|
Home > Archive > IIS ASP > April 2005 > Cookies problem (bug?)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Cookies problem (bug?)
|
|
| Netanel 2005-03-01, 7:52 am |
| Hi,
I have a site that I developed in ASP / VBScript.
Some of the visitors are complaining that they can't get in into the system
(using the login form of-course).
My login form includes e-mail and passwords fields, that I check within the
e-mail and passwords fields written in the database.
Then, if all is OK and the info the visitor enter is valid, I write it into
a cookie that next time the user get into my site, the system will recognize
him.
As I mentioned before, the problem is that some of the visitors are able to
connect/logon, and some are not. They are getting the regular screen.
I checked with them and the cookies were enabled. I also tried to add a
"Response.Buffer=TRUE" code in the first line of code there --- > NOTHING.
Some people are able to connect just after they clear the cookies from their
computer. For some it doesn't help...
Some can't logout when they are connected :\
I am attaching here some code.
Please help me to solve this problem the persists for long time now.
Thanks,
Netanel.
LOGGING IN CODE:
-----------------------
Rec.Open "SELECT [UserID] FROM Users WHERE
([EMail]='"&ReplaceSTR(Request.Form("EMail"))&"' and
StrComp([PassWord],'"&ReplaceSTR(Request.Form("PassWord"))&"',0)=0)",DB
If (Rec.EOF) Then
Rec.Close : DisposeConn()
Response.Redirect("Default.asp?Err=LoginFailed")
Else
Rec.Close : DisposeConn()
ExpireDate=Date()+365
If (Request.Form("SaveDetails")="on") Then
Response.Cookies("GDUser").Expires=ExpireDate
CEMail=ReplaceSTR(Request.Form("EMail"))
CPassword=ReplaceSTR(Request.Form("PassWord"))
TempString="UD"
Response.Cookies("GDUser")=TempString
Response.Cookies("GDUser")("EMail")=CEMail
Response.Cookies("GDUser")("PassWord")=CPassword
Response.Redirect("Default.asp")
End If
VALIDATION CHECK ON EACH PAGE:
------------------------------------------
MyEmail=Request.Cookies("GDUser")("EMail")
MyPass=Request.Cookies("GDUser")("PassWord")
MyLevel=2
MyFullName=""
MyID=0
Connected=FALSE
isAdmin=FALSE
If (MyEmail<>"") Then
Rec.Open "SELECT [UserID],[UserLevel],[FirstName],[LastName] FROM Users
WHERE ([EMail]='"&MyEmail&"' and StrComp([PassWord],'"&MyPass&"',0)=0)"
If (Rec.EOF) Then
Response.Cookies("GDUser")="User Details"
Response.Cookies("GDUser").expires=date()-1
Else
MyLevel=Rec("UserLevel")
If (MyLevel=1) Then isAdmin=TRUE
MyID=Rec("UserID")
MyFullName=Rec("FirstName")&" "&Rec("LastName")
Connected=TRUE
End If
Rec.Close
End If
| |
| Mark Schupp 2005-03-01, 6:04 pm |
| in your check-login add some debug code to write out the values of all of
the parameters and SQL statements if a login fails. Then have one of the
"problem" clients test for you.
--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Netanel" <Netanel@discussions.microsoft.com> wrote in message
news:2FD25645-3DDB-4CB4-A2A7-299867ED6992@microsoft.com...
> Hi,
> I have a site that I developed in ASP / VBScript.
>
> Some of the visitors are complaining that they can't get in into the
> system
> (using the login form of-course).
>
> My login form includes e-mail and passwords fields, that I check within
> the
> e-mail and passwords fields written in the database.
> Then, if all is OK and the info the visitor enter is valid, I write it
> into
> a cookie that next time the user get into my site, the system will
> recognize
> him.
>
> As I mentioned before, the problem is that some of the visitors are able
> to
> connect/logon, and some are not. They are getting the regular screen.
> I checked with them and the cookies were enabled. I also tried to add a
> "Response.Buffer=TRUE" code in the first line of code there --- > NOTHING.
>
> Some people are able to connect just after they clear the cookies from
> their
> computer. For some it doesn't help...
> Some can't logout when they are connected :\
>
> I am attaching here some code.
>
> Please help me to solve this problem the persists for long time now.
> Thanks,
> Netanel.
>
> LOGGING IN CODE:
> -----------------------
> Rec.Open "SELECT [UserID] FROM Users WHERE
> ([EMail]='"&ReplaceSTR(Request.Form("EMail"))&"' and
> StrComp([PassWord],'"&ReplaceSTR(Request.Form("PassWord"))&"',0)=0)",DB
> If (Rec.EOF) Then
> Rec.Close : DisposeConn()
> Response.Redirect("Default.asp?Err=LoginFailed")
> Else
> Rec.Close : DisposeConn()
> ExpireDate=Date()+365
> If (Request.Form("SaveDetails")="on") Then
> Response.Cookies("GDUser").Expires=ExpireDate
> CEMail=ReplaceSTR(Request.Form("EMail"))
> CPassword=ReplaceSTR(Request.Form("PassWord"))
> TempString="UD"
> Response.Cookies("GDUser")=TempString
> Response.Cookies("GDUser")("EMail")=CEMail
> Response.Cookies("GDUser")("PassWord")=CPassword
> Response.Redirect("Default.asp")
> End If
>
>
> VALIDATION CHECK ON EACH PAGE:
> ------------------------------------------
> MyEmail=Request.Cookies("GDUser")("EMail")
> MyPass=Request.Cookies("GDUser")("PassWord")
> MyLevel=2
> MyFullName=""
> MyID=0
> Connected=FALSE
> isAdmin=FALSE
>
> If (MyEmail<>"") Then
> Rec.Open "SELECT [UserID],[UserLevel],[FirstName],[LastName] FROM Users
> WHERE ([EMail]='"&MyEmail&"' and StrComp([PassWord],'"&MyPass&"',0)=0)"
> If (Rec.EOF) Then
> Response.Cookies("GDUser")="User Details"
> Response.Cookies("GDUser").expires=date()-1
> Else
> MyLevel=Rec("UserLevel")
> If (MyLevel=1) Then isAdmin=TRUE
> MyID=Rec("UserID")
> MyFullName=Rec("FirstName")&" "&Rec("LastName")
> Connected=TRUE
> End If
> Rec.Close
> End If
| |
| Kyle Peterson 2005-04-30, 2:57 am |
| check www.aspprotect.com
"Netanel" <Netanel@discussions.microsoft.com> wrote in message
news:2FD25645-3DDB-4CB4-A2A7-299867ED6992@microsoft.com...
> Hi,
> I have a site that I developed in ASP / VBScript.
>
> Some of the visitors are complaining that they can't get in into the
> system
> (using the login form of-course).
>
> My login form includes e-mail and passwords fields, that I check within
> the
> e-mail and passwords fields written in the database.
> Then, if all is OK and the info the visitor enter is valid, I write it
> into
> a cookie that next time the user get into my site, the system will
> recognize
> him.
>
> As I mentioned before, the problem is that some of the visitors are able
> to
> connect/logon, and some are not. They are getting the regular screen.
> I checked with them and the cookies were enabled. I also tried to add a
> "Response.Buffer=TRUE" code in the first line of code there --- > NOTHING.
>
> Some people are able to connect just after they clear the cookies from
> their
> computer. For some it doesn't help...
> Some can't logout when they are connected :\
>
> I am attaching here some code.
>
> Please help me to solve this problem the persists for long time now.
> Thanks,
> Netanel.
>
> LOGGING IN CODE:
> -----------------------
> Rec.Open "SELECT [UserID] FROM Users WHERE
> ([EMail]='"&ReplaceSTR(Request.Form("EMail"))&"' and
> StrComp([PassWord],'"&ReplaceSTR(Request.Form("PassWord"))&"',0)=0)",DB
> If (Rec.EOF) Then
> Rec.Close : DisposeConn()
> Response.Redirect("Default.asp?Err=LoginFailed")
> Else
> Rec.Close : DisposeConn()
> ExpireDate=Date()+365
> If (Request.Form("SaveDetails")="on") Then
> Response.Cookies("GDUser").Expires=ExpireDate
> CEMail=ReplaceSTR(Request.Form("EMail"))
> CPassword=ReplaceSTR(Request.Form("PassWord"))
> TempString="UD"
> Response.Cookies("GDUser")=TempString
> Response.Cookies("GDUser")("EMail")=CEMail
> Response.Cookies("GDUser")("PassWord")=CPassword
> Response.Redirect("Default.asp")
> End If
>
>
> VALIDATION CHECK ON EACH PAGE:
> ------------------------------------------
> MyEmail=Request.Cookies("GDUser")("EMail")
> MyPass=Request.Cookies("GDUser")("PassWord")
> MyLevel=2
> MyFullName=""
> MyID=0
> Connected=FALSE
> isAdmin=FALSE
>
> If (MyEmail<>"") Then
> Rec.Open "SELECT [UserID],[UserLevel],[FirstName],[LastName] FROM Users
> WHERE ([EMail]='"&MyEmail&"' and StrComp([PassWord],'"&MyPass&"',0)=0)"
> If (Rec.EOF) Then
> Response.Cookies("GDUser")="User Details"
> Response.Cookies("GDUser").expires=date()-1
> Else
> MyLevel=Rec("UserLevel")
> If (MyLevel=1) Then isAdmin=TRUE
> MyID=Rec("UserID")
> MyFullName=Rec("FirstName")&" "&Rec("LastName")
> Connected=TRUE
> End If
> Rec.Close
> End If
|
|
|
|
|