response.redirect based off request.QueryString

[ceeleelewis]

Is there a way for me redirect a user back to a certain asp page based off a field of a form and the QueryString?

I have a total of eight different asp pages. A total (so far) of four users. Ideally I would like to redirect a user back their particular list. But if I can't create a redirect condition, than I will be forced to to essentailly create four separate asp files for each user(a total of thirty-two pages)... I can just copy and paste the pages and change a few things to make this process work but I would like to make the job easy for the next programmer who would be handling this application.

The method that I tried so far is as follows...

Dim lsURL
' Obtain the URL from the QueryString
lsURL = Request.QueryString("RecID&quot
' Redirect back to previous form
Response.Redirect(lsURL)

Again thanks for the direction...

 

[onpnt]

I see no reasoning why what you have up there would not work. What are you actually redirecting to? Are you performing any other response's in the page with your redirection? is lsURL a valid path? ---------------------------------------
{ str = "sleep is good for you. sleep gives you the energy you need to function";
ptr = /sleep/gi;Nstr = str.replace(ptr,"coffee"alert(Nstr); }
---------------------------------------
for the best results to your questions: FAQ333-2924

http://www.onpntwebdesigns.com

 

[Swany]

That would work, assuming that you have not written any data to the web browser, or that you have buffering enabled.

That said, however, what you are coding could result in a serious security hole and will result in some pretty unmanagable code.

a) Think about what will happen when you have 20 or 30 or 100 users. I know right now you don't think that is going to happen, but in most cases programs are forced to scale way larger than the programmer ever thought they would have to.

b) Any user could get access to any other users data, simply by changing the value in the querystring. Querystrings are inherently insecure and data obtained by them should never be considered "trusted". If you need to display personalized data for the user then make the user sign onto the web server with standard web based authentication and use the username supplied by the user.

c) if you don't want to use web server based authentication, then when the user signs on, use a temporary cookie for the users username

d) either store the user specific information in a database, or place them in text files with the username as part of the filename. Read the data/html in from the database or text files and then send it to the web browser.

.
.. Eat, think and be merry .
... ....................... .

 

[Chopstik]

Just a couple of other quick questions:

What is the value Request.QueryString("RecID&quot (since this is what you are setting your URL value equal to)?

Have you set Response.Buffer = True somewhere at the top of your code? (I know it seems generic, but best to look for the easy things first.)

Do you have Response.Clear just prior to your redirect statement? (Again, just trying to check the little things and it's not in your code sample.)

These questions are in addition to onpnt's. HTH. Insanity is merely a state of mind while crazy people have a mind of their own.

 

[ceeleelewis]

Sorry guys for the late responses...meetings ran late. My answers to your questions are as follows... (p.s. thanks for the direction )


(onpnt....)

What are you actually redirecting to?
* Essentially, I want to capture the users name and redirect them back to their main page. I do not want to hard-code a URL into my response.redirect object. Because of the fact that there are multiple users using the same asp files.
** Seemingly, since I have my users name stored on the
db, Is it possible to create a condition based off
the users name that will redirect them back to
their starting page?
Are you performing any other response's in the page with your redirection?
* No, there are no other reponses in the page..



is lsURL a valid path?
*from what i see so far, it is a valid path


(Swany...)
I'm looking into another option right now. I definitly understand what you're saying. I guess we look pass the whole security issue because .....

1) This is an application that will be used within our Intranet.

2) We exepect light usage of this application because the process involved in requesting services.

But, we do plan on copying this app for other departments to modify/use.


(Chopstik...)

What is the value Request.QueryString("RecID&quot (since this is what you are setting your URL value equal to)?

*Request.QueryString("RecID&quot's value is basically the value of the particular request that user has selected...

example: If form1's current state is form1="12345" than
RecID would be...
RecID = Request.QueryString("form1&quot

Have you set Response.Buffer = True somewhere at the top of your code? (I know it seems generic, but best to look for the easy things first.)


* Yes this is true for all the pages.

Do you have Response.Clear just prior to your redirect statement? (Again, just trying to check the little things and it's not in your code sample.)

*No, I was under the assumption that I would not want to clear out the form info because the querysting is passing the form id to the next page in the process?

These questions are in addition to onpnt's. HTH.



I hope I answered the question in a way to provoke appropriate responses. I know a few developers in our department could use this info ...thanks

 

[onpnt]

that has got to be the best response I have ever seen. for that.

on the side from you looking into other options and back to the original question

in reference to
Dim lsURL
' Obtain the URL from the QueryString
lsURL = Request.QueryString("RecID&quot
' Redirect back to previous form
Response.Redirect(lsURL)

If you have tried this, did it work or did you recieve a error on the redirection. ---------------------------------------
{ str = "sleep is good for you. sleep gives you the energy you need to function";
ptr = /sleep/gi;Nstr = str.replace(ptr,"coffee"alert(Nstr); }
---------------------------------------
for the best results to your questions: FAQ333-2924

http://www.onpntwebdesigns.com

 

[Chopstik]

Agree with Onpnt, the response is very well put! Onpnt, if ceeleelewis is redirecting to the "RecID" (which I think is just a variable), then I think it's erroring out.

Now, here's my thought, but it's contingent on whether I'm understanding you correctly and whether the pages are the same, just the list showing on each user's page is different.

If the pages are essentially the same for each user, just a different list is pulled for each user, then it seems like you are just using the same page with conditions based on the user accessing the page (which is coming from the query string variable). If this is the case, then use your conditions to set the response.redirect to the appropriate page with the user ID set in the query string. Something like: (just really quick - and bad - psuedocode here)

if request.querystring("RecID&quot = UserA then
Response.Redirect "StartPage.asp?RecID=" & request.querystring("RecID&quot
elseif {put other conditions here}...
end if

On your start page, you would then have each list be called based on the User ID which is sent from the calling page.

This would keep the number of pages down to a minimum and hopefully still do what you're looking to do. Not sure if this will help since I just re-read it and must be beginning my holiday mental meltdown as I'm not sure if I'm helping or not, but it's worth a shot. Insanity is merely a state of mind while crazy people have a mind of their own.

 

[onpnt]

as long as the varaible is holding a valid path then it should be fine.
as in
<%
dim url
url = &quot;index.asp&quot;
response.redirect url
%>

I think you are seeing the larger picture that I am not though. ---------------------------------------
{ str = &quot;sleep is good for you. sleep gives you the energy you need to function&quot;;
ptr = /sleep/gi;Nstr = str.replace(ptr,&quot;coffee&quot;alert(Nstr); }
---------------------------------------
for the best results to your questions: FAQ333-2924

http://www.onpntwebdesigns.com

 

[ceeleelewis]

(onpnt...)

Sorry...having problems with our servers right now... get back to you as soon as they're corrected...

 

[Chopstik]

Hmm, just thought that based on his original example and explanation that the variable was the user ID, not necessarily a valid path. Perhaps it's just my misunderstanding... I think you just put it much more directly than I seem able to do at the moment. (While visions of vacations went running through my head...)

Either way, I'm sure that once their servers are corrected we'll know. Insanity is merely a state of mind while crazy people have a mind of their own.

 

[ceeleelewis]

(Chopstik)

I think you hit it right on the head! I should've explained before that &quot;RecID&quot; was just a variable holding whatever number is assigned to it (Sorry about that).

I even had this psuedocoded (bad) this but could not figure it out. I knew there had to be (logically) some way that I would have incorporate the user name into the request.QueryString


(onpnt)

You are on board with Chopstik!

Ideally, I want my process to be similar to an online bank. You'll have a mutitude of users that are essentailly using the same pages, the only difference is the user's id.
(onpnt & Chopstik)

Both of you guys advice/tips were great. This was a question that we were definitly pondering over here. Once my system is operatinal. I'll let you guys know the results of your efforts.

Again thanks...