Its strange...I have experimenting with browser hawk by using the cookie sniffer method. However, even If adjust the security slider level in internet options or goto advanced in the privacy tab I cannot seem to prove the condition below....it is almost as if cookies don't want to die in my testing environment.
I did try closing the browser and relaunching but cookies and session ids seem alive and well....is this the usual hassle with testing cookies/sessions?
Option Explicit
Dim bh
set bh = Server.CreateObject("cyScape.browserObj")
bh.SetExtProperties "cookie_both"
bh.GetExtPropertiesEx
if not bh.cookiesEnabled then
response.write "COOKIES DEAD"
end if
I have an asp script which is posted to by a form. On the script I need to know if cookies are enabled.
Therefore I need to make the form post to a different script which sets a cookie and does a response.redirect to the main script. However, how to I make the request object get forwarded to the second script with the response.redirect?
You cannot use server.transfer as the test for cookies will not work properly.
Using Session("variableName") to store data for the duration of a session. And using Response.Cookie("nameOfCookie") to store data as a "cookie" in ASP.....some questions here....
Session Variables. There's no disabling that CLIENT-SIDE is there? ASP Sessions are managed by the server, so as long as it's running fine, there's nothing the client can do to stop session variables from being created right?
"Session" Cookies? When using Response.Cookie, is that data actually written to the client's HDD like Javascript cookies would be? I noticed in MSIE 6 you can goto TOOL > INTERNET OPTIONS > PRIVACY > ADVANCED and Overide Session Cookie settings, but they don't seem to work.
I UNCHCKED to ALWAYS ALLOW SESSION COOKIES, and then did a
i'm creating a shopping cart and i need to know when users add products to their shopping cart, does it load a session for each visitor, which when a new customer tries to add it opens a session for him and he closes the site the session closes enabling another visitor to start with an empty basket ?
or does it use cookies instead of sessions ?
my shopping cart does not work properly... i need to fix it in this way, when a new visitor tries to add products to the shopping cart it doesn't display the previous products of the previous visitor.
noting that i'm not using any registration as yet......
how can i fix that?
i have a file called shop.asp which list the type of products available in the database and then when a type is clicked a list of products under this type will be displayed, then customers can add to the cart whatever they want.....
but this does not work properly because if another user tries to access the cart he'll see the previous products in there....
I want to do something very simpel. Make a part of my website available only for users with a username and password. The site is mainly ASP based. The webserver is an IIS6 and I do NOT have access to server settings (session timeout, security,...).
I use sessions to set the validation for the users. Basically you are redirected to a form where you can give a username and password, this is validated with the values in a database. If the password and username are ok a session value is set <%=Session("Validated")=True%>*.
At the beginning of each secured page I start with: <%If Session("Validated")=False Then Response.Redirect("Login.asp") End If%>
So if the session value "validated" is true you can see the secured pages, else you are redirected to the logon page.
The default timeout value for session is 20 minutes. Because the session should stay alive during the complete time of the visit I was thinking of puting the session.timeout to 60 minutes. I set this at the beginning of every secure page: <%Session.timeout=60%>
Now, Users keep on contacting me saying that they have to relogon quiet often. This also seems to happen when a user is not on the website for 20 minutes already (session expired). I tested it myself and have the feeling the I am indeed regularly redirected. Sometimes after 10 minutes, other times 30 minutes, ... There seems not to be any logic in the time that users are redirected to the logon page.
Because the website is used to fill in a lot of long HTML forms, it is very frustrating for the users when they are completing a form and then pressing "Submit" being redirected to the logon page and lose all entered data.
Is there somebody who can give me more info on the strange session behavior? For me it is not normal that a session times out in that unlogic way.
The only solution I can think of is passing the post information to the logon page and then redirect after validation back to the transaction page.
How can you reset the timeout counter on a session in ASP? What I was thinking was that I am doing it maybe wrong?
Now the session variable that let a user have access to the site is set once at logon time: (<%=Session("Validated")=True%*>*). Then it is checked on every page that the user opens (<%If Session("Validated")=False Then Response.Redirect("Login.asp") End If%>)
Would it be a good idea to re-set the variable every time a user accesses page? Like <%If Session("Validated")=False Then Response.Redirect("Login.asp") Else Session("Validated")=True End If%> Would this reset the timer that times out the session? Or do I have to add something like <%Session.Abandon%> before setting the variable again?
What would this do on the server performance? Is this a good way of working with sessions?
Swicth to cookies i.o. sessions?
I am open for all suggestions, please help! In the future there are also money transactions going over this website, so it has to be a secure method! I will use a seperate HTTPS host for this.
I have a button that takes me back to my login screen but the user can press back and get back in. I have done some research and looked around and the only way i have found is using sessions-by creating and loosing sessions.
I however use neither and pass my username via a textbox.
Is there a simple way to somehow logout securely without allowing the user to enter the back button?
The server runs a Classic ASP application running in IIS 5.x that uses the session cache. These are different machines running within a LAN.
When UserA accesses the website, the ASP code retrieves some data from the DB and puts it into the session cache and timestamps it (to give it a time-to-live value).
When UserA accesses the site again, the ASP code checks the value of Session("DatabaseSettings_DateAccessed") to see if the cache has expired.
Bizarrely, it picks up the correct date set on the previous visit.
I would have expected that, since UserA does not have session cookies enabled, there should be no existing session identifier available for UserA. So, how is IIS recognising UserA's session?
Customer wants users to authenticate based on where they came from. They have several locations that the users will be coming from. They don't want anyone to be able to access their website from anywhere other than these locations. The locations ip addresses will be changing regularly. Is there a way to have a page on the INTRANET internally that the users will go to and it will start a session or place a cookie and pass them to the website. The website then looks for that session or cookie and lets them in or denies them based on the session or cookie. The sites that they will be coming from are ASP and .NET servers and it encrypts the URL that it is coming from. The website it is going to is on a PHP server and is built on PHP and MySQL. I have asked this in like every forum on the internet I can find and no one seems to have a solution.
Is it possible to send form values from PAGE1 to PAGE2, and then retain the form info for PAGE3 without using cookies, sessions or DB storage? Also, I dont want to repost page2 to page3 using hidden form fields.
Just curious! Want to know how to "simply" maintain user form inputs across a web site even when security and privacy controls are set to MAXIMUM on the browser. I know using databases would do it, but I would love to find a simpler solution.
As I understand it IE stores the session id in a cookie on the user machine. This identifies the session between pages. If cookies are disabled then session variables don't work...
Is it possible to pass the session id between pages by posting them etc, and manually force the session id on each page.
Any body know of a resource that compares/benchmarks the expense (in terms of milli seconds, or server load) of using various programing options?
I know a lot of articles and forum posts reccomend best practices between functions and programming options, but I would be interested in some type of definitive benchmark to decide between various prgramming options, depending on the need.
For example, I can call a Recordset and quickly write it into an array, so that the connection can be closed even before I write the data to the HTML page. This would save conection time and server resources, but I'd like to be able to judge the worth when considering coding it.
Every time I do a Server.Transfer how expensive is it to the server? How much am I loading the server with Session varaibles? If I store some info in a cookie, but have to call it, how long will that take? Am I using up server resources by creating large arrays?
I am building a shopping cart where orders are send by email. Even though it says it's sent, I receive nothing. So I did a test script to send an email using CDO since we are using an exchange server for email and it's on the same network as the site. Code:
I'm using Microsoft's flavor of BrowserHawk (Server.CreateObject("MSWC.BrowserType")) but when I look at my own stats through a simple test page, it says that my IE 6 is really NS 4.00. What's going on?
In my Session_OnStart in Global.asa, I am setting some cookies. One of them, I set as follows:
dim UserID UserID = Request.ServerVariables("LOGON_USER") Response.Cookies("User")("ID") = UCASE(UserID)
When I immediately log the cookie value retrieved from Request.Cookies("User")("ID") into the Windows Event Log, I get the correct value. However, when I try to retrieve the cookie on the home page of my application using the same code,
Request.Cookies("User")("ID"), it either cannot find the cookie or cannot read the value. I am retrieving the cookie before all HTML headers are written. It is my first statement on the page after Option Explicit. I have even compared the session IDs. The SessionID created in the Session_OnStart is the same value as the SessionID on the home page.
I have read that the Session_OnStart only has access to the Application, Session and Request objects. It does not explicitly say that it does not have access to the Response object. Also, I was even able to use Response.Write's in Global.asa to print out the values although it looked like it had also stopped the session after I did so. Cookies are definitely enabled on my machine. I have even tried setting the session cookie's expiration to be persistent for a few days to see if it was perhaps expiring before I was able to read it but this did not work either.
Is there something preventing cookies to be created in Global.asa in the Session_OnStart sub? Is the Response object not available??? Please let me know if anyone else has had this problem or solution.
Is it possible for a user to enable permanent cookies but disable session cookies.....this seems like a contradition yet this is what I appear to be reading in online articles?
I m creating a cookies in my application and it work properly but i can't see the cookies where it will sotred i checked the cookies folder but i didn't find that I want to create a cookies file as the other web site create and store where other cookies will stored in Cookies folder or Temprory Internet files folder eg:1. arvind@google.co[1].txt this stored in cookies folder 2. arvind@msn[2].txt ....
We are planning to set-up a load balanced web environment. Accordingly, we are going to change the session management on our website from the classic ASP Session State and session variables, to a database method.
Does any one have any pointers as to how I might approach this, so that I can have the same sort of functionality the ASP sessions give without having to create database columns for each session variable I wish to create. I am thinking along the lines of some serialised dictionary or something that I can stick in a blob column.
I have always used this in ASP to test if the client is accepting cookies:
<%@language="VBScript"%> <% Session ("nc") = 1 If Len(Session("nc")) = 0 Then 'Cookies Off Else 'Cookies On End If %>
But I only ever tested it in Microsoft Internet Explorer 6 though not sure. Anyway with Microsoft Internet Explorer 5.5 SP2 Len(Session("nc")) <> 0 always whether cookies are on or off. Can anyone suggest a better cookie test that will work in most browsers?
I have a PC running Win XP Home and want to learn how to write ASPs. In order to test them I think I need a web server installed on my PC. Since I don't believe IIS can be run under Win XP Home I downloaded and installed the Apache web server. I'm stuck at this point and would appreciate opinions on whether I am on the right track, and, if so, advice on the following. 1. Having written a test asp page how do I use Apache to test it? 2. Can Apache handle VBScript on an ASP page? From the info on the Apache web site I don't think it can.
iam making asp test engin and i dont want the user to use the keyboard so is there a way to disable the keyboard of the computer that have the exam on ? its not a website world wide. i will make it on my room computers. is it possible ?
The current code (see below) works. But, I wonder if there's better way to test if a node object has something or not.
<% ... ' want to find if /Root/Node's id attribute is 1, ' if yes: get its child node <num> Dim nodeA : Set nodeA = xmlDoc.selectSingleNode("/Root/Node[@id='1']/num") ' test if nodeA have something If TypeName(nodeA) = "Nothing" Then ' -- NO: nodeA has nothing Else ' -- TypeName is "IXMLDOMElement" ' -- YES: nodeA has something End If ... %>
I have tried other functions, such as IsEmpty(), IsNull(), IsObject(): none can get the result I wanted.
What I have is a ASP test script that can grade online tests and give the test results at the bottom of the test page itself. What I need is the test results to be passed on to a test results page with the score of the test that was taken. I have a problem getting the test results intact over to the test results page.
In ASP VBScript,is there a way to programmatically test if a SQL Server database server is alive?
I want to use a connection string to a mirrored DB server in case the primary DB server fails. This failover is easy in ASP.NET, which supports DB mirroring and a the specification of a secondary server in its data provider.I want to hack together the same thing for my classic ASP apps.
anyone know some good ASP code to go through a page and test the hyperlinks to make sure that they are valid. Couldn't find anything good yet, but if someone knows of anthing.
How to I test a varable to see if it contains a number and not a text value?I want to use this to detect if people have edited my get strings in the URL field of the browser, before it gets send to the next page.
I am sure it is simple just forgot, had a search on yahoo and could not find anything.
Well i use Timer to test ASP scripts how much time is needed for rendering. But how much time, approximately a heavy asp project like CMS or FORUM should do?
I am creating an application for online test in ASP.While taking test i want functionality as on brainbench when we take any test there. Only difference i want is that there will be 5 questions in my test to be solved in 10 minutes.And all 5 will appear on one page. I am done with other parts.but i am unable to find the logic for restricting time.And dont know what logic should i implement so that timer should not start again even when he goes back and returns to the page again.I have used javascript timer.
