«

Hi all,

Anyone know of any issues with setting the value of a Session object
to the value of a submitted form item via
'Session("mySessionObj")=Request.Form("myFrmElem") ' ?

In my case the Session object gets set fine. But when the user links
to another page, the value of the session object is EMPTY.

thanks in advance..

-BB

Brian Burgess wrote on 30 aug 2003 in
microsoft.public.inetserver.asp.general:
> Anyone know of any issues with setting the value of a Session object
> to the value of a submitted form item via
> 'Session("mySessionObj")=Request.Form("myFrmElem") ' ?

This is not "the session object", it is just a variable stored on the
server for use by all asp pages during that session.

"The session object" is the collection of all these variables.

> In my case the Session object gets set fine.

See above.

> But when the user links to another page,
> the value of the session object is EMPTY.

If that page is not in the same session, yes, otherwise it is available.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Well I tried two ways...
1st:
If (Session("login") = Empty) Then
Session("login") = Request.Form("login")
End If

2nd:
If (Session("login") = "") Then
Session("login") = Request.Form("login")
End If


I should also mention that the user could be transfered to this page
from some other pages .. in this case we would not have the
'Request.Form("login")' available to us. HOWEVER, in this case we
should have already been through the login process, and therefore the
Session collection item(login) should already be set.

Got it?


Thnks again,

-BB


On 30 Aug 2003 12:56:19 GMT, "Evertjan."
<> wrote:

>Brian Burgess wrote on 30 aug 2003 in
>microsoft.public.inetserver.asp.general:
>
>> It IS in the same session! .. the user is linking .. in fact this all
>> WAS working .. until I changed the code to only set the value of a
>> Session collection item IF that item did not already have a value.
>
>I think we would need to see that piece of code.

looks like a logical flaw

on your login page, it would be better to use this

If Request.Form("login") <> "" then
Session("login") = true
End if

if the user comes from another page having already logged in, to check

if session("login") <> true then

else

end if

jason

"Brian Burgess" <> wrote in message
news:...
> Well I tried two ways...
> 1st:
> If (Session("login") = Empty) Then
> Session("login") = Request.Form("login")
> End If
>
> 2nd:
> If (Session("login") = "") Then
> Session("login") = Request.Form("login")
> End If
>
>
> I should also mention that the user could be transfered to this page
> from some other pages .. in this case we would not have the
> 'Request.Form("login")' available to us. HOWEVER, in this case we
> should have already been through the login process, and therefore the
> Session collection item(login) should already be set.
>
> Got it?
>
>
> Thnks again,
>
> -BB
>
>
> On 30 Aug 2003 12:56:19 GMT, "Evertjan."
> <> wrote:
>
> >Brian Burgess wrote on 30 aug 2003 in
> >microsoft.public.inetserver.asp.general:
> >
> >> It IS in the same session! .. the user is linking .. in fact this all
> >> WAS working .. until I changed the code to only set the value of a
> >> Session collection item IF that item did not already have a value.
> >
> >I think we would need to see that piece of code.
>

Cool!

That might work better to check if the user had logged in. But I
also need the actual lgoin value in some of the pages. Do you think
that the following would work then?
If Request.Form("login") <> "" Then
Session("login") = Request.Form("login")
End if

Thanks

-BB


On Sat, 30 Aug 2003 14:31:35 +0100, "jason kennedy" <>
wrote:

>looks like a logical flaw
>
>on your login page, it would be better to use this
>
>If Request.Form("login") <> "" then
>Session("login") = true
>End if
>
>if the user comes from another page having already logged in, to check
>
>if session("login") <> true then
>
>else
>
>end if
>
>jason
>
>"Brian Burgess" <> wrote in message
>news:.. .
>> Well I tried two ways...
>> 1st:
>> If (Session("login") = Empty) Then
>> Session("login") = Request.Form("login")
>> End If
>>
>> 2nd:
>> If (Session("login") = "") Then
>> Session("login") = Request.Form("login")
>> End If
>>
>>
>> I should also mention that the user could be transfered to this page
>> from some other pages .. in this case we would not have the
>> 'Request.Form("login")' available to us. HOWEVER, in this case we
>> should have already been through the login process, and therefore the
>> Session collection item(login) should already be set.
>>
>> Got it?
>>
>>
>> Thnks again,
>>
>> -BB
>>
>>
>> On 30 Aug 2003 12:56:19 GMT, "Evertjan."
>> <> wrote:
>>
>> >Brian Burgess wrote on 30 aug 2003 in
>> >microsoft.public.inetserver.asp.general:
>> >
>> >> It IS in the same session! .. the user is linking .. in fact this all
>> >> WAS working .. until I changed the code to only set the value of a
>> >> Session collection item IF that item did not already have a value.
>> >
>> >I think we would need to see that piece of code.
>>
>

what is that advocacy doc about? and what exactly is underquoting?
i've been posting in newsgroups via OE for a couple of years, and have never
seen a thread advocating quoting below a post rather than above

jason

"Evertjan." <> wrote in message
news:Xns93E7A5F203126eejj99@194.109.133.29...
> jason kennedy wrote on 30 aug 2003 in
> microsoft.public.inetserver.asp.general:
> >> On 30 Aug 2003 12:56:19 GMT, "Evertjan."
> >> <> wrote:
> >> >Brian Burgess wrote on 30 aug 2003 in
> >> >microsoft.public.inetserver.asp.general:
> >> >
> >> >> It IS in the same session! .. the user is linking .. in fact this
> >> >> all WAS working .. until I changed the code to only set the value
> >> >> of a Session collection item IF that item did not already have a
> >> >> value.
> >> >
> >> >I think we would need to see that piece of code.
> >>
> > "Brian Burgess" <> wrote in message
> >> Well I tried two ways...
> >> 1st:
> >> If (Session("login") = Empty) Then
> >> Session("login") = Request.Form("login")
> >> End If
> >>
> >> 2nd:
> >> If (Session("login") = "") Then
> >> Session("login") = Request.Form("login")
> >> End If
> >>
> >>
> >> I should also mention that the user could be transfered to this page
> >> from some other pages .. in this case we would not have the
> >> 'Request.Form("login")' available to us. HOWEVER, in this case we
> >> should have already been through the login process, and therefore the
> >> Session collection item(login) should already be set.
> > looks like a logical flaw
> > on your login page, it would be better to use this
> >
> > If Request.Form("login") <> "" then
> > Session("login") = true
> > End if
> >
> > if the user comes from another page having already logged in, to check
> >
> > if session("login") <> true then
> >
> > else
> >
> > end if
>
> [first I would like to stress, please do not underquote
> <http://www.xs4all.nl/%7ewijnands/nnq/nquote.html>]
>
> Brian is right, but do not accept the login confirmation from clientside,
> that can be attacked.
>
> "If true = true then" is superfluous, so this is enough:
>
>
> <%
> If Session("loggedin") Then
> Response.redirect "mainpage.asp"
> End If
>
> If Lcase(Request.Form("loginname")) = "john" AND _
> Request.Form("loginpassword") = "QWERty" then
> Session("loggedin") = true
> Response.redirect "mainpage.asp"
> End If
> Response.redirect "loginpage.asp"
> %>
>
> ==========================
>
> And on mainpage.asp and all other pages:
>
> <%
> If NOT Session("loggedin") Then
> Response.redirect "loginpage.asp"
> End If
> %>
>
> If you have far more than one name/password combination,
> a database becomes usefull.
>
> --
> Evertjan.
> The Netherlands.
> (Please change the x'es to dots in my emailaddress)

Ok I just tried the following:
If Request.Form("login") <> "" then
Session("login") = Request.Form("login")
End if

The Session item gets set correctly as before, but is still reset to
'Empty' once the user clicks the link to another page... any ideas?

Thanks

-bB


On Sat, 30 Aug 2003 17:15:15 +0100, "jason kennedy" <>
wrote:

>what is that advocacy doc about? and what exactly is underquoting?
>i've been posting in newsgroups via OE for a couple of years, and have never
>seen a thread advocating quoting below a post rather than above
>
>jason
>
>"Evertjan." <> wrote in message
>news:Xns93E7A5F203126eejj99@194.109.133.29...
>> jason kennedy wrote on 30 aug 2003 in
>> microsoft.public.inetserver.asp.general:
>> >> On 30 Aug 2003 12:56:19 GMT, "Evertjan."
>> >> <> wrote:
>> >> >Brian Burgess wrote on 30 aug 2003 in
>> >> >microsoft.public.inetserver.asp.general:
>> >> >
>> >> >> It IS in the same session! .. the user is linking .. in fact this
>> >> >> all WAS working .. until I changed the code to only set the value
>> >> >> of a Session collection item IF that item did not already have a
>> >> >> value.
>> >> >
>> >> >I think we would need to see that piece of code.
>> >>
>> > "Brian Burgess" <> wrote in message
>> >> Well I tried two ways...
>> >> 1st:
>> >> If (Session("login") = Empty) Then
>> >> Session("login") = Request.Form("login")
>> >> End If
>> >>
>> >> 2nd:
>> >> If (Session("login") = "") Then
>> >> Session("login") = Request.Form("login")
>> >> End If
>> >>
>> >>
>> >> I should also mention that the user could be transfered to this page
>> >> from some other pages .. in this case we would not have the
>> >> 'Request.Form("login")' available to us. HOWEVER, in this case we
>> >> should have already been through the login process, and therefore the
>> >> Session collection item(login) should already be set.
>> > looks like a logical flaw
>> > on your login page, it would be better to use this
>> >
>> > If Request.Form("login") <> "" then
>> > Session("login") = true
>> > End if
>> >
>> > if the user comes from another page having already logged in, to check
>> >
>> > if session("login") <> true then
>> >
>> > else
>> >
>> > end if
>>
>> [first I would like to stress, please do not underquote
>> <http://www.xs4all.nl/%7ewijnands/nnq/nquote.html>]
>>
>> Brian is right, but do not accept the login confirmation from clientside,
>> that can be attacked.
>>
>> "If true = true then" is superfluous, so this is enough:
>>
>>
>> <%
>> If Session("loggedin") Then
>> Response.redirect "mainpage.asp"
>> End If
>>
>> If Lcase(Request.Form("loginname")) = "john" AND _
>> Request.Form("loginpassword") = "QWERty" then
>> Session("loggedin") = true
>> Response.redirect "mainpage.asp"
>> End If
>> Response.redirect "loginpage.asp"
>> %>
>>
>> ==========================
>>
>> And on mainpage.asp and all other pages:
>>
>> <%
>> If NOT Session("loggedin") Then
>> Response.redirect "loginpage.asp"
>> End If
>> %>
>>
>> If you have far more than one name/password combination,
>> a database becomes usefull.
>>
>> --
>> Evertjan.
>> The Netherlands.
>> (Please change the x'es to dots in my emailaddress)
>

jason kennedy wrote on 30 aug 2003 in
microsoft.public.inetserver.asp.general:
> and what exactly is underquoting?
> i've been posting in newsgroups via OE for a couple of years, and have
> never seen a thread advocating quoting below a post rather than above

But that is what you were doing. You were quoting under your post. This
answer is topquoting.

It does not matter what programme ["OE"] you use, it is against netiquette
on usenet NG.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

How about the original question .. Any one have ideas?

thanks

-BB

On 30 Aug 2003 17:52:53 GMT, "Evertjan."
<> wrote:

>jason kennedy wrote on 30 aug 2003 in
>microsoft.public.inetserver.asp.general:
>> and what exactly is underquoting?
>> i've been posting in newsgroups via OE for a couple of years, and have
>> never seen a thread advocating quoting below a post rather than above
>
>But that is what you were doing. You were quoting under your post. This
>answer is topquoting.
>
>It does not matter what programme ["OE"] you use, it is against netiquette
>on usenet NG.

I figured this one out with everyones help along an article(2157) in
ASPFAQ.com. The trouble was my initial code AND related to an MS security
patch. A KB article(Q316112) describes it.

My code now is more or less it is like the following, and it is working
properly:

<%

Option Explicit


If (Request.Form("loginName") <> "") Then

Session("loginName") = Request.Form("loginName")

End If

Dim strLoginName

strLoginName = Session("loginName")

....

'Do your stuff here

....

%>



Thanks all,

-BB



"Brian Burgess" <> wrote in message
news:...
> Hi all,
>
> Anyone know of any issues with setting the value of a Session object
> to the value of a submitted form item via
> 'Session("mySessionObj")=Request.Form("myFrmElem") ' ?
>
> In my case the Session object gets set fine. But when the user links
> to another page, the value of the session object is EMPTY.
>
> thanks in advance..
>
> -BB