Conditional logout link

[Glasgow]

I have a site that is being expanded to include a 'secure area' which will require a login process to access. The site, like many others no doubt, is a combination of ASP & straight HTML pages.

I have no problem with the login process which is consigned to a single ASP page but am having problems getting my head around the logout capability. Once logged in, the visitor can browse pages in both the 'secure area' and other pages in the site. In theory I need to provide them with a means of logging out from any page in the site. I could put a 'logout' link in the menu (server side include) and I would have what I need everywhere but, ideally, this link would only be available conditionally - i.e. if the visitor was, in fact, logged in. Is there any way I can achieve this without 'converting' all HTML pages to ASP or is my only other 'easy' solution to include the link unconditionally that calls an ASP logout page that then ignores the request if the user is already logged in?

I'm just concerened I'm missing something really obvious!

Thanks in advance.

 

[emozley]

This might be a clumsy way of doing it but let's say you had a 'LoggedIn' yes/no field for each user account you could try?

<% If rs("LoggedIn")=TRUE Then %>
<a href="lougout.asp?UserID=<% = rs("UserID") %>">Log Out</a>
<% Else %>
<a href="loginform.asp">Log In</a>
<% End IF %>

There may well be a far better way of doing it using session variables or something so I would hold on to see what other people suggest!

Ed

 

[Glasgow]

Thanks Ed but what I am hoping for (somewhat optimistically perhaps) is a mechanism that will work across both HTML & ASP pages. If I read your solution correctly, it would require that I change all HTML pages to ASP.

If the user logs in, strays away from the secure area and starts viewing any of the many other HTML pages on the site, I ideally want to provide an option to logout on those pages but, preferably, not present such an option to those users who have not completed the login process.

I really just wanted to check that I wasn't missing anything crushingly obvious but the more I think of it, the more I convince myself that I am asking for the impossible.

 

[Sheco]

[...] a mechanism that will work across both HTML & ASP pages[...]

I ideally want to provide an option to logout on those pages but, preferably, not present such an option to those users who have not completed the login process.

Perhaps I misunderstand but it seems you are describing an HTML page with conditional dynamic behavior. But HTML is static, that why you use ASP.

Perhaps if your site uses an #include for a navigation bar then this could contain the logic for hiding or showing the "logout" link.

 

[Glasgow]

No, you do understand correctly Sheco and I think I hinted at the possible lunacy of my 'requirement' - but maybe you are on the verge of putting me on to something...

If I have a 'static' HTML page that #includes an ASP file, will that effectively trigger dynamic behaviour and process the vbscript in that ASP file - i.e. treat the HTML file as ASP? What I want to avoid is renaming all my html files with ASP extensions and changing all the links.

My pages do already have a #include for navigation purposes so if I change that to an ASP, am I on the right track? Then again perhaps I'm still dreaming?

 

[emozley]

If the file includes an ASP file then it is an ASP file. If the file includes <% and %> at any point in it then it is an ASP file.

Certainly when I am building pages I always give them an .ASP extension even if there is no ASP in them at the start.

If you use the #INCLUDE statement that would be the same as actually typing the code in that file in the page so in that sense yes it would trigger dynamic behaviour.

I think you will have to bite the bullet and rename all the files with an .ASP extension and then use a text editor to do a find and replace with .HTM to .ASP - unless you have Visual Studio which I think fixes all dead links automatically.

Hope that is of some help.

 

[Glasgow]

Thanks. Could I get away without the bullet munching - i.e. is the renaming strictly necessary? If not automatic, might I be able to instruct server to parse .shtm files (for example) as ASP? Clutching at straws perhaps.

 

[Glasgow]

I think I can avoid the bullet-biting (i.e. renaming all my .html files and changing links) by reconfiguring the web site under IIS and changing the DLL associated with (e.g.) the .html extension from

C:\WINDOWS\system32\inetsrv\ssinc.dll

to

C:\WINDOWS\system32\inetsrv\asp.dll

i.e. this will treat .html as ASP without any renaming. Any suggestions as to oversights or drawbacks of this approach?

 

[Sheco]

Please let us know if it works.

 

[Glasgow]

I already tried with a test page that used the .stm extension (didn't want to mess with settings for extensions I do actually use at this stage) and it worked. So looks pretty hopeful.

 

[damber]

Glasgow,

Sounds like you've got a way of making this work, but I thought I would just share a concern or two with you..

The reason most people have some .asp pages and others as straight .htm is to reduce server load created by processing overhead of an ASP page compared to serving a simple file/text. Though this of course means the htm files are static and only have the option for basic ss includes (which will increase server load too). So, changing the DLL's that serve the pages in the background is effectively saying that the .htm is actually a .asp with a different name.. but you've lost any performance benefit you gained for using .htm instead of full blown ASP - so why not just use ASP?

By changing the way this works on the server, you have also added complexity to the solution that may cause confusion and/or added difficulties later when trying to support/maintain/upgrade the site (remember: you will probably have moved onto bigger and better things).

Although the additional overhead of ASP to htm may not be that important on your site (it isn't to most) - the question remains as to why the .htm are .htms in the first place... why not just make them all .asp and have done with it.. no changes needed on the webserver, which can only reduce complexity and ease future support?

The only downside is the one-time hit of search/replace of the .htm links and filenames - which could probably be done with 15-30 mins of coding, probably with a simple RegExp to do the url replacement. Then the testing and deployment, which will require more effort, and will add risk to your project.

That way you've also enabled future ASP oriented changes to be made to those pages that are not necessarily known at present - and you've kept the Server config standard - which can only be a good thing in these circumstances.

If this is a temporary measure.. doesn't really matter - if it is longer term design, then it may matter when you least want it to..

What do you think ?

A smile is worth a thousand kind words. So smile, it's easy!

 

[Glasgow]

Thanks Damber - I guess I was half expecting this kind of feedback - i.e. suggestion of minor performance degradation.

I think you have made some sensible points - I have yet to decide whether I am going to implement the change on the server but it is useful to know that this is a possible solution and I guess I wanted to check out what my options were before I jumped in. I may yet apply a less sophisticated solution for logging in/out which will eliminate my dilemma.

One point I should make is that, as I see it, there is a little more to it than a search and replace. The existing pages already have a presence with search engines so, if I rename them, then I have to consider both resubmission and creation of skeleton versions of the originals that redirect to the new ASP pages.

Thanks again.

ultimately I have kind of answered my own question

 

[DreXor]

no need to change the .htm extentions to be asp eneabled, use the javascript XML object just like the asp xml object, fetch the value of another on server page ( specifically ASP with conditions of logout or not ) append the results of that said asp page to your existing HTML.

DreX
aKa - Robert
if all else fails, light it on fire and do the happy dance!
" I always think outside the 'box', because I'm never inside the 'loop' " - DreX 2005

 

[DreXor]

oh yeah, side note, goin the JS/XML route, script tags are mostly ignored by search engines, so your page names, rankings, etc will all stay the same.

DreX
aKa - Robert
if all else fails, light it on fire and do the happy dance!
" I always think outside the 'box', because I'm never inside the 'loop' " - DreX 2005