Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470379308
Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
Cover image for product 047041569X
LINQ-ifying TheBeerHouse: An N-Tier LINQ Web Application with ASP.NET 2.0 Website Programming Problem Design Solution
Write for Wrox: Programmers writing for programmers
  Return to Index  

asp_web_howto thread: ("HTTP_REFERER") does not hold a value

Message #1 by "Darin Oehlke" <warlock_1300@y...> on Thu, 25 Apr 2002 22:48:32
I am using a really simple redirect for certain pages to have users log in 
before they dcan access them. Here it is:

<%
IF Session("userid") = "" Then
	Response.Redirect "../login.asp"
END IF
%>

I also have a log in button on the main page so the users can start the 
session right away. Here it is :

<center>
<FORM ACTION="login.asp" METHOD="POST">	
<INPUT TYPE="SUBMIT" VALUE="Log In"></FORM>
</center>

Not real difficult so far, however, if the restricted pages are accessed 
without being logged in and the user is redirected, the ("HTTP_REFERER") 
variable holds no value.

In the log in script I am trying to use that value to send the person back 
to the page they requested in the first place. If the <form> button is 
used it works perfectly, however, if they can use the button then they are 
not on a restricted page so it doesn't do me a ton of good.

Is there any way I can force the redirect to submit the sameway as the 
<form> button?
Message #2 by "Ken Schaefer" <ken@a...> on Fri, 26 Apr 2002 12:26:46 +1000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Darin Oehlke" <warlock_1300@y...>
Subject: [asp_web_howto] ("HTTP_REFERER") does not hold a value


: I am using a really simple redirect for certain pages to have users log in
: before they dcan access them. Here it is:
:
: <%
: IF Session("userid") = "" Then
: Response.Redirect "../login.asp"
: END IF
: %>
<snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Once you redirect, the Referer header is not re-sent by the browser.
I suggest you change the code that you use for checking whether a user is
logged on to read like the following:

<%
Sub VerifyPermissions( _
    )

    Dim strScriptName
    Dim blnIsQMark
    Dim strQueryString
    Dim x

    blnIsQMark = False

    If Not session("Authenticated") = 1 then
        strScriptName 
Server.URLPathEncode(Request.ServerVariables("Script_Name"))

        ' Now if there is a querystring, recreate it
        If Len(Request.ServerVariables("Query_String")) > 0 then
            For Each x in Request.QueryString
                If blnIsQMark then
                    strQueryString = strQueryString & "&" & x & "=" &
Server.URLEncode(Request.QueryString(x))
                    blnIsQMark = True
                Else
                    srQueryString = "?" & x & "=" &
Server.URLEncode(Request.QueryString(x))
                End If
            Next
        End If

        Response.Redirect(Application("SecureServerName") &
"/Default.asp?URL=" & strScriptName & strQueryString)
        Response.End
     End If

End Sub
%>

Watch for wrapping. It passes the referer as part of the querystring, which
you can then access on your login page. The page that processes the login
information should then redirect to the URL above if the user is sucessfully
authenticated.

Cheers
Ken
Message #3 by "Darin Oehlke" <warlock_1300@y...> on Fri, 26 Apr 2002 14:30:51
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Darin Oehlke" <warlock_1300@y...>
Subject: [asp_web_howto] ("HTTP_REFERER") does not hold a value


: I am using a really simple redirect for certain pages to have users log 
in
: before they dcan access them. Here it is:
:
: <%
: IF Session("userid") = "" Then
: Response.Redirect "../login.asp"
: END IF
: %>
<snip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Once you redirect, the Referer header is not re-sent by the browser.
I suggest you change the code that you use for checking whether a user is
logged on to read like the following:

<%
Sub VerifyPermissions( _
    )

    Dim strScriptName
    Dim blnIsQMark
    Dim strQueryString
    Dim x

    blnIsQMark = False

    If Not session("Authenticated") = 1 then
        strScriptName 
Server.URLPathEncode(Request.ServerVariables("Script_Name"))

        ' Now if there is a querystring, recreate it
        If Len(Request.ServerVariables("Query_String")) > 0 then
            For Each x in Request.QueryString
                If blnIsQMark then
                    strQueryString = strQueryString & "&" & x & "=" &
Server.URLEncode(Request.QueryString(x))
                    blnIsQMark = True
                Else
                    srQueryString = "?" & x & "=" &
Server.URLEncode(Request.QueryString(x))
                End If
            Next
        End If

        Response.Redirect(Application("SecureServerName") &
"/Default.asp?URL=" & strScriptName & strQueryString)
        Response.End
     End If

End Sub
%>

Watch for wrapping. It passes the referer as part of the querystring, which
you can then access on your login page. The page that processes the login
information should then redirect to the URL above if the user is 
sucessfully
authenticated.

Cheers
Ken


Thanks Ken!

I'll try that out

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy