Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP XML Using ASP 3 and XML. See also the XML category for more XML discussions not relating to ASP. NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP XML section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old November 16th, 2003, 03:15 PM
Authorized User
 
Join Date: Nov 2003
Location: , , .
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default login cookie help

hello, i have a website that uses a http://www32.brinkster.com/speirsy/web_coursework/ that uses a lofin and password feature.
I was lookin 2 implement cookies or session cookies into it, so if the user has logged in before, they dnt need 2 log in again, and was also going to incorporate a checkbox which they can click to 'remember me'

does anyone have any idea how to implement this


your help would be much appreciated



thasnk craig

Reply With Quote
  #2 (permalink)  
Old November 16th, 2003, 11:21 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Assuming that you have your pages set up to send a user back to the login page automatically if a user isn't logged in, then you would need to check for the login cookie on that page. If a loggin cookie is found, the you complete the login automatically and send the user on. If not, then you present the login form.

When a regular login happens (i.e. they enter their username/password and you process the login) then you write a cookie with the pertinent information.

Do you need specific help with one of these tasks?

Session cookies aren't going to help you. You are trying to remember the user between sessions, right?

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #3 (permalink)  
Old November 17th, 2003, 10:57 AM
Authorized User
 
Join Date: Nov 2003
Location: , , .
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

yeah, i want it that the user logs in, and therefore enters the site


a cookie is then created that remembers that the user has logged in , so threfore if he closes his internet browser and accesses my site again , he doesnt need 2 log in.

i need help in the whole cookie structure because i have not got a clue how 2do it


thanks

Reply With Quote
  #4 (permalink)  
Old November 17th, 2003, 11:25 AM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Once you validate a login, you just need to write out the cookies:

Response.Cookies("username") = sUsername
Response.Cookies("password") = sPassword

In the beginning of where the login form lives you do a check for the cookie values before showing the form...

If Request.Cookies("username") <> "" Then
    'Execute login validation here using values from cookies
    'Get values from cookies
    sUsername = Request.Cookies("username")
    sPassword = Request.Cookies("password")
    'call doLogin to validate login,
    'returns true for valid login
    If doLogin(sUsername, sPassword) Then
        Response.Redirect("index.asp")
    End If
End If

There's no Else for either If. If there's no cookie or login is bad (to catch cookie hacking) then you just continue on and show the login form.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #5 (permalink)  
Old November 17th, 2003, 12:10 PM
Authorized User
 
Join Date: Nov 2003
Location: , , .
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

so when the login form is submitted it goes 2 processuser.asp and that validates the username and password and then is redirected to the main.asp which is the main part of the site.
so i should put
Response.Cookies("username") = sUsername
Response.Cookies("password") = sPassword
 on the main.asp page?

also the check for the cookies

If Request.Cookies("username") <> "" Then
    'Execute login validation here using values from cookies
    'Get values from cookies
    sUsername = Request.Cookies("username")
    sPassword = Request.Cookies("password")
    'call doLogin to validate login,
    'returns true for valid login
    If doLogin(sUsername, sPassword) Then
        Response.Redirect("index.asp")
    End If
End If


that redirects the user to main .asp

thanks




Reply With Quote
  #6 (permalink)  
Old November 17th, 2003, 12:28 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

You should set the cookies on processuser.asp. You can't set them on main.asp because that's not where you are validating the login. Plus, if you have code that is checking to make sure a user is logged in, then main.asp (because the cookies aren't set yet) would kick you back to login.asp.

So you need to:
- Set cookies on processuser.asp
- Check cookies on login.asp for return user
- Check the user login status throughout the session.

How are you maintaining the user login status? Do you have (or will you have) code on all the pages that checks to make sure a user is logged in? Because you are going to use a cookie to remember their login between sessions, you could use that as the "in-session" check as well. Every page that you need to protect should call this check. Your logout page would expire the cookies so the next page fails the login check and kicks you back to login.asp.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #7 (permalink)  
Old November 17th, 2003, 12:45 PM
Authorized User
 
Join Date: Nov 2003
Location: , , .
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i dont know, i was just thinking that wen u login to the main site thats just it, but i spsoe people could jst hack into the site, so i dnt know wot 2 do. lol.


also wot code should i use 2 expire all cookies ie the logout phase.

this is quite complex

:)

Reply With Quote
  #8 (permalink)  
Old November 17th, 2003, 02:06 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Yes it can be quite complex.

If someone has been to your site before, they would know they could go to main.asp (instead of just index or login). Unless you have means of checking that someone is logged in on every secure page, you are really defeating the purpose of having a login.

Checking on each page wouldn't be that hard, all you need to do is check that there are values in the cookies for username and password. Now you should probably validate this against your username list (in the database). I would not advise that you do this each time, because that would be excessive. Instead, validate once and store a session value so it's quicker to check each time. Here's what I would do based on what you have said that you have:

login page:
- Check the cookie values for "return user" as I described above. If there are values, call the doLogin() function with the values from the cookies to validate the user against the database (this prevents cookie hacking). Function returns false for bad login.
- If not validated (doLogin = False) or no "return user" (no cookies found), show the login form.

processuser.asp
login.asp posts to this page.
- Call doLogin() function with the values entered into the form. Function returns false for bad login
Bad login:
- redirect to login form again with error message

All other ASP pages
At start of page, call checkLogin()

functions (in a common include file):

doLogin(sUsername, sPassword)
- validate the username and password against the database
if valid:
- write cookies (as described in earlier post)
- write username to the session object (Session("username") = sUsername)
- redirect to main page
if NOT valid:
- return False (need to just return false cause different pages need to handle this differently.)

checkLogin()
- Checks Session("username") for a value.
if there's a value, assume that we've completed a login process (by cookie or login form) and can access the page.
if there's NO value, we need to log in.
- Redirect to the login page

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #9 (permalink)  
Old November 17th, 2003, 09:00 PM
Authorized User
 
Join Date: Nov 2003
Location: , , .
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

its not workin, i have this code on the index.asp page which is the login page and can be viewed here http://www32.brinkster.com/speirsy/web_coursework/

<%
If Request.Cookies("username") <> "" Then
    'Execute login validation here using values from cookies
    'Get values from cookies
    sUsername = Request.Cookies("username")
    sPassword = Request.Cookies("password")
    'call doLogin to validate login,
    'returns true for valid login
    If doLogin(sUsername, sPassword) Then
        Response.Redirect("log.asp")''''''log.asp is the page are redirected 2 when u successfully log in''''''''
    End If
End If

%>


the values on the login form are userQuery and passwordEntry


on the user.asp page which validates if the username and password are correct when u hit login this code is thre.


<%@ Language="VBScript" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?xml version="1.0" encoding="iso-8859-1"?>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>

<%
Response.Cookies("userQuery") = sUsername
Response.Cookies("passwordEntry") = sPassword

%>
</head>

<body>
<%
Dim xmlDocument, path, nodes
set xmlDocument = CreateObject("MSXML2.FreeThreadedDOMDocument")
xmlDocument.async = "false"
xmlDocument.load(Server.MapPath("/speirsy/db/user.xml"))
xmlDocument.setProperty "SelectionLanguage", "XPath"

path = "/records/details[username='" & Request.Form("userQuery") & "']"
set nodes = xmlDocument.selectNodes(path)

If nodes.length = 0 Then
   Response.write("Please enter a valid username and password</br></br>")
Response.write("<a href='index.asp'>Back to login page</a>")

End If

For Each Node In nodes
   For Each Node2 In Node.childNodes
    If Node2.nodeName = "password" Then
         If Node2.text = Request.Form("passwordEntry") Then
Response.Redirect "log.asp"
else
Response.Write(" please enter a valid password</br></br>")
Response.write("<a href='index.asp'>Back to login page</a>")
         End If
      End If
   Next
Nextlog.asp is the page are redirected 2 when u successfully log in
%>

</body>
</html>


any help would be benificial

thanks again


:(




Reply With Quote
  #10 (permalink)  
Old November 17th, 2003, 09:43 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Where did you put doLogin()? I don't see it anywhere except where you call it. That should live in a common include file that index.asp and user.asp both include. Then you can call it from each one file.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Session/Cookie Expires, Login page appears rajn ASP.NET 1.0 and 1.1 Professional 3 June 27th, 2007 06:19 AM
login page. cookie handling. richie86 ASP.NET 1.0 and 1.1 Basics 1 November 27th, 2005 05:13 AM
How to write a cookie during a login session taoree ASP.NET 1.0 and 1.1 Basics 3 April 18th, 2004 02:40 PM
login cookie help daddycool2k ASP.NET 1.0 and 1.1 Basics 0 November 16th, 2003 03:17 PM



All times are GMT -4. The time now is 07:54 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.