[thelist] ASP, HTTP_REFERRER, Session questions

[Beau Hartshorne]

Hi,

I am developing a login script. They hit login, which posts the info to
an Authentication script. If authenticated, I wanted users to be
Response.Redirect(ed) back to the page they were originally coming from
(the page they clicked the login link from), *querystring* and all. It
seems like Request.ServerVariables("HTTP_REFERER") is the best way to
find out where a user came from. My concern is that if someone comes
from another site, say Google, and goes directly to the login script
they will be redirected back to Google once they are authenticated. To
prevent this, my thinking was to check the string returned by
HTTP_REFERER and search for the site's domain. If the site's domain
(foobar.com) was found in the HTTP_REFERER string, then the script will
redirect users to the page they came from. If foobar.com was not found
in the HTTP_REFERER string, then they get redirected back to the site's
index.asp page.

Here's what a sample HTTP_REFERER string looks like:
http://www.foobar.com/news.asp?id=1

Is there a better way to do this?

The other question I had was about performance. I've got about 3-5
session variables (containing things like passwords, user names, error
messages, HTTP_REFERRER strings, etc). I expect that the site will peak
at around 5000 user sessions per hour once the site goes live. Will I
crush that poor shared Win2000 server with all those session variables?

I read one of rudy's old posts about Access database performance, and
it's made me confident that with that many users I shouldn't get more
than a few concurrent connections. I've been pretty careful about using
objConn.close and Set objConn = nothing when I'm done with the
connection object, but I haven't gone as far as storing everything into
two dimensional arrays instead of objRS objects. The database is
primarily used for a forum, which only peaks at around 2000 or so user
sessions an hour.

Thanks,

Beau