[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

Best way to keep a user logged in for a day at a time - much like Ebay

DWMX / CS3
Classic ASP VBScript
Windows 2003 Server

Hello.

I have developed a training site for our team.  Now we are needing to track usage, hits per user, etc.  So, I created a login, whereby users must login to gain access to the site now.  Of course, the default time for timeouts is 20 minutes.

I would like to provide a way for the login to remain active all day - much like Ebay's method.

I was thinking it might be related to Cookies, somehow, but I haven't really used Cookies, so I was wondering if that is the best way to accomplish this.

If so, could you please provide me with a link to a great Cookies tutorial, OR, possibly provide an example here.

It's only a "Username" and "Password" login.

Thanks so much,
Shane
0
lshane
Asked:
lshane
  • 6
  • 5
1 Solution
 
bluV11tCommented:
Cookies is your best bet if you need your users to be logged in again even after they've closed their browser. If not you could just change the session timeout on your site in IIS.

Check out this link for login cookies:

http://www.codefixer.com/codesnippets/cookieLogin.asp

To have the cookie expire in a day set its "expires" attribute to dateadd("d", 1, now())
0
 
lshaneAuthor Commented:
Hi, bluV11t.  Thanks for replying.

I viewed that and it seems a bit complex for what I need at the moment.

I've been experimenting with very basic  cookie scripts, but can't seemt to get them to work.
With a basic login form (Using the Dreamweaver Login behavior), could you assist me with a basic script, please?

I've tried placing this above the <HTML> tag:
<%
response.cookies("cookieuser")=request.form("username")
response.cookies("cookiepass")=request.form("password")
%>

From there... I'm not sure what to do.  I've tried placing this right under the above code:
<% dim myuser, mypass
myuser=request.cookies("cookieuser")
mypass=request.cookies("cookiepass")
%>


Then in the form:
<form action="<%=MM_LoginAction%>" method="POST" name="form1">
<input name="username" type="text" id="username" size="30" value="<%= myuser %>">
<input name="password" type="text" id="password" size="30" value="<%= mypass %>">
</form>

I thought this would be a fix, but I must be doing something incorrectly.

Any ideas?

Thanks so much,
Shane
0
 
bluV11tCommented:
Hi!
You need to check if form is filled out first before setting the cookie. Otherwise you effectively empty the cookies :-)

if len(request.form("username"))>0 and len(request.form("password"))>0 then
response.cookies("cookieuser")=request.form("username")
response.cookies("cookiepass")=request.form("password")
End if

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
lshaneAuthor Commented:
Hi, bluV11t.

OK - tried that, but it still seems to not be working.

Every time I return to the form, the "Username" and "Password" fields are not populated, even though I have the "Value=" set to <%= request.cookies("cookieuser") %> and <%= request.cookies("cookiepass") %>, respectively.

Here's what I placed above the HTML tag:
<%
if len(request.form("tm_Username"))>0 and len(request.form("tm_Password"))>0 then
response.cookies("cookieuser")=request.form("tm_Username")
response.cookies("cookiepass")=request.form("tm_Password")
end if
%>

I keep looking for a cookie file to be created in my "Cookies" directory, but I don't see it.  COOKIES are enabled on my browsers, because sites liek Ebay, etc., work fine.

Any other ideas?


However, I am still confused about the sequence of the cookie.

0
 
lshaneAuthor Commented:
Hi, bluV11t.

I am attaching the code from my page.  It is basic, so maybe you can see what I am doing incorrectly.

The actual form field names are "tm_Username" and "tm_Password".
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/connpmcct2.asp" -->
<%
if len(request.form("tm_Username"))>0 and len(request.form("tm_Password"))>0 then
response.cookies("cookieuser")=request.form("tm_Username")
response.cookies("cookiepass")=request.form("tm_Password")
end if
%>
 
 
 
 
 
 
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("tm_Username"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = ""
  MM_redirectLoginSuccess = "../pmcct2/"
  MM_redirectLoginFailed = "index.asp?Action=Failed"
 
  MM_loginSQL = "SELECT tm_Username, tm_Password, tm_ID, tm_Level, tm_Mentor, tm_Lead, tm_First, tm_Last"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM team_members WHERE tm_Username = ? AND tm_Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_connpmcct2_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 200, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 200, Request.Form("tm_Password")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute
 
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
	Session("MM_UserID") = (MM_rsUser.Fields.Item("tm_ID").Value)
	Session("MM_UserLevel") = (MM_rsUser.Fields.Item("tm_Level").Value)
	Session("MM_Mentor") = (MM_rsUser.Fields.Item("tm_Mentor").Value)
	Session("MM_Lead") = (MM_rsUser.Fields.Item("tm_Lead").Value)
	Session("MM_Greeting") = (MM_rsUser.Fields.Item("tm_First").Value)&" "&(MM_rsUser.Fields.Item("tm_Last").Value)
 
    If (MM_fldUserAuthorization <> "") Then
    Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
 
	Session("MM_UserID") = (MM_rsUser.Fields.Item("tm_ID").Value)
 
 
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
 
 
 
 
 
 
 
<html>
<title>PREFLITE: LOGIN</title>
<link href="styles/login_styles.css" rel="stylesheet" type="text/css">
 
<head>
</head>
 
 
 
 
<body>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="0" class="tblbrdr1">
  <tr>
    <td class="loginhdr1">PREFLITE</td>
  </tr>
  <tr>
    <td><img src="images/products_main3.gif" width="500" height="250"></td>
  </tr>
</table>
<br>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="0">
  
  <tr>
    <td><form action="<%=MM_LoginAction%>" method="POST" name="form1">
      <table width="500" border="0" align="center" cellpadding="0" cellspacing="0" class="logintable">
        <tr>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr>
          <td width="44">&nbsp;</td>
          <td width="132">Employee Number</td>
          <td width="324"><label>
            <input name="tm_Username" type="text" id="tm_Username" size="30" value="<%= request.Cookies("cookieuser") %>">
            <script language="JavaScript">document.getElementById('tm_Username').focus();</script>
          </label></td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td>Password</td>
          <td><label>
            <input name="tm_Password" type="password" id="tm_Password" size="30" value="<%= request.Cookies("cookiepass") %>">
          </label></td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td colspan="2"><a href="#">Need Help?</a> / <a href= "#" onClick="window.open('../pmcct2/usr_forgotlogin_email.asp','window1','height=300,width=500,top=200,left=400,resizable=0'); return false;">Forgot Login?</a></td>
          </tr>
        <tr>
          <td colspan="3"><label></label>
            <table width="500" border="0" cellspacing="0" cellpadding="0">
              <tr>
                <td width="44" valign="top" class="loginerror">&nbsp;</td>
                <td width="304" valign="top" class="loginerror"><% If Request.QueryString("Action")="Failed" Then %>
                  Login information not found.
                    <%elseIf Request.QueryString("Action")="NoAccess" Then %>
                    Your login has either timed out, or you do not have access to the page you tried to view.<br>
                    <br>
                    Please login.
                  <%end if%></td>
                <td width="152" align="center" valign="top"><input name="submit" type="image" id="submit" src="images/loginbtn1.jpg" align="middle"></td>
              </tr>
              <tr>
                <td colspan="2" class="loginerror">&nbsp;</td>
                <td>&nbsp;</td>
              </tr>
            </table></td>
          </tr>
      </table>
    </form>    </td>
  </tr>
</table>
 
 
<p>&nbsp;</p>
</body>
 
</html>

Open in new window

0
 
bluV11tCommented:
Just added expires in one day to the two cookies:
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/connpmcct2.asp" -->
<%
if len(request.form("tm_Username"))>0 and len(request.form("tm_Password"))>0 then
response.cookies("cookieuser")=request.form("tm_Username")
response.cookies("cookiepass")=request.form("tm_Password")
response.cookies("cookieuser").expires = dateadd("d", 1, now())
response.cookies("cookiepass").expires = dateadd("d", 1, now())
end if
%>
 
 
 
 
 
 
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("tm_Username"))
If MM_valUsername <> "" Then
  Dim MM_fldUserAuthorization
  Dim MM_redirectLoginSuccess
  Dim MM_redirectLoginFailed
  Dim MM_loginSQL
  Dim MM_rsUser
  Dim MM_rsUser_cmd
  
  MM_fldUserAuthorization = ""
  MM_redirectLoginSuccess = "../pmcct2/"
  MM_redirectLoginFailed = "index.asp?Action=Failed"
 
  MM_loginSQL = "SELECT tm_Username, tm_Password, tm_ID, tm_Level, tm_Mentor, tm_Lead, tm_First, tm_Last"
  If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
  MM_loginSQL = MM_loginSQL & " FROM team_members WHERE tm_Username = ? AND tm_Password = ?"
  Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
  MM_rsUser_cmd.ActiveConnection = MM_connpmcct2_STRING
  MM_rsUser_cmd.CommandText = MM_loginSQL
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 200, MM_valUsername) ' adVarChar
  MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 200, Request.Form("tm_Password")) ' adVarChar
  MM_rsUser_cmd.Prepared = true
  Set MM_rsUser = MM_rsUser_cmd.Execute
 
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
        Session("MM_UserID") = (MM_rsUser.Fields.Item("tm_ID").Value)
        Session("MM_UserLevel") = (MM_rsUser.Fields.Item("tm_Level").Value)
        Session("MM_Mentor") = (MM_rsUser.Fields.Item("tm_Mentor").Value)
        Session("MM_Lead") = (MM_rsUser.Fields.Item("tm_Lead").Value)
        Session("MM_Greeting") = (MM_rsUser.Fields.Item("tm_First").Value)&" "&(MM_rsUser.Fields.Item("tm_Last").Value)
 
    If (MM_fldUserAuthorization <> "") Then
    Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
 
        Session("MM_UserID") = (MM_rsUser.Fields.Item("tm_ID").Value)
 
 
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
 
 
 
 
 
 
 
<html>
<title>PREFLITE: LOGIN</title>
<link href="styles/login_styles.css" rel="stylesheet" type="text/css">
 
<head>
</head>
 
 
 
 
<body>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="0" class="tblbrdr1">
  <tr>
    <td class="loginhdr1">PREFLITE</td>
  </tr>
  <tr>
    <td><img src="images/products_main3.gif" width="500" height="250"></td>
  </tr>
</table>
<br>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="0">
  
  <tr>
    <td><form action="<%=MM_LoginAction%>" method="POST" name="form1">
      <table width="500" border="0" align="center" cellpadding="0" cellspacing="0" class="logintable">
        <tr>
          <td> </td>
          <td> </td>
          <td> </td>
        </tr>
        <tr>
          <td width="44"> </td>
          <td width="132">Employee Number</td>
          <td width="324"><label>
            <input name="tm_Username" type="text" id="tm_Username" size="30" value="<%= request.Cookies("cookieuser") %>">
            <script language="JavaScript">document.getElementById('tm_Username').focus();</script>
          </label></td>
        </tr>
        <tr>
          <td> </td>
          <td>Password</td>
          <td><label>
            <input name="tm_Password" type="password" id="tm_Password" size="30" value="<%= request.Cookies("cookiepass") %>">
          </label></td>
        </tr>
        <tr>
          <td> </td>
          <td colspan="2"><a href="#">Need Help?</a> / <a href= "#" onClick="window.open('../pmcct2/usr_forgotlogin_email.asp','window1','height=300,width=500,top=200,left=400,resizable=0'); return false;">Forgot Login?</a></td>
          </tr>
        <tr>
          <td colspan="3"><label></label>
            <table width="500" border="0" cellspacing="0" cellpadding="0">
              <tr>
                <td width="44" valign="top" class="loginerror"> </td>
                <td width="304" valign="top" class="loginerror"><% If Request.QueryString("Action")="Failed" Then %>
                  Login information not found.
                    <%elseIf Request.QueryString("Action")="NoAccess" Then %>
                    Your login has either timed out, or you do not have access to the page you tried to view.<br>
                    <br>
                    Please login.
                  <%end if%></td>
                <td width="152" align="center" valign="top"><input name="submit" type="image" id="submit" src="images/loginbtn1.jpg" align="middle"></td>
              </tr>
              <tr>
                <td colspan="2" class="loginerror"> </td>
                <td> </td>
              </tr>
            </table></td>
          </tr>
      </table>
    </form>    </td>
  </tr>
</table>
 
 
<p> </p>
</body>
 
</html>

Open in new window

0
 
lshaneAuthor Commented:
Ok, so... you rock!

One other question:
I see the code makes the cookie expire in 1 day.  Does this count 24hours FROM the time the cookie was created, OR does it hold the cookie until the end of that current day?

I would like it to expire at the end of the current day.

0
 
bluV11tCommented:
Oh, hehe thanks!

The above code makes the cookie expire 24 hrs from when it was created, yes.

Try this code for making it expire at the end of the current day:

dateadd("d", 1, day(now()) & "." & month(now()) & "." & year(now()))


0
 
lshaneAuthor Commented:
Hi, bluV11t.  Thanks, and I will try the altered code shortly to see if I can get it to expire at then end of the current day.

YOU DEFINITELY GET THE POINTS, but may I truly ask one more question:

CURRENTLY:  I have the site where users login and the "userID" is stored in a <%=session("MM_UserID")%> variable.  Each page has an <%If... Then%> statement looking to see if the <%session("MM_UserID")<>""%>.  If the MM_UserID is ="" Then... it redirects back to the login page.

NOW:  I have the cookie working (Thanks to you), and it logs in automatically, however, when the Session MM_UserID variables timeout, it still redirects back to the login page and then I have it where it logs the user back in automatically (In essence... refreshing the session variables).

I would like it to remain logged in for the life of the cookie (each page) - much the way the Experts-Exchange page works.  (If I login - every time I come to the site, I do not have to login again - it keeps me logged in).

How can I achieve that?
Should I REPLACE my session variables on each page with "Cookies"?
How many cookies can I have for a site, because I have around 5 or 6 session variables going on at one time?

If you can answer this, I will be finished, I promise.  Or, if I need to create another thread, I will do that, as well.  You've been most helpful.

Thanks so much,
Shane
0
 
bluV11tCommented:
You probably need to put all your session variables into the cookies. You could put it all into one cookie with multiple keys so you only need to worry about one timeout like this:

response.cookies("ShanesCookie")("cookieuser")=request.form("tm_Username")
response.cookies("ShanesCookie")("cookiepass")=request.form("tm_Password")
response.cookies("ShanesCookie")("othercookieKey")="Somthing else to store"
response.cookies("ShanesCookie").expires = ....

Cookie size is limited to 4096 bytes. So you can't really store all that much.

Also, number of cookies is limited to 20 per website. If you make new cookie when you already have 20 cookies, browser will delete oldest one.

Check out this tutorial http://www.tizag.com/aspTutorial/aspCookie.php

Of course if you put all info into cookies and forget about session variables then what about users who won't accept cookies? I'd use both cookies and session variables and instead of checking the existence of a session variable I'd write a sub to check if the cookie is present or session variable exists. If you have an include file included in all your pages this would be the perfect place for such a code, example:

sub CheckLogin
  if len(session("MM_UserID"))=0 then
    'no session check for cookie
    if len(response.cookies("cookieuser"))=0 then
       'redirect to login no session or cookie!
    else
        'refill session variables from cookie if you'd like
        session("MM_UserID") = response.cookies("cookieuserID") 'psaudo code
    End
  End if
end sub



0
 
lshaneAuthor Commented:
Hi, bluV11t.

You've been most helpful.

I thought about the {KEY} option for one cookie and multiple {KEYS}, buy my only confusion comes with some of the session variables that are created on "the fly".

In some of the pages, the "User Level" of the user is tracked, as well as the pages they can access.  When they click on a link = a session variable is created based on the querystring of "pagelevel".  The session is then carried throughout the pages to conditionally display various navigation bars based on the "pagelevel" session.  I suppose in that case, I would need to create cookie for that particular type of session, right?

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now