#include before <HTML> tag

[BrianB]

Hi folks,

I have an application that does a security check on every page, asking if the user is logged in and changing the content to reflect their different status. This app uses an #include to minimize redundant code. Every page uses the same #include to add the file m_IdentityFunction.asp.

I have been asked to lock certain pages out entirely, so that users who aren't authorized get redirected to another page.

One way of doing this would be to Javascript to move the browser, but we don't want to create extra entries in the user's browser history.

The standard technique is to a response.redirect statement, but that must be placed before the <HTML> tag and therefore, before any #include statements. For maintainability, I would rather not copy the code to every page. Is there an easy way out?

Thanks in advance.

-Brian

 

[Shemzar]

Where is the position of the #include to add the file m_IdentityFunction.asp ?, if this is at the begining of your ASP pages before the <HTML> tag then just put your re-direct code at the top of this file otherwise unfortunately you must put a new #include file into those ASP pages that users need to be locked out of before the <HMTL> tag. A pain but it is the only way.
Regards..

 

[Ovatvvon]

It's not the only way if you have your buffer enabled either by code (Response.Buffer = True) or through IIS. There is a similar forum also regarding this issue called &quot;REDIRECT&quot;.

However it is best for security to have your include tag at the top of your page and check for access priveliges before redering any part of the page to the client. Otherwise, enable buffering and you can include the &quot;Access Verification&quot; page anywhere within your document...this way you won't have to copy the actual code every time. -Ovatvvon :-Q