hide the values shown in querystring in add bar

crmpicco · March 9th, 2005, 07:30 AM

I have a page called 'logincheck.asp'

If a condition is met then a response.redirect is carried out as per code below:

<%
if rscheck.eof then

response.redirect "/mackenzie/asp/reg.asp?agencyid="&agencyid&"&agentid="&agentid&"& username="&username&"&password="&password&""

end if
%>

How do I hide the values shown in the querystring in the address bar? This is due to the fact the password is shown. All my forms use POST. I thought POST did NOT show the values and GET DID??

Picco

www.crmpicco.co.uk
www.milklemonadechocolate.uk.tt

mat41 · March 9th, 2005, 06:36 PM

;;;How do I hide the values shown in the querystring in the address bar
Not sure you can

;;;I thought POST did NOT show the values and GET DID??
Yes, you are correct. A response.redirect is very different from the posting of a form. What method you are using to send form variables doesnt have any relationship with response.redirect behaviours.

Solution 1..
Have you used hidden from variables before?
Forms are not just for getting user input. They can be completely hidden from the user, placed there to hold values and submitted via code rather than a submit button

Solution 2..
Dare I say it but you could use sesison variables. IMO use these sparingly and as a last resort - this would be a quick and nasty solution.

Where are these QS values comming from? If they are comming from a DB just get the unique identifyer, pass that in your QS then on the destination page pull the records again. If I was at your site and saw my UN and PW passed in a QS there is a good chance I wouldnt come back.

Wind is your friend
Matt

crmpicco · March 10th, 2005, 05:34 AM

if rscheck.eof then
     response.redirect "/mackenzie/asp/reg.asp"
     response.write "<form name=form method=post action=reg.asp>"
     response.write "<input type=hidden name=agencyid value="&agencyid&">"
     response.write "<input type=hidden name=agentid value="&agentid&">"
     response.write "<input type=hidden name=username value="&username&">"
     response.write "<input type=hidden name=password value="&password&">"
     response.write "</form>"
end if

How do i submit this form though?

www.crmpicco.co.uk
www.milklemonadechocolate.uk.tt

crmpicco · March 10th, 2005, 06:17 AM

if rscheck.eof then
     session("crm_agencyid")=agencyid
     session("crm_agentid")=agentid
     session("crm_username")=username
     session("crm_password")=password
     response.redirect "/mackenzie/asp/reg.asp"
end if

www.crmpicco.co.uk
www.milklemonadechocolate.uk.tt

vinod_yadav1919 · March 10th, 2005, 09:09 AM

Hii Crimpicco
Why you are using session variables ,it consume server resources,
Think about 100K users ,do you allow sessions for all those users.

Try this,

if rscheck.eof then
     response.write "<form name=form method=post action=reg.asp>"
     response.write "<input type=hidden name=agencyid value="&agencyid&">"
     response.write "<input type=hidden name=agentid value="&agentid&">"
     response.write "<input type=hidden name=username value="&username&">"
     response.write "<input type=hidden name=password value="&password&">"
     response.write "</form>"
     response.write "document.form.submit()"
end if

If you other alternative ,please do share :)

Cheers :)

vinod

vinod_yadav1919 · March 10th, 2005, 09:12 AM

Sorry Crimpicco
before to response.write "document.form.submit()"

use
response.write "<script>"
response.write "document.form.submit()"
response.write "</script>"

Cheers :)

vinod

crmpicco · March 10th, 2005, 10:34 AM

will this work, is Javascript not client-side and asp server-side? how can they go together? this is the problem i was having yesterday with another piece of code

www.crmpicco.co.uk
www.milklemonadechocolate.uk.tt

crmpicco · March 10th, 2005, 10:35 AM

"Think about 100K users ,do you allow sessions for all those users."
this process is only done ONCE per user, on first login

www.crmpicco.co.uk
www.milklemonadechocolate.uk.tt

mat41 · March 10th, 2005, 06:52 PM

crmpicco

There is another way to do this. Have another read of my post, in particular the last paragraph starting with:
"Where are these QS values comming from?"

BTW : That is a question

Wind is your friend
Matt

vinod_yadav1919 · March 11th, 2005, 02:04 AM

Crimpicco
It's working fine

if rscheck.eof then
     response.write "<form name=form method=post action=reg.asp>"
     response.write "<input type=hidden name=agencyid value="&agencyid&">"
     response.write "<input type=hidden name=agentid value="&agentid&">"
     response.write "<input type=hidden name=username value="&username&">"
     response.write "<input type=hidden name=password value="&password&">"
     response.write "</form>"
   response.write "<script>"
response.write "document.form.submit()"
response.write "</script>"
end if

well below technique also work fine :) but one question to share
sesion object(crm_agencyid,crm_agentid,crm_username,crm_p assword) store on the server, more users more session objects ,consume server resources

session("crm_agencyid")=agencyid
     session("crm_agentid")=agentid
     session("crm_username")=username
     session("crm_password")=password

Cheers :)

vinod