LouSch7
asked on
ASP Classic Login Script Time out Issues
I have a custom ASP program I am currently writing and am having an issue with the way I wrote the login script. The only reason I have the login script is to help identify who is creating cases within our help desk tracker; security isn't as important. The problem I'm having is that this program is intended to be used throughout the day and kept open on the users computer, but the sessions time out too quickly. To be honest I got the script I'm currently using from searching online and I am not entirely familiar with the way sessions are created/expired.
I don't really need their login session to expire at all, if this is a requirement it would be nice to set it up for something like 24 hours or so.
I don't really need their login session to expire at all, if this is a requirement it would be nice to set it up for something like 24 hours or so.
'Code found in my login.asp page
<!-- #include file="Includes/app_config.asp" -->
<%PageTitle = "Login" %>
<% If Request.ServerVariables("HTTP_REFERER") = ProgramPath & "login.asp" Then Target = "members/default.asp" else Target = Request.ServerVariables("HTTP_REFERER") End If %>
<html>
<head>
<% If TestEnv = 1 Then %>
<title>TEST - Harris Beach PLLC | HDT <%=PageTitle%> - TEST</title>
<% Else %>
<title>Harris Beach PLLC | HDT <%=PageTitle%></title>
<% End If %>
<link rel="stylesheet" type="text/css" href="members/tabs.css">
<script language="javascript">
function TechDelete(id)
{
if(confirm("Are you sure you want to delete this technician?"))
{
window.location.href="UserAdministration.asp?delete=Yes&TechID="+id;
}
}
function CategoryDelete(id)
{
if(confirm("Are you sure you want to delete this Category?"))
{
window.location.href="TableMaintenance.asp?delete="+id+"&Type=Category";
}
}
function StatusDelete(id)
{
if(confirm("Are you sure you want to delete this Status?"))
{
window.location.href="TableMaintenance.asp?delete="+id+"&Type=Status";
}
}
function TypeDelete(id)
{
if(confirm("Are you sure you want to delete this Client Type?"))
{
window.location.href="TableMaintenance.asp?delete="+id+"&Type=ClientType";
}
}
function ClientDelete(id)
{
if(confirm("Are you sure you want to delete this Client?"))
{
window.location.href="Clients.asp?delete=Yes&ClientID="+id;
}
}
</script>
</head>
<body>
<% If TestEnv = 1 Then %><h1>********* TEST Environment ********</h1><% End If %>
<span style="font-size:large; font-weight:bold">Harris Beach PLLC</span><br>
<span style="font-size:medium">Help Desk Tracker (HDT) - <%=PageTitle%></span>
<ul id="tabmenu">
<li><a class="active" href="Login.asp">Login</a></li>
</ul>
<div id="content">
<%
dim RS
dim frmUsername
dim frmPassword
dim SQL
'store form input into variables
frmUsername = Request.Form("username")
frmPassword = Request.Form("password")
'create recordset objects
Set RS = Server.CreateObject("ADODB.Recordset")
' Connect to database
Call OPEN_DB()
' execute sql and open as recordset
SQL = "SELECT * FROM tblTechnician where Username = '" & Request.Form("username") & "' and Password = '" & Request.Form("password") & "'"
' Opens the returned values from the SQL as a recordset, ready for iteration by ASP
set RS = MyConn.Execute(SQL)
%>
<% If Request.Form("action") <> "validate_login" Then %>
<form name="myform" action="Login.asp" method="post">
<input type="hidden" name="action" value="validate_login" />
Username:<br />
<input name="username" type="text" size="20" maxlength="20" /><br />
Password:<br />
<input name="password" type="password" size="20" maxlength="20" /><br />
<input name="submit" type="submit" value="Login" />
</form>
<% Else
' validate variables against database
If (not RS.BOF) and (not RS.EOF) then
response.cookies("validatedUser") = frmUsername
session("Username") = frmUsername
session("FirstName") = RS("FirstName")
session("LastName") = RS("LastName")
session("Technician") = RS("TechnicianID")
session("Admin") = RS("Admin")
session("ValidatedUser") = "True"
response.redirect(Target)
Else
response.write "incorrect username and/or password<br>"
response.write "<a href=""http://tackleberry/Test/Login.asp"">Try again</a>"
End If
End If
%><!--#include file="members/inc_footer.asp"-->
'Code found at the top of every protected page
<%
Response.Expires = -1
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "pragma", "no-cache"
Response.AddHeader "cache-control", "private"
Response.CacheControl = "no-cache"
Response.Buffer = True
Response.Clear
If Session("ValidatedUser") <> "True" Then
Response.Redirect("../login.asp")
End If
TabStateA = "class=""active"""
%>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Good one "cyberkiwi"
Though I have heard that even setting this it will still timeout.
I read a few threads back in 09 here on EE where people were setting this to a higher number and it still would timeout on them regardless of what they set it on.
I am not sure if it is an IIS issue itself (or) an asp issue.
But I do know that it sometimes does not work, and with other users, it does work.
So, give it a shot and see what happens.
Good Luck
Carrzkiss
Though I have heard that even setting this it will still timeout.
I read a few threads back in 09 here on EE where people were setting this to a higher number and it still would timeout on them regardless of what they set it on.
I am not sure if it is an IIS issue itself (or) an asp issue.
But I do know that it sometimes does not work, and with other users, it does work.
So, give it a shot and see what happens.
Good Luck
Carrzkiss
On IIS5 it is king, on IIS6 and IIS7, the application pool setting and appdomain come into play and can terminate the w3wp.exe service itself, which of course takes the entire session down.
Glad you like the script.
I am constantly making advances to it, so keep the link handy
The last update was made [Updated on: 3:33am EST September 15th, 2009]
And I am looking at doing another one soon.
Have a good one.
Carrzkiss
I am constantly making advances to it, so keep the link handy
The last update was made [Updated on: 3:33am EST September 15th, 2009]
And I am looking at doing another one soon.
Have a good one.
Carrzkiss
Pre IIS 7 (win2008), you can go to IIS Manager, right click on the virtual directory or website itself, properties.
In directory tab (or home directory for web site), click Configuration
If you have to, click on Create first
The 2nd tab Options contains the timeout for ASP Sessions - set it to 1440 for 24 hours.