Redirect not working first time in classic ASP

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Andrew Poulos
    #1

    Redirect not working first time in classic ASP

    I have a simple page with a form in it that gets posted to the following ASP

    <%@ language="javas cript" %>

    <%
    var login_success_p age = "../intro.asp";
    var login_failed_pa ge = "../failed.asp";

    // some db related code here

    if (bError) {
    Session("auth") = 0;
    Response.Redire ct(login_failed _page);
    } else {
    Session("auth") = 1;
    Response.Redire ct(login_succes s_page);
    }


    If I, in the form, I enter the appropriate information I get to the
    intro page though if I don't enter the appropriate information I don't
    get to the fail page. But if I click back to the form page from the
    intro page and enter inappropriate information I do get the fail page.

    I don't understand why it's not working the first time. If I hard code
    the full path to failed .asp or use Server.MapPath( "../") +
    "failed.asp "; I get an error that reads "Object Moved The object may be
    found here."

    Andrew Poulos
    Tags: None
    • Mark J. McGinty
      #2
      Re: Redirect not working first time in classic ASP


      "Andrew Poulos" <ap_prog@hotmai l.comwrote in message
      news:45a2213e$0 $22035$5a62ac22 @per-qv1-newsreader-01.iinet.net.au ...
      >I have a simple page with a form in it that gets posted to the following
      >ASP
      >
      <%@ language="javas cript" %>
      >
      <%
      var login_success_p age = "../intro.asp";
      var login_failed_pa ge = "../failed.asp";
      >
      // some db related code here
      >
      if (bError) {
      Session("auth") = 0;
      Response.Redire ct(login_failed _page);
      } else {
      Session("auth") = 1;
      Response.Redire ct(login_succes s_page);
      }
      >
      >
      If I, in the form, I enter the appropriate information I get to the intro
      page though if I don't enter the appropriate information I don't get to
      the fail page. But if I click back to the form page from the intro page
      and enter inappropriate information I do get the fail page.
      >
      I don't understand why it's not working the first time. If I hard code the
      full path to failed .asp or use Server.MapPath( "../") + "failed.asp "; I
      get an error that reads "Object Moved The object may be found here."
      Consider that a redirect is implemented as a response to one request that
      contains an instruction to "request it from [here] instead." In absence of
      cache-control headers the browser is free to cache the initial response.
      This is why an ASP script that posts to itself and conditionally redirects
      is not a great design for a login mechanism: anything that caches a redirect
      effectively bypasses ASP processing.

      It's possible to append a date serial value for a dummy parameter to the URL
      passed to Response.Redire ct, as a "cache killer" for authentication purposes
      it's a weak design. Instead, write a function that checks whether the user
      has authenticated *and* generates your login page if not, in the context of
      the original request. If the original request's method was "POST", the
      function should copy any form values that were posted to it, to hidden
      inputs in the login form, so that user input is not lost by authentication.
      Then store the function in a file, server-side include that file in every
      protected ASP page, and call the function before writing any other content
      to the response.


      -Mark

      Andrew Poulos

        Comment

        Previous template Next
        Working...