Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > HTML > Dynamic page login problem

Reply
Thread Tools

Dynamic page login problem

 
 
floortje
Guest
Posts: n/a
 
      09-11-2003
Hi, im not sure im in the right group ive tried the explorer groups but they
seem as clueless as me. But hey, what do they know bout building sites )
So maybe there is a html solution or something that will help me. Maybe a
doctype or so ?

Anyways I got a forum where people optionally can login to to get some xtra
funtions.

If people are not logged in I show a little login form on the left side of
the page.
The only problem is the due to the ever changing url
"/vragen.php?id=[1-24000]" internet explorers password manager wont remember
the password in the forum cause it seems tot hink it's another page.

<pointless info that will prevent u form replying that I need to store stuff
in a cookie>
I store their userid and md5 password in a cookie that has exactly one year
to live.
</pointless info that will prevent u form replying that I need to store
stuff in a cookie>

Is there anyway to work around this ?

Floortje


 
Reply With Quote
 
 
 
 
Toby A Inkster
Guest
Posts: n/a
 
      09-11-2003
floortje wrote:

> The only problem is the due to the ever changing url
> "/vragen.php?id=[1-24000]" internet explorers password manager wont remember
> the password in the forum cause it seems tot hink it's another page.
>
> Is there anyway to work around this ?


Yes - don't change the URL.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me - http://www.goddamn.co.uk/tobyink/?id=132

 
Reply With Quote
 
 
 
 
floortje
Guest
Posts: n/a
 
      09-11-2003

"Toby A Inkster" <(E-Mail Removed)> schreef in bericht
news(E-Mail Removed). ..
> floortje wrote:
>
> > The only problem is the due to the ever changing url
> > "/vragen.php?id=[1-24000]" internet explorers password manager wont

remember
> > the password in the forum cause it seems tot hink it's another page.
> >
> > Is there anyway to work around this ?

>
> Yes - don't change the URL.


U mean post the id ... wich means noone could hyperlink to my page directly.

the location of the page stays the same just the GET varaibles change



 
Reply With Quote
 
floortje
Guest
Posts: n/a
 
      09-12-2003

"Owen Jacobson" <(E-Mail Removed)> schreef in bericht
news:%2a8b.6358$(E-Mail Removed). ..
> floortje wrote:
>
> >
> > "Toby A Inkster" <(E-Mail Removed)> schreef in
> > bericht news(E-Mail Removed). ..
> > >
> > > Yes - don't change the URL.

> >



> What he's saying is only use the latter of those three, rather than
> changing the URL each time the visitor accesses the page.
>
> You appear to be using PHP, which means changing it to pull that
> information from a session cookie (separate from the password cookie)
> *should* be a one-line change somewhere.

'
Hehe im using cookies for session but the id part is the id of the question.
It's a forum. So vragen.php?id=3 means topic no3 etc. So I really have
little choice.


 
Reply With Quote
 
Toby A Inkster
Guest
Posts: n/a
 
      09-12-2003
floortje wrote:

> Hehe im using cookies for session but the id part is the id of the question.
> It's a forum. So vragen.php?id=3 means topic no3 etc. So I really have
> little choice.


You do have a choice. It's quite simple really. "Think outside the box,"
as they say.

'vragen.php?id=3' is a script that notices that the visitor isn't logged
in, so it sets a cookie called 'return' with the value 'vragen.php?id=3'.
It now redirects to 'login.php'. 'login.php' does all the usual login
stuff. Once this is all done you inspect the value of the cookie called
'return' and redirect to whatever string it contains.

The weakness is that this solution relies on cookies. However, you are
already relying on cookies anyway.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me - http://www.goddamn.co.uk/tobyink/?id=132
 
Reply With Quote
 
Greg Schmidt
Guest
Posts: n/a
 
      09-14-2003
On Fri, 12 Sep 2003 22:00:33 +0100, Toby A Inkster
<(E-Mail Removed)> wrote:

>floortje wrote:
>
>> Hehe im using cookies for session but the id part is the id of the question.
>> It's a forum. So vragen.php?id=3 means topic no3 etc. So I really have
>> little choice.

>
>You do have a choice. It's quite simple really. "Think outside the box,"
>as they say.
>
>'vragen.php?id=3' is a script that notices that the visitor isn't logged
>in, so it sets a cookie called 'return' with the value 'vragen.php?id=3'.
>It now redirects to 'login.php'. 'login.php' does all the usual login
>stuff. Once this is all done you inspect the value of the cookie called
>'return' and redirect to whatever string it contains.


I think the OP's problem was that vragen.php?id=3 is seen by IE as being
different from vragen.php?id=4, and so it doesn't remember the password
when the user has chosen to take advantage of that particular security
hole to save themselves some typing and remembering.

--
Greg Schmidt ((E-Mail Removed))
Trawna Publications (http://www.trawna.com/)
 
Reply With Quote
 
Toby A Inkster
Guest
Posts: n/a
 
      09-14-2003
Greg Schmidt wrote:

> I think the OP's problem was that vragen.php?id=3 is seen by IE as being
> different from vragen.php?id=4, and so it doesn't remember the password
> when the user has chosen to take advantage of that particular security
> hole to save themselves some typing and remembering.


Yes, which is why I explained that he should store the
'vragen.php?id=blah' in a cookie, redirect to a login screen with a
*fixed* URL (in my example 'login.php') and then redirect back to the
vragen page based on the contents of the cookie:

>>'vragen.php?id=3' is a script that notices that the visitor isn't logged
>>in, so it sets a cookie called 'return' with the value
>>'vragen.php?id=3'. It now redirects to 'login.php'. 'login.php' does all
>>the usual login stuff. Once this is all done you inspect the value of
>>the cookie called 'return' and redirect to whatever string it contains.


--
Toby A Inkster BSc (Hons) ARCS
Contact Me - http://www.goddamn.co.uk/tobyink/?id=132

 
Reply With Quote
 
floortje
Guest
Posts: n/a
 
      09-14-2003

"Toby A Inkster" <(E-Mail Removed)> schreef in bericht
news(E-Mail Removed). ..
> Greg Schmidt wrote:
>
> > I think the OP's problem was that vragen.php?id=3 is seen by IE as being
> > different from vragen.php?id=4, and so it doesn't remember the password
> > when the user has chosen to take advantage of that particular security
> > hole to save themselves some typing and remembering.

>
> Yes, which is why I explained that he should store the
> 'vragen.php?id=blah' in a cookie, redirect to a login screen with a
> *fixed* URL (in my example 'login.php') and then redirect back to the
> vragen page based on the contents of the cookie:
>

interesting ... id stands for the question id in the forum.
Too bad it's not a good solution. I only rely on cookies to login to get
extra functions so anyone without cookies can still read and post in the
forum.


 
Reply With Quote
 
Greg Schmidt
Guest
Posts: n/a
 
      09-14-2003
On Sun, 14 Sep 2003 18:28:05 +0200, "floortje"
<(E-Mail Removed)> wrote:

>
>"Toby A Inkster" <(E-Mail Removed)> schreef in bericht
>news(E-Mail Removed) ...
>> Greg Schmidt wrote:
>>
>> > I think the OP's problem was that vragen.php?id=3 is seen by IE as being
>> > different from vragen.php?id=4, and so it doesn't remember the password
>> > when the user has chosen to take advantage of that particular security
>> > hole to save themselves some typing and remembering.

>>
>> Yes, which is why I explained that he should store the
>> 'vragen.php?id=blah' in a cookie, redirect to a login screen with a
>> *fixed* URL (in my example 'login.php') and then redirect back to the
>> vragen page based on the contents of the cookie:


Ah, I understood the situation the OP was describing differently from
how you understood it, so when I read your post it got something less
useful out of it that I might have. Maybe the OP had the same confusion
I did.

>interesting ... id stands for the question id in the forum.
>Too bad it's not a good solution. I only rely on cookies to login to get
>extra functions so anyone without cookies can still read and post in the
>forum.


Toby's solution can be easily morphed into having a link from your
question pages to the separate login page with a fixed URL, rather than
an automatic redirect. Does this solution work any better for you?

--
Greg Schmidt ((E-Mail Removed))
Trawna Publications (http://www.trawna.com/)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
login page stays on login page Shannon ASP .Net 2 01-09-2008 10:51 PM
Can't create simple login page using asp:login control Sasquatch ASP .Net 2 10-03-2006 09:22 PM
Strange problem with Forms authentication: After successfull login, login page is still displayed Pascal Blanchard ASP .Net Security 1 08-18-2004 08:36 AM
Strange problem with Forms authentication: After successfull login, login page is still displayed Pascal Blanchard ASP .Net Security 0 08-17-2004 06:26 PM
Forms Login Page Not Login Out Hermit Dave ASP .Net 5 01-13-2004 07:14 AM



Advertisments