kapildev
08-01-2005, 07:25 PM
hi folks,
I have an asp login page and a username and password for it. if both math then it is directed to a desired page. I also have the asp code to generate a different url for the unauthorized users if the copy and paste the url of the desired url in a different browser. But i have a strange problem if i have many IE opened including the desired page and if i copy and paste the desired page url in any of the opened IEs then it is not redirecting to the login page instead it is taking directly to the desired page. But if i open a new IE and if i try to copy paste the desired page url in it then i will be redirected to the authorization page , ie., the login page. I am really confused with this. Please help me out to protect my page.
My new_login.asp page is
<%
Username="RDA"
Password="Joreskog"
Validated = "OK"
if Strcomp(Request.Form("User"),Username,1)=0 AND Request.Form("password") = Password then
'Set the validation cookie and redirect the user to the original page.
Response.Cookies("ValidUser") = Validated
'Check where the users are coming from within the application.
If (Request.QueryString("from")<>"") then
Response.Redirect Request.QueryString("from")
else
'If the first page that the user accessed is the Logon page,
'direct them to the default page.
Response.Redirect "statistical_library.asp"
End if
Else
' Only present the failure message if the user typed in something.
If Request.Form("User") <> "" then
Response.Write "<br>"
Response.Redirect "error_login.asp"
End if
End if
%>
<FORM ACTION=<%Response.Write "new_login.asp?"&Request.QueryString%> method="post">
<pre><span class="style1">
</span></pre>
<h1><span class="style1"><br>
<span class="style34"> <strong> Authorization Required</strong></span></span></h1>
<h1><span class="style1"> </strong></span> <span class="style4 style23 style13 style17 style19 style31 style35 style36"><span class="style4 style23 style17 style19 style31 style36 style37 style40 style44"> The page you requested is password protected. Please enter your Username and Password to login</span></span><span class="style4 style23 style13 style17 style19 style35 style36 style37 style41 style44"><span class="style4 style23 style17 style19 style35 style36 style37 style41 style42"><span class="style4 style23 style17 style19 style35 style36 style37 style43">.</span></span></span>
</h1>
<br>
</h1>
<p class="style18">
<h3><pre><h3> <span class="style1 style12 style19"> Username: </span><INPUT TYPE="text" NAME="User" VALUE='' size="20"></INPUT>
<span class="style2 style12 style19"> Password:</span> <INPUT TYPE="password" NAME="password" VALUE='' size="20">
</INPUT> <INPUT TYPE="submit" VALUE="Login">
</INPUT>
</h3></pre>
</FORM>
and my desired page is
<%
Validated = "OK"
if Request.Cookies("ValidUser") <> Validated then
'Construct the URL for the current page.
dim s
s = "http://"
s = s & Request.ServerVariables("HTTP_HOST")
s = s & Request.ServerVariables("URL")
if Request.QueryString.Count > 0 THEN
s = s & "?" & Request.QueryString
end if
'Redirect unauthorized users to the logon page.
Response.Redirect "new_login.asp?from=" &Server.URLEncode(s)
End if
%>
I have this code in the top of my desired page.
Please help me out with this strange behavior. Is there anything to do with session here as I dont have any idea with sessions in asp.
kapil
I have an asp login page and a username and password for it. if both math then it is directed to a desired page. I also have the asp code to generate a different url for the unauthorized users if the copy and paste the url of the desired url in a different browser. But i have a strange problem if i have many IE opened including the desired page and if i copy and paste the desired page url in any of the opened IEs then it is not redirecting to the login page instead it is taking directly to the desired page. But if i open a new IE and if i try to copy paste the desired page url in it then i will be redirected to the authorization page , ie., the login page. I am really confused with this. Please help me out to protect my page.
My new_login.asp page is
<%
Username="RDA"
Password="Joreskog"
Validated = "OK"
if Strcomp(Request.Form("User"),Username,1)=0 AND Request.Form("password") = Password then
'Set the validation cookie and redirect the user to the original page.
Response.Cookies("ValidUser") = Validated
'Check where the users are coming from within the application.
If (Request.QueryString("from")<>"") then
Response.Redirect Request.QueryString("from")
else
'If the first page that the user accessed is the Logon page,
'direct them to the default page.
Response.Redirect "statistical_library.asp"
End if
Else
' Only present the failure message if the user typed in something.
If Request.Form("User") <> "" then
Response.Write "<br>"
Response.Redirect "error_login.asp"
End if
End if
%>
<FORM ACTION=<%Response.Write "new_login.asp?"&Request.QueryString%> method="post">
<pre><span class="style1">
</span></pre>
<h1><span class="style1"><br>
<span class="style34"> <strong> Authorization Required</strong></span></span></h1>
<h1><span class="style1"> </strong></span> <span class="style4 style23 style13 style17 style19 style31 style35 style36"><span class="style4 style23 style17 style19 style31 style36 style37 style40 style44"> The page you requested is password protected. Please enter your Username and Password to login</span></span><span class="style4 style23 style13 style17 style19 style35 style36 style37 style41 style44"><span class="style4 style23 style17 style19 style35 style36 style37 style41 style42"><span class="style4 style23 style17 style19 style35 style36 style37 style43">.</span></span></span>
</h1>
<br>
</h1>
<p class="style18">
<h3><pre><h3> <span class="style1 style12 style19"> Username: </span><INPUT TYPE="text" NAME="User" VALUE='' size="20"></INPUT>
<span class="style2 style12 style19"> Password:</span> <INPUT TYPE="password" NAME="password" VALUE='' size="20">
</INPUT> <INPUT TYPE="submit" VALUE="Login">
</INPUT>
</h3></pre>
</FORM>
and my desired page is
<%
Validated = "OK"
if Request.Cookies("ValidUser") <> Validated then
'Construct the URL for the current page.
dim s
s = "http://"
s = s & Request.ServerVariables("HTTP_HOST")
s = s & Request.ServerVariables("URL")
if Request.QueryString.Count > 0 THEN
s = s & "?" & Request.QueryString
end if
'Redirect unauthorized users to the logon page.
Response.Redirect "new_login.asp?from=" &Server.URLEncode(s)
End if
%>
I have this code in the top of my desired page.
Please help me out with this strange behavior. Is there anything to do with session here as I dont have any idea with sessions in asp.
kapil