We help IT Professionals succeed at work.
Get Started
Getting ID after log-in timed out - Classic asp
Hi all,
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Preparing values for validation
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("User") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("User")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDate = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfName = RSDatabase("Name")
felteClass = RSDatabase("Class")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Date = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Wrong username orr password!<br>If the problem continues contact our admin @t <a href=mailto:email.dk>email</a>."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Username: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="forgot_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Forgot password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE User ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= school %></h1>
</div>
</div>
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE