|
Use application variable instead of session variable. Now U become free from session. Now check if page is refreshed by session variable. If the browser is refreshed and new session start then chk it on higher version browser, or better ie 5.5 and netscape 7.0, and I think this problem will not exist. If still exist then you have nothing to do.
But I am sure the problem will not exist.
Himadrish Laha
|
|
|
|
|
How can I keep track of the number of online users to implement concurrency metering? So far I have implemented as follows:
When a user logs in, I add an entry to a Status table in the database and store a cookie in his machine.Every time he refreshes his browser, it checks if the cookie exists.If it doesnt exist, it treats it as a new login and updates the status table.
Now I need to remove/decrement the status by 1 when the user logs out. I included this code in Session_End. But there is a problem, I need to call this fucntion only when the user closes his browser. If the user leaves his system idle or refreshes his browser again, Session_End is called twice and the status is decremented by 1 two times, which is incorrect.
How should I implement concurrency metering? Is there any other way other than using session, since most users would probably log out by closing the browser instead of clicking the Log Out button.
|
|
|
|
|
Hi all,
I'm a bit of a newbie to HTML, and I'm hoping the answer to this question is easy!
What I'd like to know is, is there a way to create a frame in an HTML file whose content is also specified 'inline', rather than by the src attribute e.g:
<html>
...
...
<frame>
This is the content of the frame
</frame>
...
...
</html>
The reason I ask is that I'm creating a page dynamically with ASP and I'd like the bottom half of the page to be a scrollable frame. It would be a lot easier to create the frame if the ASP code within the frame could access the variables in the top half of the page, which doesn't seem possible if the frame was generated from a seperate .ASP file.
Any suggestions would be greatly appreciated!
TIA,
Pete
|
|
|
|
|
I am a third yr computer student and I have a 6wk project coming up and I was thinking coding a p2p file sharing application, I was just wondering if anyone has any experience in writing any file transfer programs, If anyone could tell me if a simple implementation is difficult or could point me in the right direction of a place where I could find information on writing a simple file sharing p2p app… also I was thinking of writing it in java… anybody any comments??????????
|
|
|
|
|
Hi,
I'm not any kind of expert at P2P, but I'd say that implimenting even a /really/ basic app in 6 weeks would be pretty ambitious, even if you pulled a lot of all-nighters.
However, if you're still thinking about it I'd reccommend looking at the source of one of the open-source Gnutella-based servents. The developer lists for those servents would also be helpful I imagine.
Hope that's some help,
Pete
|
|
|
|
|
It is not a good practise to use others code, specially for exam. But U can take a help. If you need any help to transfer file using ASP technology, then I can help you. You may mail me at himadrish@yahoo.com. I have very good codes which helps you a lot to transfer file over the internet or intranet.
Himadrish Laha
|
|
|
|
|
Hi...
I am using cookies in my website to identify users... every user has username and password... I have an option for making the user remember his name...
Some users where simply able to modify the saved Cookie and change the name to use other user's names!!
The username in that case must be the same number of Characters as the stolen name...
How can Iprevent that in the most simple way?? is there a way to make the cookie more secure and prevent users from editing them??
I will appreciate a quick response from anyone of you...
Regards to all...
|
|
|
|
|
MatrixUndone wrote:
I am using cookies in my website to identify users... every user has username and password... I have an option for making the user remember his name...
Some users where simply able to modify the saved Cookie and change the name to use other user's names!!
The username in that case must be the same number of Characters as the stolen name...
How can Iprevent that in the most simple way?? is there a way to make the cookie more secure and prevent users from editing them??
That isn't really possible - cookies are just a text a file on the end users machine and they should be allowed to edit them if they really want to.
What you really need to do is provide extra checks to ensure that the cookie you wrote was the one that gets sent back later on.
You could use a hash of the username and password (and/or other suitable information) and store that in the cookie as well - this can be rechecked on your end quite simply, and if they don't match, then force the user to log in as normal. Whatever you do, the hash has to be generated from at least some information the "evil" user has not got access to - such as passwords you store in a database on your site.
If you generate a hash from just the cookie information, then an "evil" user can generate it too, using the information he wants in that cookie.
If you're using ASP.NET, investigate Forms Authentication, as this can provide the authentication facilities you're looking for.
--
Ian Darling
"The moral of the story is that with a contrived example, you can prove anything." - Joel Spolsky
|
|
|
|
|
Dear Ian
Thank for the reply...
is there a way or a simple script that I can use to encrypt cookies??
|
|
|
|
|
As he said, if you are using ASP.NET, you can encrypt your ticket using the machine key configured in your machine.config or Web.config script (the default is randomly generated). See my article, Role-based Security with Forms Authentication[^] for some brief details.
If you're not using ASP.NET, you have to decide whether to use a javascript file to hash the value on the client side, or to use some ASP code (or COM object) to do it on the server. For MD5 hashes, there is a myriad of examples on the 'net. To do this on the client, there's many javascripts you can use. According to a discussion I was checking out the other day (can't remember if it was here or /.), Yahoo! mail does this on the client before sending the password if the user opts to not use HTTPS (HTTP over SSL) - and who knows why anyone wouldn't want to use HTTPS! 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Thanks Heath Stewart!
Can you please explain to me more on what should I do?? and if you can write down the JavaScript you're talking about and how to use it with Cookies... I will be grateful!!
Thanks already!
|
|
|
|
|
You should discover this for yourself. Just download one of those javascript files that I gave you a search link for. If you look on those pages, most should contain examples of what to do. Essentially, you just hash the password before you submit a form and send the password hash, or store the password hash in a cookie using client-side javascript. Just make sure your client script and the server use the same hashing algorithm, such as MD5 or SHA1 - both mathematically irreversable (known as a one-way hash or digest).
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Hello, I am getting a contract programmer to do some web development for me (ecommerce site). Should I go for a java, asp.net or windows desktop version? what are the pros/cons of each? or should I go for all 3?
|
|
|
|
|
What you should do is hire me 
Seriously, these a pretty broad questions to get answered here.
|
|
|
|
|
yeah, i know it is a very broad queation, but I thought it might open up a broad discussion about the major points. Im tending to steer away from the java platform given that a windows/desktop version is so much more powerful - but then how realsitic is than everyone can 1. load software onto their machine and 2. assume everyone uses windows
|
|
|
|
|
Instead of using onclick, you can use a real <a> tag with javascript: in the href, e.g.:
<a href="javascript:load_musique();">Musique</a>
- Mike
|
|
|
|
|
hooo!! nice, thanks!
Maximilien Lincourt
"Never underestimate the bandwidth of a station wagon filled with backup tapes." ("Computer Networks" by Andrew S Tannenbaum )
|
|
|
|
|
Hello, I've got the following code
test.asp
<%@ language="Javascript" %>
<%
var Connection,Recordset;
Connection = Server.CreateObject("ADODB.Connection");
Connection.Open("thesourcename");
var strSQLQuery = "SELECT * FROM clients WHERE .... "
Recordset = Connection.Execute(strSQLQuery);
Session("test") = Recordset.Fields("user_name");
Response.Redirect("test1.asp");
%>
and I've got another code ...
test1.asp
<%@ language="Javascript" %>
<%
Response.Write(Session("test"));
%>
Someone PLEASE tell me what am I doing WROOOOOOOOONG bacause ASP is driving me crazy. The book sais that the Session object should store the values from page to page.
I get an ADODB.Field no longer available error message. Could someone please tell me why ?????????????????
I've got almost the same code in VBScript and it works ....
WHAT'S WRONG ??
Thank you !
|
|
|
|
|
Apologies for not answering your actual question but don't do what you are doing. You are leaving connection objects to the database open, redirecting to other pages without closing them. That is not good.
Maybe explain what you want to do and we can recommend some better ways of doing it.
regards,
Paul Watson
Bluegrass
South Africa
Brian Welsch wrote:
"blah blah blah, maybe a potato?" while translating my Afrikaans.
Crikey! ain't life grand?
|
|
|
|
|
Don't mind the fact that I'm not closing the recordset and the connection. In real life I do that ...
The problem is that I want the test1.asp script to display the content of the Session("UserName") but I am not succesful because I get an error saying that :
Error Type:
ADODB.Field (0x80020009)
Object is no longer valid.
/meteo/test1.asp, line 3
Here is the code:
test.asp
<%@ language="Javascript" %>
<%
var Connection,Recordset;
Connection = Server.CreateObject("ADODB.Connection");
Recordset = Server.CreateObject("ADODB.Recordset");
Connection.Open("Clienti");
var strSQLQuery = "SELECT * FROM clienti WHERE nume_utilizator = \'" + "radio" +"\'";
Recordset=Connection.Execute(strSQLQuery);
Session("UserName") = Recordset.Fields("nume_utilizator");
Recordset.Close();
Connection.Close();
Response.Redirect("test1.asp");
%>
and test1.asp
<%@ language="Javascript" %>
<%
Response.Write(Session("UserName"));
%>
|
|
|
|
|
Ok, my ASP is a bit rusty but I think the problem is because you are storing the object itself, not the value. Because you close the connection, the object becomes invalid.
Damn, JScript needs a ToString() method 
David Wulff, a JScript genius, says you should use Session("UserName") = String(Recordset.Fields("nume_utilizator"));.
regards,
Paul Watson
Bluegrass
South Africa
Brian Welsch wrote:
"blah blah blah, maybe a potato?" while translating my Afrikaans.
Crikey! ain't life grand?
|
|
|
|
|
Seems to be working (for now) ... thank you !
|
|
|
|
|
Use the below
<% @LANGUAGE = VBScript%>
This will also help you to get rid from unimportant error.
And be COOL.
Himadrish Laha
|
|
|
|
|
Hi, I'm a bit confused trying to distinguish between RegionInfo and CultureInfo, after reading a few articles. So, please let me know if my understanding is correct:
1. "CultureInfo":
1.1 CurrentCulture, of type CultureInfo, is for "functions" or "Methods" that formats according to Thread.CurrentThread.CurrrentCulture". Example:
MyDate.ToString(); //This will format according to "CurrentCulture"
Reference: http://docs.aspng.com/quickstart/aspplus/doc/internationalization.aspx
"CurrentUICulture", like CurrentCulture, is of Type "CultureInfo". The difference is that CurrentUICulture is used in locating the appropriate satellite assembly. Say, if CurrentCulture="US-En" and CurrentUICulture="de-DE", then, the framework will still look under "de-DE" folder for the satellite assembly when ResourceManager is instructed to do so. But, still, why distinguish between the two. CurrentCulture and CurrentUICulture? Has anyone find themselves in situation in which CurrentCulture needs to be different form CurrentUICulture??
2. RegionInfo: I have no idea what we need this for... Although reference can be found here:
http://docs.aspng.com/quickstart/aspplus/doc/cultureencoding.aspx
Why region? Is all that it do is to tell what Currency Symbol and metric or not? Why not embed this information in CultureInfo??
Thanks!
|
|
|
|
|
Hello,
Currently I have an ASP based login system where once the user's credentials are checked, it cookies them with their username and password. On every protected page an include file revalidates that information and redirects the user if it doesn't match the information in the database. Instead, after verifying the user's credentials, could I set a session variable and then just check for that session variable being set in the include file? Are there any possible security issues that could arise from this setup (I'm aware of some of the ones in my current setup)?
Thanks,
Aaron Stubbendieck
modified 12-Jul-20 21:01pm.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
