ServerVariables issue

Results 1 to 9 of 9

Thread: ServerVariables issue

  1. #1
    Join Date
    Dec 1969
    Posts
    2,892

    Default ServerVariables issue

    Hi all:<BR><BR>I have a login page that posts to a 2nd page. If login fails, I redirect the person back to the 1st Login page.<BR><BR>I would like to use the HTTP_REFERER ServerVariable to pick up the url from where the user came, but I just keep getting the url of my 1st page - Login1.asp.<BR><BR>I am guessing here that it&#039;s because I&#039;m using Response.Redirect and not a link on both pages to move the user around. Does that sound right to anyone &#039;In The Know?&#039;<BR><BR>Thanks<BR><BR>KurtW

  2. #2
    Join Date
    Dec 1969
    Posts
    96,118

    Default I don't get it...

    *WHEN* do you try to get the HTTP_REFERER?<BR><BR>The only time you can get it and have it *not* be "Login1.asp" would be when the user *first* hits your site.<BR><BR>

  3. #3
    Join Date
    Dec 1969
    Posts
    2,892

    Default RE: I don't get it...

    I was under the impression that when anyone clicks on any link, inside your site or out, the destination page, if it requested the HTTP_REFERER, would return the url from where the user clicked in/last was. I have used this inside the site and it seems to work.<BR><BR>What I am trying to do, in essence, is track HOW a user got to my login page. But the only data I really care about is if they have come from the 2nd page - the one to which Login1.asp posts. If they login correctly then they are dumped on a Success! page. If not, they are Redirected BACK to Login1.asp. <BR><BR>My hope was that if I capture the referer, and see that it has come from that 1 specific page, then I know their login has failed and can deliver a custom message.<BR><BR>But it seems to me that Response.Redirect won&#039;t return an HTTP_REFERER.<BR><BR>Hope that makes more sense.<BR><BR>KurtW

  4. #4
    Join Date
    Dec 1969
    Posts
    6,476

    Default RE: I don't get it...

    Why not just add it to the QueryString when you go to redirect?<BR><BR>Response.Redirect "login.asp?Error = 1"<BR><BR>On login page check for it.<BR>IF Request.QueryString("Error") = "" Then<BR>&#039;no error so 1st times here.<BR><BR>Else<BR>&#039;oops there was an error<BR>End if<BR><BR>


  5. #5
    Join Date
    Dec 1969
    Posts
    96,118

    Default I misunderstood!

    Yes, Response.Redirect messes up the REFERER. <BR><BR>Remember, it is the *BROWSER* that keeps track of the REFERER; it just reports it to the server.<BR><BR>So when you submit from LOGIN1.asp, *that* page is the last page that the browser knows about, and it is automatically the REFERER. When you do the redirect from page2.asp, that means page2.asp is never sent back to the browser, so there is nothing to replace LOGIN1.asp as the REFERER.<BR><BR>Since Response.Redirect *does* happen by way of the browser (using a 300-series response code), I would imagine that different browser could then do different things: Either retain the REFERER they remember or wipe out all info on REFERER. Dunno if there is an HTML spec on this.<BR><BR>**********<BR><BR>But there&#039;s an easy way around this:<BR><BR>Response.Redirect "Login1.asp?errmsg=" & Escape("Invalid user name or password"<BR><BR>And then Login1.asp can simply do<BR> &#060;%<BR> If request(errmsg) &#060;&#062; "" Then<BR> ...<BR> End If<BR> %&#062;<BR>

  6. #6
    Join Date
    Dec 1969
    Posts
    96,118

    Default Ummm...whatever you do...

    ...don&#039;t put spaces in the querystring! <BR><BR>Response.Redirect "login.asp?Error=1"<BR><BR>If you need spaces (or punctuation, in general), use ESCAPE or Server.URLEncode on the text.<BR><BR>

  7. #7
    Join Date
    Dec 1969
    Posts
    15

    Default one-page login form

    OK.. looks like I&#039;m a bit late.. but I just spent 10 minutes writing this answer... so I&#039;ll post it anyway... lol<BR><BR>Let me make sure I&#039;m understanding you...<BR><BR>They open a page called something.asp ... this page notices that they are not logged in, sends them to login1.asp, and then they are sent to either login2.asp or to the something.asp where they came from, depending on if they were authenticated or not?<BR><BR>What I do is use a IF ... THEN statement to check the login status.<BR><BR>login.asp sends them to login.asp?action=login and then I check the Request.Querystring("action") for "login". <BR><BR>If len(request.querystring("action") &#062; 0 then<BR> qsAction = request.querystring("action")<BR>else<BR> qsAction = "default"<BR>end if<BR><BR>if qsAction = "login" then<BR><BR> &#039;code here to validate login info<BR> &#039;catch errors here<BR> if qsAction &#060;&#062; "error" then <BR> response.redirect(fromPage)<BR> end if<BR><BR>end if<BR><BR>&#039;login form here<BR>&#039;display errors here<BR><BR>...<BR><BR>Now for the "redirecting" back to the original page that called the login page, I use a QueryString variable to hold the "from" URL... <BR><BR>on the calling page:<BR><BR>&#060;%<BR>if len(session("uID")) = 0 then<BR> response.redirect("/login.asp?from=" & request.ServerVariables("SCRIPT_NAME") %&#062;)<BR>end if<BR>%&#062;<BR><BR>thus storing the "from" as a QS variable, where you can forward it onto another page likewise:<BR><BR>&#060;form action="&#060;%= Request.ServerVariables("SCRIPT_NAME") %&#062;?action=login&from=&#060;% request.QueryString("from") %&#062;" method="post" ... &#062;<BR><BR>this way, when the user attempts to login, if they are successful, you can response.redirect them to the "from" page or persist for correct information.<BR><BR>I like to use the one-page forms, that way I don&#039;t have to pass variables back and forth, and I can catch errors in the first half of the page and display them if the info is not correct.<BR><BR>OR ... you could just grab the "referrer" on the login1.asp page and store it in a hidden field in the login form, then use that to return them to the original page... (and ignore everything I just said).<BR><BR>I hope my answer is not too long-winded for you... I tend to ramble a bit and over-explain myself.<BR><BR>-Clifford Wagner

  8. #8
    Join Date
    Dec 1969
    Posts
    2,892

    Default Clifford, Bill, Russell...

    Thanks All:<BR><BR>Yeah, Bill, that&#039;s what I thought.<BR><BR>As far as QueryStrings go, I try never to use them with any data a user can alter. But I did come up with another solution I like:<BR><BR>Each pass thru the Login process increments a SessionVar by 1. After three tries they are redirected to a "black-hole" page that tells them they can&#039;t come in.<BR><BR>That seems to work well. Thanks for your help - especially Clifford. Don&#039;t worry about being long winded - I prefer it that way!<BR><BR>KurtW

  9. #9
    Join Date
    Dec 1969
    Posts
    6,476

    Default Uggg

    I never do that with spaces...<BR>Why i did there got no clue...<BR>Used to writing variables I guess...<BR>Russell = "Mental" lol<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •