Login User With Cookie From Another Server
We have an intranet which is personalized using a cookie which we set. I have an outside vendor who is developing an application which will live on a seperate server. Is there a way they can read the cookie which we set to log user into their application so that we can make it a seamless transition?
View Replies
ADVERTISEMENT
I have researched several login scripts and I have a few questions that I haven't been able to find the answers for.
First if of all, my goal is to create a cookie-based, non-SSL, login system. I have many, many users that are going to be logged in for extremely long periods of time, so I absolutely do not wish to use session variables under any circumstances.
I've come across several great algorithms and one-way hash's that seem to work great for encoding the password. However, they all seem to have one thing in common. Once the user successfully "logs in", the site simply sets a cookie using the User ID of the login account. On all password protected pages, the only check that is made is the User ID stored in the cookie- compared to the value in the database.
I'm curious if it is possible for a hacker to create a false cookie on their system, storing simply the UID. Is it possible to do this, or is there some kind of internal OS security that prevents such an action? In other words, if I go to a co-workers computer, review their temp files, find the cookie for the site they're logged into and take the UID... Could I recreate that cookie on my own computer at a later time and gain entry?
This may not be so much of a security issue on a site that only stores a temporary cookie, but what if when they login, I set the cookie to expire after a year? (so they don't have to login every time they visit the site).
I'm not saying this method isn't secure, I guess I'm looking for an explanation. Also, any ideas on where I can obtain more information about creating a login application that's not based on session variables?
View Replies
View Related
This is a question that has probably been answered before on the
newsgroup but probably in fragments. This is what I would like to do,
and I only have a very vague idea where to find the answer. Directions
would be useful.
1. Users arrive at the site. If they are registered they log in. If not
they sign up for registration.
2. The authentication information such as username and password are
held in a db, for security reasons the password should not be passed in
plain text.
3. When the user is logged in the session information should be held in
a cookie so that if the user returns in a short period of time they
will automatically be logged in. The cookie will also be used to
personalise certain parts of the site.
View Replies
View Related
How do you determine whether a user allows cookies or not.
Many people told me that it can be done by writing a cookie and then retrieve it to test this feature, but it simply doesn't work.
What else can i do?
View Replies
View Related
I have code written in VBScript that accepts a POST submission from an external server to perform an auto-login to our website. I am experiencing an issue with Internet Explorer ONLY that I have determined using Fiddler.
The problem is that when I POST to this page, I need to set a few session variables that are passed on to the following page after logging in. But using fiddler, I have realized that for some reason, in IE, the "Set-cookie" statement in the headers is never acted on by the server. On all following pages the "set-cookie" header is sent on every page, but the ASP SESSION header is never set that indicates the session was started.
If I do the same test in Firefox, it works perfectly fine, no problem. So it seems IE is the issue.
One other fairly important piece of the problem appears to be that the external server that is initiating the POST submission is running Java, so when the user is on the external server their browser is maintaing a JSESSIONID value. But when they submit the POST form over to our server, the Set-Cookie directive is trying to set an ASPSESSIONID, which is never accepted by the browser...
So is it possible that for some reason IE is not able to handle a user coming from a JSESSIONID over to an ASPSESSIONID?
I need to somehow work around this, or somehow force the ASPSESSIONID to kick in, because it is critical that I can set session variables for use on later pages.
View Replies
View Related
I have downloaded a nice upload script from the internet, it works great, but I would like to have it protected,so that only the admin user can use this upload page, I'm getting the following error:
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'Request.Session'
If I change it in Request.Cookies, that won't work either.....
View Replies
View Related
I have fields on a datebase called user_info with fields name, acctid, pw and blah blah blah. On the website I asked the visitors to input 0000 if they were not a client. I don't
really understand how if...then, if...else works. How can I get it to validate the name, pw, acctid
and if it equals 0000 to i guess (request.redirect "/client.bronzefactory/")?
The next thing is... the client page, for them to sign up if they haven't yet. On the database their acctid is going to be listed but nothing else. I'm guessing I have to use the update syntax right?
How would that work? I enter aa123456 and it does a = seach and redirect to a page where they fill it out and sumbits a update right? Is the statement something like this "UPDATE user_info SET name, pw= '" & name &'", '" & pw &'" where acctid= '?' <---how do i get the acctid there?
View Replies
View Related
It's been a long time since I tried to solve this problem.I'm working for the INTRANET of my company, and I need to get the user login.I tried with Request.ServerVariables("LOGON_USER") or ("AUTH_USER"), but they don't work.The strange thing is that they work with Windows NT, but not with Windows 2000 Professional.
View Replies
View Related
How can i tell which link has been clicked on a previous page, I have tried request.querystring, the thing is I have two different links posting to the same script ie
test.asp?site=main
test.asp?subsite=subsite
Or is there a away I can use the same query string and on the next page execute different sql querys. I hope This makes sense, if any more information is needed, feel free to ask.
View Replies
View Related
I am trying to create a user login page that once a user has been logged in there name will appear on all pages in the top right hand corner. This is what i have so far the user logins in through my user page and then this page loads up Code:
View Replies
View Related
I have a page that logs the user in (the code will be below). When they log in correctly, or even incorrectly, they get directed to default.asp. The login is working correctly however because when I log in with a false name and password I cannot proceed to checkout. How can i direct the user (ONCE they are signed in correctly) to a customer page(custpage.asp) instead of my homepage(default.asp)? Code:
View Replies
View Related
I know how to grab the users windows login. I would like to use this to establish permissions for a user on my site. In order for this to be valid, I need for the user to have to verify their network password.
Is there any way to compare the password entered against the windows authentication? I would also like to be able to call the user by name instead of a login. Is there a way to get this from an Outlook address book or something?
View Replies
View Related
i there i would like to ask how do i redirect the user to a page. Let's say i have an email sent to the user with a link and when the user clicks on it, the user will be brought to the loggin page and be directed viewAll.asp page. However, normaly hwne the user longs in the user will be brought to the view.asp page.
Cos currently when the user logs in the user is brought to the view.asp page regardless of the link
View Replies
View Related
the database works is it checks over a database and verifies the username & pass with code. Then the user enters the site and there's a seperate table to keep a record of when users log in and log out.
Well basically I'd like to know if and how I could apply a filter using asp code? I'd like to filter out everything but <%Session("name")%> (which displays their username) so that user logged in can view their own records.
View Replies
View Related
i have a log in page where the user has to log in to view any other files. when the user logs in i've set the default to view the view.asp page.however i realized that if the user was on the add.asp page and the seesion times out.. when the user relogs in again.. he would be brought to the view.asp page.
View Replies
View Related
i've developed a application in asp i want to restrict the user to login more than one at the same time i mean if user is already login then if he try to login on another window at the same time the message should b displayed u r already login.
View Replies
View Related
The error i get is as follows:
Microsoft OLE DB Provider for ODBC Drivers
error '80040e4d'
[Microsoft][ODBC SQL Server Driver][SQL Server]Login
failed for user 'webuser'.
/dsn_inc1.asp, line 25
View Replies
View Related
how can create user registration page and log in page. does anyone have any tutorials on this, links?
View Replies
View Related
I have been browsing the forums here and also on hotscripts.com and cant seem to find what I am looking for. I am trying to create a login form that will keep the user on the same page, give and error message on a bad attempt(got that part), and give a welcome message to the logged in user, and alow them to stay logged in based on their group access.
My site is .asp and my DB is Access. The registration form is already done. Cant figure it out from 3web either. Thanks for reading.
View Replies
View Related
Is there a way to display NT login user name in a asp page?
View Replies
View Related
i've previously asked for a toturail or refrence to help me build up a user management :
login/register/remember passwoed / logout.
View Replies
View Related
i have created a script that queries a database for a username and password, and if they are valid sets a session variable to TRUE and redirects to another page. the table which contains the user information is called "Users" with the fields "UID", "PWD", "FIRSTNAME", "LASTNAME", and "EMAIL". my question is, how can i set a session variable to use the FIRSTNAME record for the particular user that logs on? my code is below. I've already got a session variable to display the UID record in the BookingSysV1UserName session variable.
View Replies
View Related
I have an email containing link say (somelink.asp) A user clicks on this link (say from outlook). because this user is not logged into the site, the request goes to somelink/login.asp.
The user then logs in. After successful login I would like to take this user to the link he clicked on originally. Is this possible without having to pass the lionk url as part of the query string?
View Replies
View Related
I have a simple ASP code that i am trying to use in order to get records from a database in SQLserver 2000 and display it in html format.
I named the file index.asp and placed it in the home directrory for IIS. When i type in http://localhost/index.asp, i get 500 errors. On viewing the IIS logs, i am noticing the following errors:
2005-10-31 20:05:16 W3SVC1 127.0.0.1 GET /index.asp |47|80040e4d|Login_failed_for_user_'test'
After searching on the internet, I have already checked "SQL Server and Windows" authentication in SQL Server security.
here is the code that i am using to connect to the database: Code:
View Replies
View Related
I am creating my student website. I have completed with student registration parts (student enrolment form, personal details) but now my client requirement is that if any student come to my website , he/she needs to register first so if they log on next time , screen will comes up with their all details.
I tried to create login page and if they are not in database , they can register on my website. But I could not able to create in my website. There might be more users so need to have loop in my code.
Once user log in their name and password , it will search in database and if database found that record in it , that page will redirect to my website page which will comes up with perticular student information.
project details : XHTML (Front End), Java Script (Validation), ASP (Connectivity), MS ACCESS (DATABASE).
View Replies
View Related
I am doing a webpage which allows different users from various departments to do a search/print information of people within their own department. I have a login page for user to key in the correct password and id before they enter the system. However, in order for the restriction to take place, I will have to ensure that the system recognises the person that is logged into the system.
View Replies
View Related
if anyone knew of a good book or website that explained in detail how to program a good username and password protection script for a website. It doesn't have to be anything great, just something that is a little secure and works.
View Replies
View Related
I am a system administrator whom has been charged with the logging of user activities on my network. I want to track when a user logs into a machine, logs out of a machine or locks a system.
Is there an application out there that I can run on my server or a client based app that anyone knows of? Or do I have to make this from scratch?
View Replies
View Related
I am trying to write a script that will access files on another computer on the network but in a seperate domain. In order to access the files, I need to first authenticate to the other domain as a different user.
When I access files on another domain via explorer, it prompts for a username/password. Is there some way I can pass this same information through scripting to access a computer in the other domain?
I attempted to do this with impersonation, but if I understand correctly, in order to impersonate a user, the user must exist on the local computer running the script. The user that I would like to use exists only on the other domain. how this can be done?
View Replies
View Related
i developing a web site and having a login function. i want my web site to track down the time between a user logged in and log out the website and stored it into database. when next time the user come in again, the time he spent in the web site will add on to the record in the database. may know where i can look for the information about this function or coding to refer?
View Replies
View Related
I am trying to make a login page for a website where I can have one page for an administrator, one page for users and an error page when someone has not entered the user name or password. I am experiencing two problems.
The admin page works fine, but when I am logging in as a user it directs me to the correct page but on the next page when I write the value of strUserType I get Admin, it should say user, so strUserType is recording Admin whether the UserType from the database matching that username and password is Admin or User.
I hope that makes sense. Also when the username and password does not have a matching record in the database I get the following error, rather than it directing you to invalid.asp as it is supposed to: "ADODB.Field (0x800A0BCD)
Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record." Code:
View Replies
View Related
I'm just wondering if there is ordering online software which has a feature to create a customised user environment (different product and prices for different user) for each login user? I really need that feature for one of my customer.
If it is not available could you please suggest a product that has this feature?
View Replies
View Related
im tryin to secure my application. i want the application to send the user back to the login page if they have not logged into the system. do i use the global.asa file or is there a simpler way to do this?
View Replies
View Related