We help IT Professionals succeed at work.
Get Started

Getting ID after log-in timed out - Classic asp

micamb
micamb asked
on
240 Views
Last Modified: 2016-09-13
Hi all,

I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.

I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->

<%
	Dim iStatus, conn, str, sPage

	if IsEmpty(Request.form("page")) Then
		sPage = Request("page")
	else
		sPage = Request.form("page")
	End If

	str = ""
	
	If NOT IsEmpty(Request.Form("User")) Then
		Open_Conn(sPath)
		

' Preparing values for validation

strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))

iStatus = Check_Login(strUID,strPWD)


		Session("User") = Request.Form("User")
		If iStatus > 0 Then
		
  Set psDATABASE = Server.CreateObject("ADODB.Connection")
  psDATABASE.Mode = 3
  psDATABASE.Open strConnect

  userNow = Session("User")
  userUpd = "'" & userNow & "'"
  
  SQLStr = "SELECT * FROM Users WHERE Bruger = '" &  userNow & "'"
  Set RSDatabase = psDATABASE.Execute(SQLStr)
  feltUser =  RSDatabase("UserId")
  feltDate = RSDatabase("Dato")
  feltStat = RSDatabase("Stat")
  feltfName = RSDatabase("Name")
  felteClass = RSDatabase("Class")
  newStat = feltStat + 1

d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()

 

  IPadr = Request.ServerVariables("REMOTE_ADDR")
  newIP = IPadr
  
  psDATABASE.execute("UPDATE "		&_
  "   Users "			&_
  " SET "				&_
  "   Date = '" & d & "',"	&_
  "   Stat = '" & newstat & "',"	&_
  "   IPAdr = '" & newIP & "'"	&_
  " WHERE "				&_
  "   Bruger = '" &  userNow & "'" )

  RSDatabase.Close
  Set RSDatabase = Nothing
  psDATABASE.Close
  Set psDATABASE = Nothing
		
			Session("login") = iStatus
			Response.Redirect sPage
			conn.close
			set conn = nothing
		Else
			Session("login") = -1
			str = "Wrong username orr password!<br>If the problem continues contact our admin @t <a href=mailto:email.dk>email</a>."
			conn.close
			set conn = nothing
		End If
  	End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">

  <div data-role="header">
    <h1>Login</h1>
  </div>

  <div data-role="main" class="ui-content">
    <p>
		

		
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
			
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">


    <b>Username: </font>
	<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
	<b>Password: </font>
	<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
	<input type="Submit" name="Login" value="Login">

</FORM></p>
  </div><%
   If str <> "" Then
	Response.Write "<button class='ui-btn'>" & vbCrLf
	Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
	Response.Write "</button>" & vbCrLf
   End If
%><center><a href="forgot_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Forgot password?</a></center>


	

		</div>
	</body></html>
	<%
Function Check_Login(sUser, sPass)
	Dim rs, sql

	sql = "SELECT * FROM Users WHERE User ='" & sUser & "' AND Password='" & sPass & "' "

	Set rs = Server.CreateObject("ADODB.RecordSet")
	
	rs.open sql, conn, 1, 1
	If Rs.EOF Then
		Check_Login = -1
	Else
		Check_Login = CInt(rs.Fields("StatusP"))
	End If
  rs.close
  set rs = nothing
End Function

Function Open_Conn(sBase)
	Set conn = Server.CreateObject("ADODB.Connection")
	conn.open strConnect,"",""
End Function

%>
<div data-role="footer">
    <h1><%= school %></h1>
  </div>

</div>

Open in new window

Comment
Watch Question
Commented:
This problem has been solved!
Unlock 3 Answers and 23 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE