Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session timeout and method="post"

Status
Not open for further replies.
b3booner

b3booner

Programmer
Jul 26, 2004
6
0
0
US
I have a current web application that utilizes a login to authenticate users
into the application. Once I authenticate them, I store away the user's
name in a Session variable. I then utilize this check to confirm the
session has not timed out (isLogon.asp - which I include on every page).

if Session("user") = "" then
call setURL()

Response.Redirect "login.asp"
end if

function setURL()
Session("TargetPage") = Request.ServerVariables("PATH_INFO")
Session("QueryString") = Request.ServerVariables("QUERY_STRING")
end function

I then utilize this function to upon login return the user back to where
they left:

function getURL()
dim url

if Session("TargetPage") <> "" then
url = Session("TargetPage")

if Session("QueryString") <> "" then
url = url & "?" & Session("QueryString")
end if
end if

getURL = url
end function

This all assuming using the "get" method on forms - which was fine given the
limited data being collected on the form.

A new requirements has been given that will require lots of data (well over
the QueryString limits). So seems I need to go to the "post" method on my
forms. However, with this method how do I ensure I return the user to the
appropriate location upon a session timeout??

Any pointers would be most appreciated.

BBB
 
Sort by date Sort by votes
what does your querysting hold?

rsshetty.
It's always in the details.
 
Upvote 0 Downvote
The querystring holds all of the data from the form (i.e. name, description, dates, etc).
 
Upvote 0 Downvote
The new request is for the form to be like a questionnaire where the users can input large amounts of text (like 10 questions where they want the limit to be 512 characters per response). Thus I will exceed the querystring limit. No problem change from method="get" to method="post" my problem is when the session times out and how to return the user to the appropriate page once the session expires.
 
Upvote 0 Downvote
Can you increase Session timeout to 1 hour or something? Mission complete :)

Otherwise it is possible - assuming you have one form per screen and all field names are unique. Store POST data into Session. When user logs back, generate javascript/vbscript that fills form data after page loads (body onload event). This must be done only once, so you'll obviously have to store some kind of state flag into Session (set to true when session expires and POST data is present). Obviously, it is much more complex than with GET data only.

IE5 and higher also support client-side data persistency. I'm not sure is it useful in this case but anyway...:
 
Upvote 0 Downvote
I figured the solution to this problem would most certain involved storing information in the session but this ONLY needs to be done when the session expires (I've read session variables should not be over used). I know how to determine when the session expires, I also know how to store the Request.Form information into Session variables.
Perhaps as you suggested, I utilize a session variable to determine when to save/restore the session information from/to the Request.Form construct. What I'm a bit unsure about is once the user logs back in how to handle passing the correct Form data to the web site the user was originally going to (when the session expired).
 
Upvote 0 Downvote
Your options are save the data on the client (cookie), save the data in a file on the server, save the data in a database table, or save data in the ASP session. Obviously the session is only good until the visitor closes their browser -- which if I understand your needs, this is all you need. I assume the scenario you describe is something that occurs when a logged in user's session expires, and you want to keep from losing the 30 minutes of data entry they just did on your long form! You want them to be able to log back in, then auto-direct to the page they were originally submitting to--without losing any data entry from the form. Right?

You can code an elaborate function to save the form data to a database table, then upon re-login, direct to a page that dynamicall builds a form from the database, then loads in the browser and submits itself (use client-side javascript to auto-submit the auto-generated form on page load). whew! Anyway.....

Or, you could go ahead and roll your own authentication and stop using sessions. That's what I did 2 years ago, and I've never looked back. I manage my own sessions using a sessionID cookie (just like ASP does). I store my session vars in the database. This way I have complete control over session expiration--usually I don't ever force a session to expire. If a user wants to be logged into an app all day long, then so be it. They only lose their session if they close the browser or click my logout link. As you know, ASP Sessions are expensive to use, so moving away from them is a good thing.

I have to admit, though, the built in session is so easy to work with! So for smaller apps with relatively small user bases -- feel free to keep on using them.
 
Upvote 0 Downvote
Here is general idea:

- if session expired and POST data is present, store POST data into Session (Dictionary?)
- when user logs back, redirect to TargetPage?QueryString as usual
- At every login-protected page check for POST data in Session. If exists, generate client "filler" code and remove data from session.

Longshot, there are some potential problems regarding state maintenance (what if user logs back under different acct?), otherwise looks OK.
 
Upvote 0 Downvote
try and make this as short as possible, if you're using forms and method="get" then you already have all field elements in place for what you already need/have.... changing get to post is no big headache at all.. easiest thing is .. you have request.querystring(BLAH) either :
replace .querystring with .form
or just use Request(BLAH) then it finds the value wherever it can ( either .querystring or .form )

and you should be set, you already have things set up for it, you just need a few search/replaces...



[thumbsup2]DreX
aKa - Robert
 
Upvote 0 Downvote
I was attempting some of the suggestions. I was using a session variable to indicate wether or not post data was found. If post data is found and the session has expired then the post data is stored in teh session. Once the login is complete, I attempt to restore the post data from the session.

So basically I go through the Session.Contents:

for each item in Session.Contents
select case item
case "cache", "user" (don't clear our non post data)

case else
Request.Form(item) = Session(item)
Session(item).Remove
end select
next

However, the Request.Form(item) = Session(item) line is giving an error: 'Object doesn't support this property or mthod: Request.Form'


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
How to link a condition to a session(&quot;UID&quot;) ?
Replies
14
Views
146
leifoet
leifoet
Swi
  • Locked
  • Question
JQUERY AJAX POST and how to receive data via Classic ASP
Replies
0
Views
112
Swi
Swi
penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
76
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
How to display an existing date in Input type=&quot;date&quot;?
Replies
4
Views
106
leifoet
leifoet
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
62
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top