I'm sure we've all heard the warnings about using cookies instead of session variables to store all of that user data so that our servers don't get bogged down. I'm just wondering how serious is this. I mean, is it just a suggestion or do these variables really take up a large amount of memory per visitor?
"Why would it matter? Just use cookies!" might be your response. Well, say I'm creating a user backend to edit a news section for a company. Now, I realize that the company newsletter is not mission critical information, but my novice-programming gut will not let me sit at ease if I store usernames and passwords in cookie data. What's to prevent someone else from looking at that local machine and fake my cookies, or even directly login with the information contained there-in?
For a recent backend along these lines, I stored a custom class in a session variable (all of you hardcore ASP guys can take a deep breath and stop twitching ). The class basically contained a copy of that user's database record (a user id, the username, the password, the e-mail address, and a few different permission variables).
I did this for two reasons:
1) I filtered all of my content through default.asp (meaning that each url looked something like default.asp?p=events where p was the real page request). Doing this allowed me to simply check the user's credentials in the default.asp script and then server.transfer them to the real page contained in the p querystring variable. I used the session-stored class after the first login (so I didn't have to hit the DB with each page request but could still make sure they had access to the site).
2) I knew before-hand that this system was only going to be used by 10-15 people max, and only 1 or 2 would be logged on at a time, let alone most of the idle time when no one was logged in (basically, it was a very low-load system so I didn't mind being unconventional). Code:
Is possible to terminate all session variable created without closing the browser I do not want users to click on BACK button on browser or paste the url link in the http:// and shows the record displayed after logout. This works fine if users close the Browser.
I'm involved in quite a large project which has a slightly unusual form of login (at least I think it's unusual!). I'm creating a site in ASP (actually Chilisoft ASP) where access to all pages has to be secured via login. The odd bit is that while the login page will be on this site, the login process itself will be carried out on a completely separate domain - this is the client's requirement so I have no choice.
On login, the user will be assigned a 24 hour cookie by this 2nd domain and then be passed back to the site I'm involved with. My site then needs to assign a similar cookie (I'm assming that I won't be able to read the other domain's cookie) and allow access to the site for 24 hours.
I'm wondering if it's most efficient to assign a session variable to indicate the user is logged in once my cookie has been generated (rather than have every page check for a cookie again) and on subsequent sessions during the 24 hour period to 1st check for session var, then the cookie and then, if cookie exists, to assign the session variable again.
Developed a basic ASP web site with MS Access 2k3 as a database back end. I've developed it on two different Win2k3 servers, and app works flawlessly on both.
However, we just moved it to a client's Win2k3 Server, and it's not holding any session variables. It IS, however, holding Application variables, but not session variables.
I checked all the usual things (MS KB, ASPFAQ, etc), but none of them provided any solution. The only difference I can find between the three servers is that one has the Enhanced IE Security whosiwhatsis loaded, whereas mine don't.
I have an application that uses SQL extensively. However some of what it uses SQL for (the results) are fairly static and change in the database very rarely. Would it be more efficient to store this information in application variables rather than doing SQL queries each time? Its a pretty heavily utilized application. Would application variables be able to handle the traffic?
I'm trying to get a page included into another page, and so far I've been using Server.execute("home.asp") without any problems ['home.asp' is just an example], but now I' m trying to get this to work:
I've got a software package that generates nice roll-over menus. The code generated is javascript. I want to edit the javascript to prevent specific menu buttons from appearing based on security/permissions settings. These permissions are contained in ASP session vairables. So, in the js I want to check for an ASP session("perms")... If I place <% if ... %> in the js file--it errors.
I have a prob passing some vars from an .swf to an .mdb using a n .asp file. When I use the getURL command instead of loadVariablesnum, I am getting this error:
"Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x80040E14) [Microsoft][ODBC Microsoft Access Driver] Number of query values and destination fields are not the same. /processForm.asp, line 112"
I have counted the query values and destination fields a hundred times, but they are both exactly 100.
I guess this is a continuation of my erlier problem which I thought I had solved. I have several inputs being passed from one page where they are inputed in, to a preview page so the user can chek there info, then it will be passed to a page to submit the info to a data base.
I have a input that is the item description var name of �prodesc�. It pass from the input page to the preview page just fine. Then I use the same method to pass it to the next page to save it to a data base, but when it gets to the submit page the var �prodesc� only has the first word of the description that was shown on the previous page? Any one know why its acting like its been trimmed? Code:
I am working on an ecommerce app and want to be able to take my entire POST results as one item (or iterate through them) and check for any malicious SQL INJECTION items. After checking/escaping them i want to save them back into the post results. The reason for this is because I have coded the entire app and just learned about the dangers of SQL Injection and rather than going through every post var and fix it I would rather run a function at the beginning of each page.
for debugging purposes, I am wondering if it is possible to have an ASP script that:
-creates a tabel with two columns -writes a var name in the first column -writes its value in the second column
is this possible? Right now, I have manually created this tabel for myself, but everytime a new var is defined, I have to update my 'debug' table. Can this be automated?
a customer already has a website with ASP pages to request a call from a salesman... and it emails HQ with about 20 form values and also emails the customer.
what we'd like to do in a simple way is store those 20 fields somewhere they can be downloaded as well, instead of messing with the emails. but i don't want to mess with any rdbms (cause we don't have access to the server--- long story) so i'm wondering if some simple commands can just write the data to a physical file somewhere in webroot so it can be downloaded at a later time.
I have a site that I'm trying to migrate to ASP.NET from ASP, and the foremost stumbling block I'm hitting is session state between the ASP and ASP.NET applications. In order to access this information, I'm doing a HttpWebRequest from the ASP.NET side into an .asp page, passing the session name on the get in order to request it from the ASP side and write it back to the response stream, giving ASP.NET access to it. Of course I change sessions each time I make the call from the ASP.NET side.
Soooooo, I'm thinking to myself, "Self, shouldn't you be able to fake out the server by getting the session cookie from the initial usage of the asp, pass that data to the ASP.NET, and use that to send a request back the ASP side under the appropriate session?"
From a real high level, I enter the site via a .asp page. This page in turn calls .aspx page from within a frame ......
I want to create an administration page which lists all the current users who are on the site at the moment.
I know coldfusion has this feature built in using the SessionTracker class... does ASP have something similar? If not... is there any way I can just iterate through all the session files on the server...?
I have a site developed using ASP, but each page I enter has a different session id when accessing the site using the domain name of the site. When accessing the site from my network and using the internal IP address, it is OK. Any ideas?
I wrote a website, which uses the session to store and track some vars.
Now I am gonna to covert it to desktop application by Activesite compiler 5, however, it doesnot support session , cookie , application() . SO ,I have no idea to find something can instead of session.
My orignal processing: Session -> modify Session var -> store to Database.
There is a problem about ASP session ID. ASP session is implemented by storing session id in a session cookie, but I read this cookie in ISAPI Filter, get a string as following: ASPSESSIONIDQADCQQTS = IAOFCBBCGDGMDGCNJIKPNBAN
But the real session ID is 554851848. (Real sessionID is sessionID property the ASP session object)
Problem is what is relation between them? And how to get real session ID from cookie session ID.
I did a session("adminlogin")=1, if I post it to the same page, it returns true. But if I response.redirect to another page. This value doesn't exist anymore. This is on the actual server where all the ms security is updated.
The same script worked okay on my test server (the security patch not patched yet.)
Has anyone encountered this? How do you overcome it?
I tried searching the net it says the problem lies with a ms security patch. How I wish I can unintall that patch.
I have asp and asp.net web application. When I run it in IE7 in first tab it starts a new session. When I open second tab and browse to the same site the new session is not started (infact I need to have new session there).
Whereas, 2 IE instances generate 2 unique sessions. Only issue is with IE tabs. Firefox also has similar things but lets not talk about firefox here. I am more concerned with IE only.
In my login script I set session("User") = rs("User") the session timeout is set to 20 min
Do I need to setup some kind of update session variable on each page so that the timeout does run out or does iis update the variable aslong as I'm browsing the website ?
And another thing, <% application("something") %> works fine on my test server but once I implement it onto the main webserver I dont get any text out, is there some kind of switch that enables this function ?
My buttons default as you can see in the code. But I now want to take what is already choosen in database and chose apropriate button. Can I use a session to choose a radio button? Code:
I am using the session(loggedin) to see if a user is logged into that section of the site. The problem is that it is timing out on them, is there a way to define the length of the session (I think it times out at 10 or 20 mins currently), but to extend it to an hour or so. Any thoughts.
I've developed a shopping cart app in ASP, to secure transaction by SSL, it 've put only the checkout page in SSL but all other pages i.e. product, cart etc remains on non SSL connection. How can I track user session from non SSL to SSL checkout page as the SessionID changes when shifting to SSL (to prevent session stealing/ hijacking). I'm tracking user session by putting SessionID in cart DB with products. Given below the preview of cart table ....