I am new to website administration, a designer turned "programmer" overnight. Our public website links to 2 different production sites, both password protected. Everything has been running smoothly until last week, where users are able to login successfully, but they are getting logged out when trying to view additional pages. It's somewhat sparatic and sometimes if you hit the link 4-5 times, it lets you in, only to bounce you out again in a matter of time (only bounces you out when you click a new page, not while you are on the page).

From what I can see, based on my limited .asp experience, is that there is a server side include, checklogin.inc that each page is using. The code for checklogin.inc is:


<%
Dim uinstr
Dim res
uinstr = "?"
if Session("login") <> "yes" then
if Request("uin") = "" then
Response.Redirect("default.asp")
else
uinstr = "?uin=" & Request("uin") & "&"
res = SE.GetUserData(CLng(Request("uin")))
if res(0) <> 0 then Response.Redirect("Error.asp")
Session("login") = "yes"
Session("email")=res(1)
Session("userid")=res(2)
Session("type")=res(3)
Session("fname")=res(4)
Session("gr_email")=res(5)
end if
end if
%>


An example of the beginning code on a page that bounces me out would be:

<%@ Language=VBScript %>
<%Response.Buffer = True%>
<!--#include file="commscript.inc"-->
<!--#include file="checklogin.inc"-->
<!--#include file="StylesNCodesLinking.inc"-->

Our initial login page has coding like this:

<%@ Language=VBScript %>
<%
PageName="Login"
%>
<!--#include file="commscript.inc"-->
<%
se_cookie = Request.Cookies("seclient")
if se_cookie <> "" then
login = Left(se_cookie, InStr(se_cookie, "$") - 1)
password = Right(se_cookie, Len(se_cookie) - InStr(se_cookie, "$"))
res = SE.CheckUser(login,password, True)
if res(0) = 0 then
TempID = res(6)
uinstr = "?uin=" & TempID & "&"
Response.Redirect("news.asp" & uinstr)
end if
end if
%>


From what I can gather, there seems to be an issue with our "uin" that is generated as a TempID. Keep in mind that we can always login successfully, but when we try to navigate to another page, you get logged out and bounce back to the login page.

Could there be some reason why that "uin" isn't carrying over to each page? When I manually key in the url I am trying to reach and paste in the "uin" issued to me initially, I get to the page I am trying to get to.

PLEASE HELP!!!

Thanks so much.

Quote:

Originally Posted by mattbrue

I am new to website administration, a designer turned "programmer" overnight. Our public website links to 2 different production sites, both password protected. Everything has been running smoothly until last week, where users are able to login successfully, but they are getting logged out when trying to view additional pages. It's somewhat sparatic and sometimes if you hit the link 4-5 times, it lets you in, only to bounce you out again in a matter of time (only bounces you out when you click a new page, not while you are on the page).

From what I can see, based on my limited .asp experience, is that there is a server side include, checklogin.inc that each page is using. The code for checklogin.inc is:


<%
Dim uinstr
Dim res
uinstr = "?"
if Session("login") <> "yes" then
if Request("uin") = "" then
Response.Redirect("default.asp")
else
uinstr = "?uin=" & Request("uin") & "&"
res = SE.GetUserData(CLng(Request("uin")))
if res(0) <> 0 then Response.Redirect("Error.asp")
Session("login") = "yes"
Session("email")=res(1)
Session("userid")=res(2)
Session("type")=res(3)
Session("fname")=res(4)
Session("gr_email")=res(5)
end if
end if
%>


An example of the beginning code on a page that bounces me out would be:

<%@ Language=VBScript %>
<%Response.Buffer = True%>
<!--#include file="commscript.inc"-->
<!--#include file="checklogin.inc"-->
<!--#include file="StylesNCodesLinking.inc"-->

Our initial login page has coding like this:

<%@ Language=VBScript %>
<%
PageName="Login"
%>
<!--#include file="commscript.inc"-->
<%
se_cookie = Request.Cookies("seclient")
if se_cookie <> "" then
login = Left(se_cookie, InStr(se_cookie, "$") - 1)
password = Right(se_cookie, Len(se_cookie) - InStr(se_cookie, "$"))
res = SE.CheckUser(login,password, True)
if res(0) = 0 then
TempID = res(6)
uinstr = "?uin=" & TempID & "&"
Response.Redirect("news.asp" & uinstr)
end if
end if
%>


From what I can gather, there seems to be an issue with our "uin" that is generated as a TempID. Keep in mind that we can always login successfully, but when we try to navigate to another page, you get logged out and bounce back to the login page.

Could there be some reason why that "uin" isn't carrying over to each page? When I manually key in the url I am trying to reach and paste in the "uin" issued to me initially, I get to the page I am trying to get to.

PLEASE HELP!!!

Thanks so much.

Well my initial thoughts are it could be two obvious things.

One, if you are checking Session state to hold some sort of value, then an important thing to remember is that Session is not linked to the browser! well it is, but it has a timeout on the server end. (usually like 20 minutes by default). So therefore, if sessions are timing out in between clicks.. then users will be "Logged out" according to your code.

Another thing may be that one of your validation criteria is coming from the REQUEST object ("uid") or whatever. So, that means that the page is expecting to receive that name/value pair in the Request object. The request object can accept values either from a FORM submission, or from the Query string (page.asp?name=value). Since your code is calling Request("uin") its looking in both places for those values. It could be that one your your links or form submission isnt passing the value along properly and therefor is showing up NULL in your check script.

Why in God's name would anybody begin any new development in ASP Ancient? It's like if you've been asked to run a marathon, and decided to do it barefoot.

Specifically, what you're trying to accomplish will take many less hours in ASP.NET, and you'll be able to tap into a number of prebuilt login systems that have already been thoroughly tested, and that there's a huge community to answer specific questions in regards to.

Like I said, I fell into this gig and am trying to get by until I have time to learn and rebuild.

If anyone is out there that does know this ancient form of .asp, I would appreciate some help.

Thanks.

It's this bit that puzzles me

Quote:

2 different production sites

sessions will not persist over two different / servers. Is it possible that something has changed recently to create a situation where users may be switching servers / sites?

maybe a load sharing system or something similar.

You say it worked until a week ago, so a bit of detective work is needed to find out what changed at that point.
check for:
service pack updates,
security updates / upgrades,
hardware changes,
firewall updates etc etc

check for client updates,
check your server logs for a correlations on browsers types and failures.


If the code worked a week ago, it should work now UNLESS some other influence is at work.