Does anyone know how to prevent the browser from automatically adding the password to a form after a user name is entered? I need to be able to over ride the brower setting so turning off the option in IE is not really a solution.
How do people go about preventing the user from submitting a form for a 2nd time? For example, the user submits a form, clicks on the back button, and the submits the form again. I have used various techniques in the past (depending on circumstances) but I'd be interested in the techniques you guys currently use.
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form injection attacks? I'm looking for good routines I can reuse on all of my form processing pages.
I'm using if for when the user deletes a record from the database. People using the website try and delete more than one record at a t time by placing commas between the IDnumber ie. 1,2,5,9 etc.
This creates an error. So instead of this error appearing, how can I get a small alert box telling hte user he/or she has entered the wrong data type?
In ASP classic pages,I want to know if it's possible to prevent session variables from becoming zero length strings? I have tried setting the Session.Timeout to a large value, but alwas, after 20 minutes, my session variable times out. I also tried setting the session timeout in IIS manager to a high value, but this did no good either.I just want to allow one particular session variable to last a long time.
I have a permission tracking app that I am working on, and I have made the insert page for it. I am having issues on how to prevent duplicates from getting entered.
Currently the interface for the app has a mixture of select boxes, list boxes and checkboxes. The form submits the page to processAIMR.asp and then does the inserting. I am using a loop to insert a new record for each checkbox checked or listbox entry selected. Code:
I have a form that sends info to a preview page, then to a thank you page. The thank you page gets the data passed from the rpeview page and sends an email.
How can I prevent the user from refreshing the page, so it doesn't send the email again.
I would like to prevent a user from logging in with their user/password combination on a different computer or even a different browser window, if they are already logged in. I have a login page, from which I use a DB check to verify user/password info. Also, I have a bit loggedIN field in the DB, which I use to see if they are currently logged in; if so, I prevent them from logging in a second time.
Unless they click the "Log Out" button, then the DB value does not get changed. Any suggestions as to how I can log them out, even if they simply close the browser window or jump to a different page?
For instance here's a simple select statement Code:
("SELECT a, b,c d, e, f FROM Table WHERE a = "&CInt(j)&" and c= 0")
j is a dimmed variable which is a and it's numeric. Is the above protected against any non numeric instances? Like j=2,345..i've tested this and it works i'm just trying to see if i've covered all my tracks.
Is there a way in ASP to prevent including the same file more than once?
Example:
dbutil.asp needs constants.asp, so I include constants.asp inside dbutil.asp.
transact.asp also needs constants.asp, so I include constants.asp inside transact.asp.
transact.asp doesn't need stuff in dbutil.asp, and dbutil.asp doesn't need stuff in transact.asp.
Then later I might have a main.asp that needs both dbutil.asp and transact.asp. So I include them both. However, the constants.asp will be found to be included twice!
What can I do to creatively prevent multiple inclusion of the same file in ASP? I know how to do it in C and C++, but I can't apply that to ASP, it seems.
I have created an Intranet in my office using ASP (of course). Within it is a booking system, allowing booking of conference rooms, digital camera and other equipment. It works perfectly...almost, as there is no way to prevent double bookings.
I really don't know where to begin with this one. All bookings go to an Access DB, into a single table. The bookings have a start time and an end time (24hr).
I would like it so that when the user submits the form, if there is a clash in times instead of saying, thanks for your booking, to redirect them back to the booking page saying there is already a booking for this time and that I am very sorry!
I guess I have to check some value in access and return the info back to the webpage before it chooses where to redirect the user.
I am developing a Simple ASP Website with a login page. I want to know how can I change Session ID after login and also Close the current Session after User closes the Window or gets logged out of the Website. So that every time user logs in into the website, Session ID will be unique.
My client received an email from a user who mentioned that by accident they had been typing (over the querystring I guess), and the url had become:
default.asp?pageid='asd
They then received a SQL Server error message.
My client contacted their webhost, who came back to them promptly and talked of 'SQL Injection', they said that we would need to secure the code as well as the permissions on the database(which I believe they have done)..
This is something I had over looked, and started to write a fix for a couple of nights ago...but I dont think its 100%....
Basically I now do this at the top of my default.asp page ...
We have 2 domains for internal purposes: one for users (have to login and domain has SSL) and another for sponsors (have to login and domain does NOT have SSL).
Now when a user logs in and there are pages that have info from the sponsors domain, users are asked to login again with a warning message saying if they want to see secure and nonsecure information. How can I bypass the second login? Is there something I can do in active directory, IIS, or ASP to not have the second login appear?
How can I prevent this from happening? For example when the asp application works in a public terminal where we don't want successive users to know the login password and user name of the previous ones?
ASP Caching is not happening even i enable ASP disk cache under websites properties,Homedirectory,Configuration,cache options.. I have given the Full Control Permissions to IIS_WPG & Administrator to that directory... I am getting that cache options under websites only not individual sites.Can i know the reason for this
Just recently we have encountered a weird problem with our webserver...running IIS 5 and W2000 SP4 When testing an ASP page, if you get an error of some sort in your browser, when you go into the code and fix the problem, save the changes, when you refresh the page, the error stays there, even though the code is correct. The problem is not fixed until you rename the page, and the open it in your browser to work fine??
We have a website that reads data from Oracle and creates an XML file. Then the site uses that file to access the info faster. On IIS5 we have no problems, but on IIS6 we seem to have some caching issuses. This deals with the Worker Processes. By default, there is only 1 Worker Process that gets recycled after 1700 minutes or so. The problem is, that we will select some data from the screen, which opens up another window to update the info. We walk through the update process and change some data and it updates the page fine. We can even check the XML file and it is changed, but if you choose to go back into that data, the dropdowns will reflect whatever was initially in the XML not the changes. If I increase the number of Worker Processes and shorten their recycle time, this doesn't seem to be a problem, but for every request I am generating a 25M file on the server that eventually gets recycled. I don't want to load up the memory with useless files, but I want our application to reflect the correct data. I really need to do this without affecting any other possible web apps that may be on the box.
Never had this problem before, but my SSI's in an ASP page are caching. I don't think ASP has anything to do with it mind you. I think it's a server issue (I've never really used this hosting company before).
Is there any way (ASP or otherwise) that anyone knows of stopping a web server caching your SSI's. It's VERY annoying!
We have an IIS cluster running an ASP website. We installed the patch listed under Q239703 that allows IIS to recognize script updates and appriately not cache those ASP pages. However, since we made this change, any office documents that a user tries to download exhibit the problem listed in Q316431. We do not use any of the caching commands listed in this article (Pragma: no-cache OR Cache-control: no-cache,max-age=0,must-revalidate). In fact we do not have anything set in the code at all with regards to caching, and the only this i can come up with is the change we made from Q239703, which is needed to stop IIS from caching ASP based pages
We are attempting to cache asp web pages in our isa server from the local county property appraiser web site to speed up access, with a 60 minute TTL (time to live).
This doesn't seem to be working - at least the pages aren't coming up any faster. Is there anything in asp that could be preventing the pages from being cached locally?
What is the best way to cache images, and stylesheets on an asp site? I currently use a .asp extension on all my pages because I use include statements to keep certain parts of my layout the same(menu, logo, footer). I have read that asp doesn't cache pages by default, and that they are processed everytime on the server. This can eat bandwidth up pretty fast.
There also seems to be a few ways to cache a page (response.expires, cache-control, public, using meta tags, and a few more).
I have a page were data can be filtered using up to 4 listboxes. Once someone does a filter, those parameters are saved so when they come back to the page on a subsequent visit, the listboxes are filled for them.
There is a slight performance issue if all listboxes are set to 'All'. Can the Cache Object be used for data that is static but filtered? If so, how? The data that is being filtered is updated once a month and I am not using the .NET platform.
Im having a problem that some users of this Admin System Ive built have been getting. I think the problem is caching, users arent seeing the updated version. Is there anyway to force the browser to get a fresh copy of the page everytime?
When you enter our site with just mydomain.com (without the www) and then proceed to a section of the site that is https, the user receives a cert warning since mydomain.com doesn't match up with www.mydomain.com.
What is the easiest way to globally and seamlessly redirect users from mydomain.com to www.mydomain.com to prevent this? The site has about 3000 pages so changing every page with request_querystring isn't really an option.
It would be great if it would work off of child pages too, i.e., mydomain.com/somepage.asp would also redirect to www.mydomain.com/somepage.asp.
I have an application which allows users to check in/check out XML files from an MSSQL database. When checked out, the XML file resides on a network drive. This allows users to edit the file. When checked in, the XML file resides in the database etc..
Anyway - the process works fine, but after a couple of hours usage the checkin method stops working. No matter what you change in the XML file it does not update.
Checkin method:
Create FileSystemObject (FSO) Retrieve 'Checked Out' File from the network drive using the FSO Retrieve contents of file using ReadAll Update database with new content Kill FSO
THe FSO.ReadAll returns a cached/old version of the XML file. I can open the file in notepad and I can seee the changes made, but when I do a ReadAll on the file using FSO the change is not there...
The only way around this is to re-boot my PC. Is it possible the memory allocated to my application fills up and cannot create new instances? Anyone else experienced anything like this? The application is an ASP based Web Application and runs through IIS5.
I've had some periodic problems on certain (intranet)servers where IIS seems to be caching thing in an unexpected way, or is server cached pages where new content is expected.
The first situation is where we have a standard Top + Left + Content framset; the left frame contains a menu which shows standard options - when the user logs in, extra menu options are available to them, depending on their priveleges. The menu is generated from a DB in ASP, and when the user logs in, Javascript is used to reload the page in the left frame - eg. re-generate menu based on logged-in user.
This used to work on all servers, but at some point in time I found that people were logging in but were stuck with the standard menu. If we right-clicked in the menu and chose refresh, often the correct (eg expanded) menu would be shown.
I'm not sure where the problem is IIS or could be controlled in ASP...
The second problem is on my development machine; when I browse to my development copy of the intranet, I dont get the icons for each menu item. However, when I browse to the live Intranet system, the correct graphics are shown.....
I have 2 asp pages, the first displays a drop down which it's source is from a db, user picks a value, submits to the next page. Currently if the user hits back picks a different value and submits again, the same original value is submitted again, not the newly select value...
I see lots of things talking about caching, wondering if there is something I can do so if the user goes back, using their back button, that if they select the new value and resubmit, that the new value is used and not the original value, I may have said that in a very long winded way, just wanted to be clear..
I'm developing a website, using ASP VBScript, and I'm using Response.ServerVariable("cert_subject") to get information about the client's certificate (smart card). But this variable is cached, the user can take the smart card out, and the previous data is still there.
It's only until you close the browser and reopen IE that it flushes it. Does anyone know of a way to flush that particular variable, or force IE to relook at the cert each time of the response call?
which should prevent any caching of pages. All the pages contain dynamic db driven data, so I need to ensure none of the pages are cached.
One of the users has found that pages aren't updating when she navigates to them. It only happens on her computer. If you refresh the page manually, the data updates.If she logs in using a different machine, it all works fine.
She's using IE7. Does anyone who of any setting on a computer that might override the response.expires setting?
We are having a problem with a xmlhttpRequest request returning a cached version of the request - the code we are using is inserted below. Has anyone else had this problem before - or have any ideas on what we may be doing incorrectly.