[thelist] More ASP problems - Checking for cookie existance
Martyn Haigh
martyn.haigh at virgincosmetics.com
Thu Jan 30 10:32:01 CST 2003
Sounds like you need to have an include file at the top of every page that
will check for this type of thing. This is the easiest way to do it. I use
it in my password protected areas!
Really easy - forget about the global.asa - create a file called
checklogin.asp (or something like that!) and stick it in your includes
folder (or where ever you want).
I would personally change a bit of your code here. Instead of using cookies
- I would use a session var. cookies are a bit of a security risk - if one
of your legit users is using a shared computer and they forget to log off
your system properly - someone else could compromise your system and pretend
to be that user. But that's your decision.
Put your code to check for the cookie (or session object) in that file.
And include a simple <!--#include virtual="/Includes/checklogin.asp" --> at
the top of every page you want protected.
If you want some more detailed help feel free to ask.
hth
Martyn Haigh
Site Developer
The Virgin Cosmetics Company
City Fields, Chichester, West Sussex PO20 2FP
tel: 01243 622282
-----Original Message-----
From: Christopher Ditty [mailto:cditty at mlgw.org]
Sent: 30 January 2003 16:15
To: thelist at lists.evolt.org
Subject: Re: [thelist] More ASP problems - Checking for cookie existance
I was told to put the code in Application_OnStart by a co-worker. I am
new to ASP, so I did not question him. :) The Session_OnStart now
gives me a different error. Missing Url. This I was able to fix, but
it is now in a continual loop.
Let me explain what I need this code to do and see if that helps.
We are setting a cookie when the user logs in through another system.
When they reach this site, they should have the cookie set. I need to
check for the cookie on every page. If it is not there, then they need
to be kicked to the login screen. Here is the code that I am using so
far.
[code]
If (Request.Cookies("sessLoggedIn") = "") then
Response.Redirect(Application("failureUrl") &
"?code=4")
else
Response.Cookies("sessCookTime") = DateDiff("s",
"01/01/1970 00:00:00", DateAdd("h", 6, Now()))
Response.Cookies("sessCookTime").Domain = ".mlgw.org"
Response.Cookies("sessCookTime").Expires = expireDate
Response.Cookies("sessCookTime").Path = "/"
Response.Cookies("sessCookTime").Secure = False
end if
[/code]
Chris
>>> asp at tvw.net 01/30/03 09:31AM >>>
On Thu, 30 Jan 2003 08:45:15 -0600, Christopher Ditty wrote:
> sub
> Application_Onstart(),
Why are you putting the code here?
The Application_Onstart is for when the server/website is first
started.
You are far better off using the Sub Session_OnStart which is when the
user actually starts their session.
Try moving it and then see what happens.
It would also be usefull to see the full code and exact error message.
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
DISCLAIMER: The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this email by
anyone else is unauthorised. If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to be taken
in reliance on it, is prohibited and may be unlawful.
More information about the thelist
mailing list