  and if not the user is redirected back to the login page with a message.
I am having trouble with a page in which I have a search feature - a form with a select box.  It seems that when the user changes the search criteria and an OnChange feature on the select box submits the new criteria to the same page, the session ID is being reset and therefore the session ID is no longer authenticated.

The code for the search form is as follows:
<form action="auction_home.asp" method="POST" name="form5" class="form">
                                    <table align="center">
                                      <tr>
                                        <td valign="top" class="text_2" style="height:14 ">Select
                                          a Make:</td>
                                      </tr>
                                      <tr>
                                        <td valign="top" style="height:30 "><select name="carmakeauction" class="form" onChange="document.form5.submit()">
                                            <%if request.form("carmakeauction") <> "" then %>
                                            <option value = "<%Response.Write request.form("carmakeauction")%>">
                                            <%Response.Write request.form("carmakeauction")%>
                                            </option>
                                            <%else%>
                                            <option value = "<%Response.Write "Please Select..."%>">
                                            <%Response.Write "Please Select..."%>
                                            </option>
                                            <%end if%>
                                            <%while not objrs_auctioncarmake.eof%>
                                            <option value = "<%Response.Write objrs_auctioncarmake ("car_make")%>">
                                            <%Response.Write objrs_auctioncarmake ("car_make")%>
                                            </option><br>
                                            <%objrs_auctioncarmake.movenext
                                                        wend %>
                                          </select></td>
                                      </tr>
                                    </table>
                                  </form>

I will also provide you with the include page I have - normally I would have this:
<%
If (not session("authenticated")=True) Then
    strURL = "login.asp?type=42&msg=" & Server.HTMLEncode("You have logged off or have not yet logged in, you must login to access your account pages")
    Response.Write "<script>window.opener.location.href = '" & strURL & "'; window.close();</script>"

End If
%>

But for trouble shooting purposes I have been advised to try this in the include:
<%
If (not session("authenticated")=True) Then
    strURL = "login.asp?type=42&msg=" & Server.HTMLEncode("You have logged off or have not yet logged in, you must login to access your account pages")
    Response.Write "<script>window.opener.location.href = '" & strURL & "'; window.close();</script>"

End If
%>


Any ideas on how to solve this much appreciated, thanks.
ASKER CERTIFIED SOLUTION
ddelhez

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 12 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros