Is possible to terminate all session variable created without closing the browser I do not want users to click on BACK button on browser or paste the url link in the http:// and shows the record displayed after logout. This works fine if users close the Browser.
I'm sure we've all heard the warnings about using cookies instead of session variables to store all of that user data so that our servers don't get bogged down. I'm just wondering how serious is this. I mean, is it just a suggestion or do these variables really take up a large amount of memory per visitor?
"Why would it matter? Just use cookies!" might be your response. Well, say I'm creating a user backend to edit a news section for a company. Now, I realize that the company newsletter is not mission critical information, but my novice-programming gut will not let me sit at ease if I store usernames and passwords in cookie data. What's to prevent someone else from looking at that local machine and fake my cookies, or even directly login with the information contained there-in?
For a recent backend along these lines, I stored a custom class in a session variable (all of you hardcore ASP guys can take a deep breath and stop twitching ). The class basically contained a copy of that user's database record (a user id, the username, the password, the e-mail address, and a few different permission variables).
I did this for two reasons:
1) I filtered all of my content through default.asp (meaning that each url looked something like default.asp?p=events where p was the real page request). Doing this allowed me to simply check the user's credentials in the default.asp script and then server.transfer them to the real page contained in the p querystring variable. I used the session-stored class after the first login (so I didn't have to hit the DB with each page request but could still make sure they had access to the site).
2) I knew before-hand that this system was only going to be used by 10-15 people max, and only 1 or 2 would be logged on at a time, let alone most of the idle time when no one was logged in (basically, it was a very low-load system so I didn't mind being unconventional). Code:
I'm involved in quite a large project which has a slightly unusual form of login (at least I think it's unusual!). I'm creating a site in ASP (actually Chilisoft ASP) where access to all pages has to be secured via login. The odd bit is that while the login page will be on this site, the login process itself will be carried out on a completely separate domain - this is the client's requirement so I have no choice.
On login, the user will be assigned a 24 hour cookie by this 2nd domain and then be passed back to the site I'm involved with. My site then needs to assign a similar cookie (I'm assming that I won't be able to read the other domain's cookie) and allow access to the site for 24 hours.
I'm wondering if it's most efficient to assign a session variable to indicate the user is logged in once my cookie has been generated (rather than have every page check for a cookie again) and on subsequent sessions during the 24 hour period to 1st check for session var, then the cookie and then, if cookie exists, to assign the session variable again.
Developed a basic ASP web site with MS Access 2k3 as a database back end. I've developed it on two different Win2k3 servers, and app works flawlessly on both.
However, we just moved it to a client's Win2k3 Server, and it's not holding any session variables. It IS, however, holding Application variables, but not session variables.
I checked all the usual things (MS KB, ASPFAQ, etc), but none of them provided any solution. The only difference I can find between the three servers is that one has the Enhanced IE Security whosiwhatsis loaded, whereas mine don't.
I have been using session variables to pass a user name from one ASP page to another inside framesets for 9 months and it stopped working this week. I have made no code changes but there was a "security update" installed on the server a few days ago but I can't find out exactly what it was.
In the research I have done I found many articles on the subject of session variables in ASP pages inside framesets. From what I read a new session will be started every time a new ASP page is accessed until a session variable is set, once a session variable is set the session will stay the same from page to page, even when using frames. It is possible to start a session by setting a session variable in the global.asa file.
My page 1 sets the session variable "username", this page calls page 2 which then uses the "username" variable. This still works on the two test servers I have where no upgrades of any kind have been done. I changed the code to display the Session.SessionID in both page 1 and page 2. On my test systems I get the same session id number, on my production system I get two different session id numbers and when I turn on prompting for all cookies I get the session cookie prompt when the second page is called. The two test systems are on the same network as my workstation, the production machine on the internet at a hosting site.
I have cookies enabled in my browser, session state is enabled in IIS and there are no special characters in the domain name of the web site. I did not have a global.asa file so I added one and I set a session variable in the global.asa just to get the session started. What I find interesting is if I display the variable I set in the global.asa file I can see it on both page 1 and page 2 but on page 2 I can't see the variables set on page 1. I am completely stumped. Does anyone have any idea what I can do to get this working again? .....
I have a function that I would like to use a session variable in. However I am not getting it to work out. I was wondering if you have define global variables inside functions like you do php or if something might be causing this?
I have an application that uses SQL extensively. However some of what it uses SQL for (the results) are fairly static and change in the database very rarely. Would it be more efficient to store this information in application variables rather than doing SQL queries each time? Its a pretty heavily utilized application. Would application variables be able to handle the traffic?
I'm trying to get a page included into another page, and so far I've been using Server.execute("home.asp") without any problems ['home.asp' is just an example], but now I' m trying to get this to work:
I've got a software package that generates nice roll-over menus. The code generated is javascript. I want to edit the javascript to prevent specific menu buttons from appearing based on security/permissions settings. These permissions are contained in ASP session vairables. So, in the js I want to check for an ASP session("perms")... If I place <% if ... %> in the js file--it errors.
I have a prob passing some vars from an .swf to an .mdb using a n .asp file. When I use the getURL command instead of loadVariablesnum, I am getting this error:
"Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x80040E14) [Microsoft][ODBC Microsoft Access Driver] Number of query values and destination fields are not the same. /processForm.asp, line 112"
I have counted the query values and destination fields a hundred times, but they are both exactly 100.
I guess this is a continuation of my erlier problem which I thought I had solved. I have several inputs being passed from one page where they are inputed in, to a preview page so the user can chek there info, then it will be passed to a page to submit the info to a data base.
I have a input that is the item description var name of �prodesc�. It pass from the input page to the preview page just fine. Then I use the same method to pass it to the next page to save it to a data base, but when it gets to the submit page the var �prodesc� only has the first word of the description that was shown on the previous page? Any one know why its acting like its been trimmed? Code:
I am working on an ecommerce app and want to be able to take my entire POST results as one item (or iterate through them) and check for any malicious SQL INJECTION items. After checking/escaping them i want to save them back into the post results. The reason for this is because I have coded the entire app and just learned about the dangers of SQL Injection and rather than going through every post var and fix it I would rather run a function at the beginning of each page.
for debugging purposes, I am wondering if it is possible to have an ASP script that:
-creates a tabel with two columns -writes a var name in the first column -writes its value in the second column
is this possible? Right now, I have manually created this tabel for myself, but everytime a new var is defined, I have to update my 'debug' table. Can this be automated?
a customer already has a website with ASP pages to request a call from a salesman... and it emails HQ with about 20 form values and also emails the customer.
what we'd like to do in a simple way is store those 20 fields somewhere they can be downloaded as well, instead of messing with the emails. but i don't want to mess with any rdbms (cause we don't have access to the server--- long story) so i'm wondering if some simple commands can just write the data to a physical file somewhere in webroot so it can be downloaded at a later time.
does anyone know how to define own Collection objets in ASP (not ASP.NET!) and VBScript? Is it better to use the Collections or the "Scripting.Dictionary" object?
I am doing a project and I have a form in which I am putting information inside cookies then I am to display the information in the cookies on another page. So when they click submit they goto this page and this is my code:
I found this piece of code to collect info from a form and then display the information. I created seperate programs - one with the form and the other with the asp part to display the collected information.
How can I collect information in one program using "post" method and display it and get an okay from my users before I update the database? Code:
I am processing a form and I want to double check that a field is defined so that no error occurs. How do I check if a key exists in a collection (the Request.Form collection)?I do not want to process all of the fields in the form, so I do not want to use "For Each x In Request.Form". I process a certain list of fields and just in case the field was left out, I want to prevent an error from occurring from trying to use a key that does not exist.
Code:
For Each x In arrayFields 'arrayFields contains certain field names 'verify that field actually defined If [field is a key in the Request.Form collection] Then stringTemp = Request.Form(x) 'do stuff End If Next
I like how you can use the Fields collection to create tables but is there a way to dynamically produce a table and filter out certain fields without having to write the entire table out manually? For example, I don't need the record's ID field in the table.
I'm working on an ASP/Javascript page with frames, and I need to access the properties of an image in the "top" frame from a script launched by the "middle" frame.
When changing the properties in the current frame, I use
I would like to tap in to all the brilliant minds out there through the means of this question. Is it possible to have a function in asp that returns a collection of items?
If so could you please direct me to some code that may provide some insight to how its done. I've tried using my limited coding capacity but no success.
I want to expire a cookie collection in my asp page and I gave it like this;
Response.Cookies("whereq").Expires = Now()
and this "whereq" collection has 50 keys. The problem is my cookie didn't expire from the above code. I hope there should be a way to do so without writing 50 expire lines.
How can I retrieve the values one by one from a variable like this: chgID=48, 51, 52, 53, 54, 56, 57, 59, 58, 46, 61, 60
Actually I am getting this, from a form and I want to update records in database filtering with these IDs one at a time. I guess 'For Each' loop can do this work done, but How??
I am trying to create a string that is cencatenated from values in a form. The form pulls in the values in a reocordset and displays each record in a row with a checkbox.
I want to cencatenate the values of the ProjectName field if the checkbox (isChecked) has been checked when the form is submitted. Here is the code that i am using:
<% If (Request.Form("Submit") <> "") Then Dim Criteria Criteria = "" For Each Item in Request.Form("ProjectName") If Request.Form("IsChecked") Then Criteria = Criteria & Request.Form("Projectname") Else Next Response.write Criteria End If %>
If I get rid of the If then else statement with in the For Each statement, then all of the items will cencatenate. I am just trying to grab the rows where the user has checked in the box for the row.
can anyone tell me why it is that when i do (see the code>)
1 the value of the submit button doent match? 2 the collection returns the collection string as line one? 3. how do i jump these 2 for error check and trim replace?
Is there a way to manipulate (ie change) the items in the forms collection. I simply want to get rid of the infamous apostrophe in input from a form, replace ' with ''. I had hoped to be able just to make the change and then put it back into the Form.item. Is there a way to do this?
If not, would the best way to save the result be to build an array, which is then used instead of the forms collection? Code: