Ask a Question related to ASP Database, Design and Development.
-
Chad S #1
ASP SQL Server Database Login - Session Variable
Hello,
I have a tough one for you guys. (Atleast I've been pulling my hair out
trying to figure this one out.) Thanks for taking a look at this for
me.
Scenario:
I have a SQL Server 2000 Database backend. I'm using ASP to connect to
this database. I have a login screen which asks for the username and
password of the user. Everything is working well here. Once the user
is logged into the database they have the option of changing their
password using a built-in stored procedure...sp_password. I also have
this working just fine.
Problem:
Once the user changes his/her password they are logged out of the
system. (Atleast thats what I thought). But they are still able to use
their old password for a period of 1 minute or so. I've tried disable
caching, session.abandon, clearning out the session variables, closing
the browser window, etc. What could I be missing ? I'm basically
trying to figure out how to completely log them out of the system. I've
even tryed stopping and starting the IIS service on my server to see if
this would clear the connection... but no.
Thank you so much for helping me out with this !
Chad
------------------
login.asp Code:
<%
Response.Expires = 0
'----- Global Variables
Dim Username
Dim Password
Dim ReturnTo
Session("Username") = ""
Session("Password") = ""
szDate = Date()
szTime = Time()
szUser = Request("txtUsername")
szPassword = Request("txtPassword")
ReturnTo = Session("ReturnTo")
If szUser <> "" Then
'----- Check to See if User Has Logged into the System
Session("Username") = szUser
Session("Password") = szPassword
'----- Reset Connection to Database for User Login
Session("IBVConn") = ""
Set objConn = Nothing
'----- Go to Index Page if No Return Address is Supplied
If ReturnTo = "" Then
Response.Redirect "main.asp"
Else
Session("ReturnTo") = ""
Response.Redirect ReturnTo
End If
End If
%>
global.asp Code:
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
'----- Global Variables
Dim objConn
Dim rsInsert
Dim rsEdit
Dim sSQL
'---- If Error Display Message
On Error Resume Next
'----- Username and Password Variables for Global Use and Database Login
szUser = Session("Username")
szPassword = Session("Password")
'----- If Nobody Logged in Redirect User as Login Failure
If szUser = "" Then
Response.Redirect "error_loginfailure.asp"
End If
'----- Database Connection to IBV-Clinical ODBC Connection
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open "DSN=IBV-Clinical", szUser, szPassword
'----- If Error Display Login Failure Page
If Err.Number <> 0 Then
Response.Redirect "error_loginfailure.asp"
End If
Err.Clear
On Error Goto 0
%>
change_password.asp Code:
<%
If Request("PageState") = "ChangePassword" Then
sUsername = Session("Username")
sOldPassword = Request.Form("txtOldPassword")
sNewPassword = Request.Form("txtNewPassword")
sReNewPassword = Request.Form("txtReNewPassword")
If sNewPassword <> sReNewPassword Then
Response.Redirect("error_changepasswordmatch.asp")
txtOldPassword = ""
txtNewPassword = ""
txtReNewPassword = ""
Else
Set sSQL = objConn.Execute("EXEC master.dbo.sp_password '" &
sOldPassword & "', '" & sNewPassword & "'")
Session("Username") = ""
Session("Password") = ""
szUser = ""
szPassword = ""
Session.Abandon
Session.Contents.RemoveAll()
Response.Redirect("success_changepassword.asp")
objConn.Close
Set objConn = Nothing
End If
End If
%>
Logoff Code:
<%
'----- Logoff User From Database
Session("Username") = ""
Session("Password") = ""
szUser = ""
szPassword = ""
Session.Abandon
%>
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Chad S Guest
-
Login/Applicationtoken/Session Variable Problem
I am having a problem with Logging in and Session variables. I am new to ColdFusion, but program in other languages including PHP and Java. Recently... -
session problem - login screen continually reloads after pressing the login button
I am trying to get sessions to work on a log in screen to give certain users access to certain pages/directories. The problem is that when the... -
[PHP] Session and Server variable problem
Thanks, but no. On the page not setting the cookie and the php.ini isn't setting it to either. But the .ini isn't setting it at all. Could I put... -
Session and Server variable problem
Hi all, Have an interesting problem. Worked on a web site for a client. They have the server (IIS) set up and we are using php. Have been... -
[SESSION] Session variable deleted prior to command?
Hi all, I'm developing a database system on my local computer (OS/version details at bottom) with a simple user authentication using sessions. On... -
Ken Schaefer #2 Re: ASP SQL Server Database Login - Session Variable
Do you mean they can still log in to your ASP application? Or they can login
to SQL Server?
It seems you have two separate auth mechanisms in play here: ASP Session
variables, and some stuff you have stored in SQL Server...
Cheers
Ken
"Chad S" <webaccess@hotmail.com> wrote in message
news:eD2RJ$8IEHA.3968@TK2MSFTNGP12.phx.gbl...
: Hello,
:
: I have a tough one for you guys. (Atleast I've been pulling my hair out
: trying to figure this one out.) Thanks for taking a look at this for
: me.
:
: Scenario:
: I have a SQL Server 2000 Database backend. I'm using ASP to connect to
: this database. I have a login screen which asks for the username and
: password of the user. Everything is working well here. Once the user
: is logged into the database they have the option of changing their
: password using a built-in stored procedure...sp_password. I also have
: this working just fine.
:
: Problem:
: Once the user changes his/her password they are logged out of the
: system. (Atleast thats what I thought). But they are still able to use
: their old password for a period of 1 minute or so. I've tried disable
: caching, session.abandon, clearning out the session variables, closing
: the browser window, etc. What could I be missing ? I'm basically
: trying to figure out how to completely log them out of the system. I've
: even tryed stopping and starting the IIS service on my server to see if
: this would clear the connection... but no.
:
: Thank you so much for helping me out with this !
:
: Chad
:
: ------------------
: login.asp Code:
: <%
:
: Response.Expires = 0
:
: '----- Global Variables
: Dim Username
: Dim Password
: Dim ReturnTo
:
: Session("Username") = ""
: Session("Password") = ""
:
: szDate = Date()
: szTime = Time()
: szUser = Request("txtUsername")
: szPassword = Request("txtPassword")
: ReturnTo = Session("ReturnTo")
:
: If szUser <> "" Then
:
: '----- Check to See if User Has Logged into the System
: Session("Username") = szUser
: Session("Password") = szPassword
:
: '----- Reset Connection to Database for User Login
: Session("IBVConn") = ""
: Set objConn = Nothing
:
: '----- Go to Index Page if No Return Address is Supplied
: If ReturnTo = "" Then
: Response.Redirect "main.asp"
: Else
: Session("ReturnTo") = ""
: Response.Redirect ReturnTo
: End If
:
: End If
:
: %>
:
: global.asp Code:
: Response.CacheControl = "no-cache"
: Response.AddHeader "Pragma", "no-cache"
: Response.Expires = -1
:
: '----- Global Variables
: Dim objConn
: Dim rsInsert
: Dim rsEdit
: Dim sSQL
:
: '---- If Error Display Message
: On Error Resume Next
:
: '----- Username and Password Variables for Global Use and Database Login
: szUser = Session("Username")
: szPassword = Session("Password")
:
: '----- If Nobody Logged in Redirect User as Login Failure
: If szUser = "" Then
: Response.Redirect "error_loginfailure.asp"
: End If
:
: '----- Database Connection to IBV-Clinical ODBC Connection
: Set objConn = Server.CreateObject("ADODB.Connection")
: objConn.Open "DSN=IBV-Clinical", szUser, szPassword
:
: '----- If Error Display Login Failure Page
: If Err.Number <> 0 Then
: Response.Redirect "error_loginfailure.asp"
: End If
:
: Err.Clear
: On Error Goto 0
: %>
:
: change_password.asp Code:
: <%
:
: If Request("PageState") = "ChangePassword" Then
:
: sUsername = Session("Username")
: sOldPassword = Request.Form("txtOldPassword")
: sNewPassword = Request.Form("txtNewPassword")
: sReNewPassword = Request.Form("txtReNewPassword")
:
: If sNewPassword <> sReNewPassword Then
:
: Response.Redirect("error_changepasswordmatch.asp")
:
: txtOldPassword = ""
: txtNewPassword = ""
: txtReNewPassword = ""
:
: Else
:
: Set sSQL = objConn.Execute("EXEC master.dbo.sp_password '" &
: sOldPassword & "', '" & sNewPassword & "'")
:
: Session("Username") = ""
: Session("Password") = ""
: szUser = ""
: szPassword = ""
:
: Session.Abandon
: Session.Contents.RemoveAll()
:
: Response.Redirect("success_changepassword.asp")
:
: objConn.Close
: Set objConn = Nothing
:
: End If
: End If
: %>
:
: Logoff Code:
: <%
: '----- Logoff User From Database
: Session("Username") = ""
: Session("Password") = ""
: szUser = ""
: szPassword = ""
:
: Session.Abandon
: %>
:
: *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
: Don't just participate in USENET...get rewarded for it!
Ken Schaefer Guest
-
roger #3 Re: ASP SQL Server Database Login - Session Variable
"Chad S" wrote
> Problem:
> Once the user changes his/her password they are logged out of the
> system. (Atleast thats what I thought). But they are still able to use
> their old password for a period of 1 minute or so.
Sorry Chad, I can't follow that at all. Is global.asp an include file?
When you use ---
session.abandon
response.redirect "somewhere.asp"
global.asa will fire again. Is there anything in there?
I would suggest that you put "Option Explicit" at the top
of each page, because I think you are unintentionally creating
new variables, e.g. txtOldPassword
Also changing Request("whatever") to Request.Form("whatever")
is a good idea. I'm not sure what Request("whatever") means.
And last, why log the users out? Why not just change the session
variables to their new password and username?
--
roger
roger Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
