Is possible to terminate all session variable created
without closing the browser
I do not want users to click on BACK button on browser or paste the url link
in the http:// and shows the record displayed after logout. This works fine
if users close the Browser.
I'm sure we've all heard the warnings about using cookies instead of session variables to store all of that user data so that our servers don't get bogged down. I'm just wondering how serious is this. I mean, is it just a suggestion or do these variables really take up a large amount of memory per visitor?
"Why would it matter? Just use cookies!" might be your response. Well, say I'm creating a user backend to edit a news section for a company. Now, I realize that the company newsletter is not mission critical information, but my novice-programming gut will not let me sit at ease if I store usernames and passwords in cookie data. What's to prevent someone else from looking at that local machine and fake my cookies, or even directly login with the information contained there-in?
For a recent backend along these lines, I stored a custom class in a session variable (all of you hardcore ASP guys can take a deep breath and stop twitching ). The class basically contained a copy of that user's database record (a user id, the username, the password, the e-mail address, and a few different permission variables).
I did this for two reasons:
1) I filtered all of my content through default.asp (meaning that each url looked something like default.asp?p=events where p was the real page request). Doing this allowed me to simply check the user's credentials in the default.asp script and then server.transfer them to the real page contained in the p querystring variable. I used the session-stored class after the first login (so I didn't have to hit the DB with each page request but could still make sure they had access to the site).
2) I knew before-hand that this system was only going to be used by 10-15 people max, and only 1 or 2 would be logged on at a time, let alone most of the idle time when no one was logged in (basically, it was a very low-load system so I didn't mind being unconventional). Code:
I'm involved in quite a large project which has a slightly unusual
form of login (at least I think it's unusual!). I'm creating a site in
ASP (actually Chilisoft ASP) where access to all pages has to be
secured via login. The odd bit is that while the login page will be on
this site, the login process itself will be carried out on a
completely separate domain - this is the client's requirement so I
have no choice.
On login, the user will be assigned a 24 hour cookie by this 2nd
domain and then be passed back to the site I'm involved with. My site
then needs to assign a similar cookie (I'm assming that I won't be
able to read the other domain's cookie) and allow access to the site
for 24 hours.
I'm wondering if it's most efficient to assign a session variable to
indicate the user is logged in once my cookie has been generated
(rather than have every page check for a cookie again) and on
subsequent sessions during the 24 hour period to 1st check for session
var, then the cookie and then, if cookie exists, to assign the session
variable again.
is there a quick way to reset all the used session variables onb a server in one hit rather than using Code:
session("xx")=""
for each one.
I was wondering if there was a way to pass the entire collection of ASP
Session variables into a COM function.
Inside COM, I need to have something like
Public Function ProcessVars(ByRef Session as <SomeSessionVarType>)
End Function
Which reference do I need to include in my VB6 project?
Developed a basic ASP web site with MS Access 2k3 as a database
back end. I've developed it on two different Win2k3 servers, and app works
flawlessly on both.
However, we just moved it to a client's Win2k3 Server,
and it's not holding any session variables. It IS, however, holding
Application variables, but not session variables.
I checked all the usual
things (MS KB, ASPFAQ, etc), but none of them provided any solution. The
only difference I can find between the three servers is that one has the
Enhanced IE Security whosiwhatsis loaded, whereas mine don't.
it's that time again. Time to learn a new language, and I picked ASP. I've got this:
<asp:HyperLinkField DataTextField="BeenPaid" DataNavigateUrlFields="BeenPaid,BillName" HeaderText="BeenPaid" DataNavigateUrlFormatString="Default2.aspx?BeenPaid={0}&BillName={1}" ItemStyle-HorizontalAlign="Center" />
It works fine, it makes links of the stuff that is pulled outa the database. An example url it made is:
Default2.aspx?BeenPaid=False&BillName=Verizon
how do I get those vars out of the url in the Default2.aspx page. In php it was $_GET["BeenPaid"]
I have an application that uses SQL extensively. However some of what it
uses SQL for (the results) are fairly static and change in the database very
rarely. Would it be more efficient to store this information in application
variables rather than doing SQL queries each time? Its a pretty heavily
utilized application. Would application variables be able to handle the
traffic?
I'm trying to get a page included into another page, and so far I've been using Server.execute("home.asp") without any problems ['home.asp' is just an example], but now I' m trying to get this to work:
server.execute("home.asp?foo=bar")
but to no avail. Code:
I've got a software package that generates nice roll-over menus. The code generated is javascript. I want to edit the javascript to prevent specific menu buttons from appearing based on security/permissions settings. These permissions are contained in ASP session vairables. So, in the js I want to check for an ASP session("perms")... If I place <% if ... %> in the js file--it errors.
View Replies View RelatedI have a prob passing some vars from an .swf to an .mdb using a n .asp file. When I use the getURL command instead of loadVariablesnum, I am getting this error:
"Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC Microsoft Access Driver] Number of query values and destination fields are not the same.
/processForm.asp, line 112"
I have counted the query values and destination fields a hundred times, but they are both exactly 100.
how do I get the xmlsource? in php its just this line of code: include($_GET['xmlsource']);
View Replies View RelatedI guess this is a continuation of my erlier problem which I thought I had solved.
I have several inputs being passed from one page where they are inputed in, to a preview page so the user can chek there info, then it will be passed to a page to submit the info to a data base.
I have a input that is the item description var name of �prodesc�. It pass from the input page to the preview page just fine. Then I use the same method to pass it to the next page to save it to a data base, but when it gets to the submit page the var �prodesc� only has the first word of the description that was shown on the previous page? Any one know why its acting like its been trimmed? Code:
I am working on an ecommerce app and want to be able to take my entire POST results as one item (or iterate through them) and check for any malicious SQL INJECTION items. After checking/escaping them i want to save them back into the post results. The reason for this is because I have coded the entire app and just learned about the dangers of SQL Injection and rather than going through every post var and fix it I would rather run a function at the beginning of each page.
View Replies View Relatedfor debugging purposes, I am wondering if it is possible to have an ASP script that:
-creates a tabel with two columns
-writes a var name in the first column
-writes its value in the second column
is this possible? Right now, I have manually created this tabel for myself, but everytime a new var is defined, I have to update my 'debug' table. Can this be automated?
a customer already has a website with ASP pages to request a call from a salesman... and it emails HQ with about 20 form values and also emails the customer.
what we'd like to do in a simple way is store those 20 fields somewhere they can be downloaded as well, instead of messing with the emails. but i don't want to mess with any rdbms (cause we don't have access to the server--- long story) so i'm wondering if some simple commands can just write the data to a physical file somewhere in webroot so it can be downloaded at a later time.
how to find the session expired or not without using any session varaibles?
View Replies View RelatedI have a site that I'm trying to migrate to ASP.NET from ASP, and the
foremost stumbling block I'm hitting is session state between the ASP
and ASP.NET applications. In order to access this information, I'm
doing a HttpWebRequest from the ASP.NET side into an .asp page,
passing the session name on the get in order to request it from the
ASP side and write it back to the response stream, giving ASP.NET
access to it. Of course I change sessions each time I make the call
from the ASP.NET side.
Soooooo, I'm thinking to myself, "Self, shouldn't you be able to fake
out the server by getting the session cookie from the initial usage of
the asp, pass that data to the ASP.NET, and use that to send a request
back the ASP side under the appropriate session?"
From a real high level, I enter the site via a .asp page. This page
in turn calls .aspx page from within a frame ......
I want to create an administration page which lists all the current users who are on the site at the moment.
I know coldfusion has this feature built in using the SessionTracker class... does ASP have something similar? If not... is there any way I can just iterate through all the session files on the server...?
I have a site developed using ASP, but each page I enter has a different session id when accessing the site using the domain name of the site. When accessing the site from my network and using the internal IP address, it is OK. Any ideas?
View Replies View RelatedI want the suggestion what is better for use between:
Session.abandon
&
Session.Contents.Remove
I wrote a website, which uses the session to store and track some vars.
Now I am gonna to covert it to desktop application by Activesite compiler 5, however, it doesnot support session , cookie , application() . SO ,I have no idea to find something can instead of session.
My orignal processing: Session -> modify Session var -> store to Database.
There is a problem about ASP session ID. ASP session is implemented by storing session id in a session cookie, but I read this cookie in ISAPI Filter, get a string as following:
ASPSESSIONIDQADCQQTS = IAOFCBBCGDGMDGCNJIKPNBAN
But the real session ID is 554851848. (Real sessionID is sessionID property the ASP session object)
Problem is what is relation between them? And how to get real session ID from cookie session ID.
I did a session("adminlogin")=1, if I post it to the same page, it returns true. But if I response.redirect to another page. This value doesn't exist anymore. This is on the actual server where all the ms security is updated.
The same script worked okay on my test server (the security patch not patched yet.)
Has anyone encountered this? How do you overcome it?
I tried searching the net it says the problem lies with a ms security patch. How I wish I can unintall that patch.
when does a sesson object expire?
- at the end of 20 minutes
- after they close their browser ? does that end the session?
I have a home page in html with two buttons to call my main.asp in another window my problem is:
1-From my home page I open another web page my main menu, this new page have a SessionID. (OK)
2-If I open another web page from the same home page, this new page have the same SessionID as the page open in first step
I want to get a new SessionID for every page I open from my home page and don't want to abandon the first session...
I have asp and asp.net web application. When I run it in IE7 in first tab it
starts a new session. When I open second tab and browse to the same site the
new session is not started (infact I need to have new session there).
Whereas, 2 IE instances generate 2 unique sessions. Only issue is with IE
tabs. Firefox also has similar things but lets not talk about firefox here.
I am more concerned with IE only.
In my login script I set session("User") = rs("User") the session timeout is set to 20 min
Do I need to setup some kind of update session variable on each page so that the timeout does run out or does iis update the variable aslong as I'm browsing the website ?
And another thing, <% application("something") %> works fine on my test server but once I implement it onto the main webserver I dont get any text out, is there some kind of switch that enables this function ?
How can I know if a user session had timed out ?
I always get an error in my asp page when I try to access
my session variable if it timed out.
My buttons default as you can see in the code. But I now want to take what is already choosen in database and chose apropriate button. Can I use a session to choose a radio button?
Code:
<TD><b><font face="Arial" color="#000080">Password</TD>
<TD><input type ="text" value="<%=Password %>" input name="Password" size="50" ><input type ="Hidden" value="<%=userNumber %>" input name="userNumber" size="50" ></TD>
</TR>
<TR>
<TD><b><font face="Arial" color="#000080">Billing Choice</font></b></TD>
<TD><fieldset style="padding: 2">
<input type="radio" value="Monthly" checked name="R1">Monthly
<input type="radio" name="R1" value="Quarterly">Quarterly
<input type="radio" name="R1" value="Annually">Annually</fieldset><p>Hold
Billing Date <input type="text" name="NextBillDate" size="20" Value=<%=NextBillDate%>></TD>
</TR>
I am using the session(loggedin) to see if a user is logged into that section of the site. The problem is that it is timing out on them, is there a way to define the length of the session (I think it times out at 10 or 20 mins currently), but to extend it to an hour or so. Any thoughts.
View Replies View RelatedI've developed a shopping cart app in ASP, to secure transaction by SSL, it 've put only the checkout page in SSL but all other pages i.e. product, cart etc remains on non SSL connection. How can I track user session from non SSL to SSL checkout page as the SessionID changes when shifting to SSL (to prevent session stealing/ hijacking). I'm tracking user session by putting SessionID in cart DB with products. Given below the preview of cart table ....
View Replies View RelatedI'm trying to only show part of my page based on a variable, I have two
Session Variables -
Session("EMPLOYEEMAXUSERS")
Session("EMPLOYERUSERS")
Now what I'm trying to do is -
ShowIf Session("EMPLOYERUSERS") < Session("EMPLOYERMAXUSERS")
I can't get this to work though