p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

asp_forms thread: Passing Session Variables to Another Server


Message #1 by "Embrey, Darrell (DL)" <DLEmbrey@d...> on Tue, 21 May 2002 15:26:42 -0500
Greetings,

I have several ASP forms on our Intranet where we store the Userid and
password for an individual as session variables to authenticate their 
access
to run reports against our database. We currently use these session
variables to populate hidden form fields to pass to ASP page that 
executes
the report. This presents a problem in that viewing the source for the 
page
can expose the Userid and password. Is there a way to pass the session
variable from one server to another without exposing the information 
through
the client's browser? I've included some snippets to show how we 
currently
pass these variables.
		Function GetUserID()
		' determine the user ID
		strUserID =3D Request.ServerVariables("LOGON_USER")


		<form id=3D"CRADOAgree" target=3D"top" name=3DCRADOAgree
action=3D"http://crystallegal.intranet.dow.com/IPMSWebBase/ADO_Web_Test.
asp"
method=3D"post" language=3DJavaScript onreset=3D"return 
Form_onreset();"
onsubmit=3D"return Form_onsubmit();">
		<input type=3Dhidden value=3D"<%=3DSession("User_ID")%>" name=3Duid>

		<input type=3Dhidden value=3D"<%=3DSession("Password")%>"
name=3Dpwd>
Although the field values are hidden from normal view in the browser, 
if the
person right clicks the page and selects View Source or selects Source 
from
the View menu option, the values for the Userid and password are 
exposed.
___________________________________________________________

Darrell L. Embrey
Information Systems Technologist =96 Kelly Technical Services
On Assignment at The Dow Chemical Company
Legal Tech & Admin Services
1790 Building Office 186
Midland, MI  48674 USA
Voice:  xxx.xxx.xxxx
Fax:	989.636.1352
E-mail:  DLEmbrey@d... <mailto:DLEmbrey@d...>


  Return to Index