Preventing Multiple Login Prompts When Using 2 Different Domains
We have 2 domains for internal purposes: one for users (have to login
and domain has SSL) and another for sponsors (have to login and domain
does NOT have SSL).
Now when a user logs in and there are pages that have info from the
sponsors domain, users are asked to login again with a warning message
saying if they want to see secure and nonsecure information. How can
I bypass the second login? Is there something I can do in active
directory, IIS, or ASP to not have the second login appear?
How can I prevent this from happening? For example when the asp application works in a public terminal where we don't want successive users to know the login password and user name of the previous ones?
Is there a way in ASP to prevent including the same file more than once?
Example:
dbutil.asp needs constants.asp, so I include constants.asp inside dbutil.asp.
transact.asp also needs constants.asp, so I include constants.asp inside transact.asp.
transact.asp doesn't need stuff in dbutil.asp, and dbutil.asp doesn't need stuff in transact.asp.
Then later I might have a main.asp that needs both dbutil.asp and transact.asp. So I include them both. However, the constants.asp will be found to be included twice!
What can I do to creatively prevent multiple inclusion of the same file in ASP? I know how to do it in C and C++, but I can't apply that to ASP, it seems.
I am new user of ASP and as well as this forum, i want to make a web page, to enter data,in which , first user login page, then he enter data on his authorize database, database names are same as user login name.
e.g if someone login as user xyz he must open xyz.mdb, and if other login as abc he must open only abc.mdb to enter data, and data entry page must validate fields such that numeric fields, text fields, numeric lenght, etc
I have a situation where we have a mirror server located outside of our domain. Using ASP, I need to have the web server on the different domain access files on a file server that is within another domain and be able to display the file from the web page. They are Word documents and PDFs and Excel files. But for security reasons, we can not use anonymous access. On our production server we just use mappings within IIS to perform this, because it is all within one domain. I hope someone has had a similar experience and can tell me how this can be done using ASP or some kind of component.
Is it possible to use cookies between different domains?
For my site I use 2 domains;
the first for my global site with ASP en HTML, the second is for my forum located on "hyperboards" a free forum domain. On de second domain i don't have any control and i can't put any new webpages on that site.
But I want to use the cookie of my forum on my global site.
I have a situation where I have a customer with one e-comm site and two domain names. Both domains currently point to the one site but they want different logos and purchase tracking for each domain name as visitors come through. I am not that well versed in using the HTML headers but somewhere I seem to recall a way of using the headers to identify the url/domain and then redirect or setup session variables for handling the rest.
If this is ringing a bell with anyone I could use a pointer to more info on this.
ive got a piece of software (perl) that i use to track visitors on my site. this software displays both ip addresses and domains of visitors
e.g.
A visitor from 81-178-202-110.dsl.pipex.com (81.178.202.110) arrived without a referring URL, and visited www.newmediadesigns.co.uk/index.shtml at 03:01:28 PM on Friday, March 26, 2004. This visitor used Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1).
what code do i need to display this domain information in asp?
Has anyone got a script for a domains/hosting cart running off an Access db. There seems to be quite a few PHP/Perl versions around but very little ASP.
On one of my client's website customer's are uploading a few files each week using SA-FileUp. My clients wants that each uploaded file to be copied on another website he has got.
Any hint on how to copy one file between domains ? I was thinking about using AspHTTP which is installed on the original server but not on the other end.
how i can build a script to list deleted domains ? then obviously i can add more features on from there, ive looked everywhere and all of them seem to be php so i cant see how they do it.
I think I may have a problem with the user of cookies in my centralized logon and registration system that I hoped could be consumed by all the sub-domains on my remote host IP. I built the application in the root of the IP and redirect the user back to his requested page after his Login. Just before this I set a permanent cookie.
But, it appears when the user gets back to the page its GONE. However, if I go to the same address via IP and correct folder path IT is. How can this be. I thought a cookie was written to the browser. what difference does the domain make. can I salvage this application without having to deploy it in mutliple sub-domains?
Basically use Plesk to manage websites on a server and in the process of migrating domains. However Plesk creates virtual domains and all my websites use the following syntax to reference asp include files:
<!--#INCLUDE VIRTUAL="/misc/includes.asp"-->
This doesn't work now as the websites were setup with websites and NOT virtual domains.
So how do I successfully reference these files now?
Is it possible to backup a Database from one domain to another using the File System Object? I want to save a DB from a folder on my1stsite.com to my2ndsite.com but obviously the server.mappath won't work and putting the URL of the folder to save to doesn't either i.e. http://www.my2ndsite.com/savefolder/myDB.mdb .
I'm including the output of an .asp page hosted on other domain using serverXMLHTTP. Is it possible that I can share the values of some variables from external file.
I'm using if for when the user deletes a record from the database. People using the website try and delete more than one record at a t time by placing commas between the IDnumber ie. 1,2,5,9 etc.
This creates an error. So instead of this error appearing, how can I get a small alert box telling hte user he/or she has entered the wrong data type?
In ASP classic pages,I want to know if it's possible to prevent session variables from becoming zero length strings? I have tried setting the Session.Timeout to a large value, but alwas, after 20 minutes, my session variable times out. I also tried setting the session timeout in IIS manager to a high value, but this did no good either.I just want to allow one particular session variable to last a long time.
I have a permission tracking app that I am working on, and I have made the insert page for it. I am having issues on how to prevent duplicates from getting entered.
Currently the interface for the app has a mixture of select boxes, list boxes and checkboxes. The form submits the page to processAIMR.asp and then does the inserting. I am using a loop to insert a new record for each checkbox checked or listbox entry selected. Code:
Does anyone know how to prevent the browser from automatically adding the password to a form after a user name is entered? I need to be able to over ride the brower setting so turning off the option in IE is not really a solution.
I have a form that sends info to a preview page, then to a thank you page. The thank you page gets the data passed from the rpeview page and sends an email.
How can I prevent the user from refreshing the page, so it doesn't send the email again.
I would like to prevent a user from logging in with their user/password combination on a different computer or even a different browser window, if they are already logged in. I have a login page, from which I use a DB check to verify user/password info. Also, I have a bit loggedIN field in the DB, which I use to see if they are currently logged in; if so, I prevent them from logging in a second time.
Unless they click the "Log Out" button, then the DB value does not get changed. Any suggestions as to how I can log them out, even if they simply close the browser window or jump to a different page?
For instance here's a simple select statement Code:
("SELECT a, b,c d, e, f FROM Table WHERE a = "&CInt(j)&" and c= 0")
j is a dimmed variable which is a and it's numeric. Is the above protected against any non numeric instances? Like j=2,345..i've tested this and it works i'm just trying to see if i've covered all my tracks.
How do people go about preventing the user from submitting a form for a 2nd time? For example, the user submits a form, clicks on the back button, and the submits the form again. I have used various techniques in the past (depending on circumstances) but I'd be interested in the techniques you guys currently use.
I have created an Intranet in my office using ASP (of course). Within it is a booking system, allowing booking of conference rooms, digital camera and other equipment. It works perfectly...almost, as there is no way to prevent double bookings.
I really don't know where to begin with this one. All bookings go to an Access DB, into a single table. The bookings have a start time and an end time (24hr).
I would like it so that when the user submits the form, if there is a clash in times instead of saying, thanks for your booking, to redirect them back to the booking page saying there is already a booking for this time and that I am very sorry!
I guess I have to check some value in access and return the info back to the webpage before it chooses where to redirect the user.
I am developing a Simple ASP Website with a login page. I want to know how can I change Session ID after login and also Close the current Session after User closes the Window or gets logged out of the Website. So that every time user logs in into the website, Session ID will be unique.
My client received an email from a user who mentioned that by accident they had been typing (over the querystring I guess), and the url had become:
default.asp?pageid='asd
They then received a SQL Server error message.
My client contacted their webhost, who came back to them promptly and talked of 'SQL Injection', they said that we would need to secure the code as well as the permissions on the database(which I believe they have done)..
This is something I had over looked, and started to write a fix for a couple of nights ago...but I dont think its 100%....
Basically I now do this at the top of my default.asp page ...
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form injection attacks? I'm looking for good routines I can reuse on all of my form processing pages.
I am building a website to pull data from a remote https site using xmlhttp. The data from the https site is behind a login screen. I can successfully get through the login screen with:
That works great - but then, when I try to go to the next page (where the data is that I want to pull) - I use the same process and I get kicked back out to the login screen? Could there be some cookies, referer, strings being passed normally that I am not including in my second request - How do i find out for sure?
I have used the software IETrace and it looks like some cookies being passed, but how do I know for sure if (and what exactly) it is using?
I want to login to a page using MSXML2.ServerXMLHTTP.4.0 or an object like this, I must send the form variables needed to login when I try to login to the page. But the problem is, that the page looks like a exe file (not a asp file or php file or what ever). The name of the page I try to login is something like "/pw?/session/login", nothing more, without extension. I have tried the code with a normal asp file with session registration and login process and it worked, but not with this file.
When you enter our site with just mydomain.com (without the www) and then proceed to a section of the site that is https, the user receives a cert warning since mydomain.com doesn't match up with www.mydomain.com.
What is the easiest way to globally and seamlessly redirect users from mydomain.com to www.mydomain.com to prevent this? The site has about 3000 pages so changing every page with request_querystring isn't really an option.
It would be great if it would work off of child pages too, i.e., mydomain.com/somepage.asp would also redirect to www.mydomain.com/somepage.asp.
