troubleshooting Question

Getting ID after log-in timed out - Classic asp

Avatar of micamb
micamb asked on
ASP
23 Comments3 Solutions243 ViewsLast Modified:
Hi all,

I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.

I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->

<%
	Dim iStatus, conn, str, sPage

	if IsEmpty(Request.form("page")) Then
		sPage = Request("page")
	else
		sPage = Request.form("page")
	End If

	str = ""
	
	If NOT IsEmpty(Request.Form("User")) Then
		Open_Conn(sPath)
		

' Preparing values for validation

strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))

iStatus = Check_Login(strUID,strPWD)


		Session("User") = Request.Form("User")
		If iStatus > 0 Then
		
  Set psDATABASE = Server.CreateObject("ADODB.Connection")
  psDATABASE.Mode = 3
  psDATABASE.Open strConnect

  userNow = Session("User")
  userUpd = "'" & userNow & "'"
  
  SQLStr = "SELECT * FROM Users WHERE Bruger = '" &  userNow & "'"
  Set RSDatabase = psDATABASE.Execute(SQLStr)
  feltUser =  RSDatabase("UserId")
  feltDate = RSDatabase("Dato")
  feltStat = RSDatabase("Stat")
  feltfName = RSDatabase("Name")
  felteClass = RSDatabase("Class")
  newStat = feltStat + 1

d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()

 

  IPadr = Request.ServerVariables("REMOTE_ADDR")
  newIP = IPadr
  
  psDATABASE.execute("UPDATE "		&_
  "   Users "			&_
  " SET "				&_
  "   Date = '" & d & "',"	&_
  "   Stat = '" & newstat & "',"	&_
  "   IPAdr = '" & newIP & "'"	&_
  " WHERE "				&_
  "   Bruger = '" &  userNow & "'" )

  RSDatabase.Close
  Set RSDatabase = Nothing
  psDATABASE.Close
  Set psDATABASE = Nothing
		
			Session("login") = iStatus
			Response.Redirect sPage
			conn.close
			set conn = nothing
		Else
			Session("login") = -1
			str = "Wrong username orr password!<br>If the problem continues contact our admin @t <a href=mailto:email.dk>email</a>."
			conn.close
			set conn = nothing
		End If
  	End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">

  <div data-role="header">
    <h1>Login</h1>
  </div>

  <div data-role="main" class="ui-content">
    <p>
		

		
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
			
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">


    <b>Username: </font>
	<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
	<b>Password: </font>
	<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
	<input type="Submit" name="Login" value="Login">

</FORM></p>
  </div><%
   If str <> "" Then
	Response.Write "<button class='ui-btn'>" & vbCrLf
	Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
	Response.Write "</button>" & vbCrLf
   End If
%><center><a href="forgot_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Forgot password?</a></center>


	

		</div>
	</body></html>
	<%
Function Check_Login(sUser, sPass)
	Dim rs, sql

	sql = "SELECT * FROM Users WHERE User ='" & sUser & "' AND Password='" & sPass & "' "

	Set rs = Server.CreateObject("ADODB.RecordSet")
	
	rs.open sql, conn, 1, 1
	If Rs.EOF Then
		Check_Login = -1
	Else
		Check_Login = CInt(rs.Fields("StatusP"))
	End If
  rs.close
  set rs = nothing
End Function

Function Open_Conn(sBase)
	Set conn = Server.CreateObject("ADODB.Connection")
	conn.open strConnect,"",""
End Function

%>
<div data-role="footer">
    <h1><%= school %></h1>
  </div>

</div>
ASKER CERTIFIED SOLUTION
micamb

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 3 Answers and 23 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 23 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros