I have an application that uses SQL extensively. However some of what it uses SQL for (the results) are fairly static and change in the database very rarely. Would it be more efficient to store this information in application variables rather than doing SQL queries each time? Its a pretty heavily utilized application. Would application variables be able to handle the traffic?
Is possible to terminate all session variable created without closing the browser I do not want users to click on BACK button on browser or paste the url link in the http:// and shows the record displayed after logout. This works fine if users close the Browser.
I'm sure we've all heard the warnings about using cookies instead of session variables to store all of that user data so that our servers don't get bogged down. I'm just wondering how serious is this. I mean, is it just a suggestion or do these variables really take up a large amount of memory per visitor?
"Why would it matter? Just use cookies!" might be your response. Well, say I'm creating a user backend to edit a news section for a company. Now, I realize that the company newsletter is not mission critical information, but my novice-programming gut will not let me sit at ease if I store usernames and passwords in cookie data. What's to prevent someone else from looking at that local machine and fake my cookies, or even directly login with the information contained there-in?
For a recent backend along these lines, I stored a custom class in a session variable (all of you hardcore ASP guys can take a deep breath and stop twitching ). The class basically contained a copy of that user's database record (a user id, the username, the password, the e-mail address, and a few different permission variables).
I did this for two reasons:
1) I filtered all of my content through default.asp (meaning that each url looked something like default.asp?p=events where p was the real page request). Doing this allowed me to simply check the user's credentials in the default.asp script and then server.transfer them to the real page contained in the p querystring variable. I used the session-stored class after the first login (so I didn't have to hit the DB with each page request but could still make sure they had access to the site).
2) I knew before-hand that this system was only going to be used by 10-15 people max, and only 1 or 2 would be logged on at a time, let alone most of the idle time when no one was logged in (basically, it was a very low-load system so I didn't mind being unconventional). Code:
I'm involved in quite a large project which has a slightly unusual form of login (at least I think it's unusual!). I'm creating a site in ASP (actually Chilisoft ASP) where access to all pages has to be secured via login. The odd bit is that while the login page will be on this site, the login process itself will be carried out on a completely separate domain - this is the client's requirement so I have no choice.
On login, the user will be assigned a 24 hour cookie by this 2nd domain and then be passed back to the site I'm involved with. My site then needs to assign a similar cookie (I'm assming that I won't be able to read the other domain's cookie) and allow access to the site for 24 hours.
I'm wondering if it's most efficient to assign a session variable to indicate the user is logged in once my cookie has been generated (rather than have every page check for a cookie again) and on subsequent sessions during the 24 hour period to 1st check for session var, then the cookie and then, if cookie exists, to assign the session variable again.
I'm trying to get a page included into another page, and so far I've been using Server.execute("home.asp") without any problems ['home.asp' is just an example], but now I' m trying to get this to work:
I've got a software package that generates nice roll-over menus. The code generated is javascript. I want to edit the javascript to prevent specific menu buttons from appearing based on security/permissions settings. These permissions are contained in ASP session vairables. So, in the js I want to check for an ASP session("perms")... If I place <% if ... %> in the js file--it errors.
I have a prob passing some vars from an .swf to an .mdb using a n .asp file. When I use the getURL command instead of loadVariablesnum, I am getting this error:
"Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x80040E14) [Microsoft][ODBC Microsoft Access Driver] Number of query values and destination fields are not the same. /processForm.asp, line 112"
I have counted the query values and destination fields a hundred times, but they are both exactly 100.
I guess this is a continuation of my erlier problem which I thought I had solved. I have several inputs being passed from one page where they are inputed in, to a preview page so the user can chek there info, then it will be passed to a page to submit the info to a data base.
I have a input that is the item description var name of �prodesc�. It pass from the input page to the preview page just fine. Then I use the same method to pass it to the next page to save it to a data base, but when it gets to the submit page the var �prodesc� only has the first word of the description that was shown on the previous page? Any one know why its acting like its been trimmed? Code:
Developed a basic ASP web site with MS Access 2k3 as a database back end. I've developed it on two different Win2k3 servers, and app works flawlessly on both.
However, we just moved it to a client's Win2k3 Server, and it's not holding any session variables. It IS, however, holding Application variables, but not session variables.
I checked all the usual things (MS KB, ASPFAQ, etc), but none of them provided any solution. The only difference I can find between the three servers is that one has the Enhanced IE Security whosiwhatsis loaded, whereas mine don't.
I am working on an ecommerce app and want to be able to take my entire POST results as one item (or iterate through them) and check for any malicious SQL INJECTION items. After checking/escaping them i want to save them back into the post results. The reason for this is because I have coded the entire app and just learned about the dangers of SQL Injection and rather than going through every post var and fix it I would rather run a function at the beginning of each page.
for debugging purposes, I am wondering if it is possible to have an ASP script that:
-creates a tabel with two columns -writes a var name in the first column -writes its value in the second column
is this possible? Right now, I have manually created this tabel for myself, but everytime a new var is defined, I have to update my 'debug' table. Can this be automated?
a customer already has a website with ASP pages to request a call from a salesman... and it emails HQ with about 20 form values and also emails the customer.
what we'd like to do in a simple way is store those 20 fields somewhere they can be downloaded as well, instead of messing with the emails. but i don't want to mess with any rdbms (cause we don't have access to the server--- long story) so i'm wondering if some simple commands can just write the data to a physical file somewhere in webroot so it can be downloaded at a later time.