Domanda
I have a website on which certain pages are secured with a login page written in vbscript (framework is asp classic). Given that the username is "foo" and the password is "bar", the login page currently accepts the username and password and then redirects the user to a default page. We will call it "page1". Below is the code:
https://stackoverflow.com/questions/22797145
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianResponse.Buffer = True
If lcase(Request.Form("username")) = "foo" AND lcase(Request.Form("password")) = "bar" then
Session.Contents("foo") = "1"
Response.Redirect("page1.asp")
Else
Response.Redirect("failure.asp")
End If
This works but the user will always be redirected to the same page, regardless of which page they were trying to reach. I would like the user to be redirected to the page they were trying to reach before being sent tho the login page. Supposing the user wanted to go to "page2", I tried the following code:
Response.Buffer = True
If Request.ServerVariables("URL")= "http://www.mysite.com.com/page2.asp" AND lcase(Request.Form("username")) = "foo" AND lcase(Request.Form("password")) = "bar" then
Session.Contents("Dealer") = "1"
Response.Redirect("page2.asp")
ElseIf lcase(Request.Form("username")) = "foo" AND lcase(Request.Form("password")) = "bar" then
Session.Contents("foo") = "1"
Response.Redirect("page1.asp")
Else
Response.Redirect("failure.asp")
End If
This does not work, which is probably because
Request.ServerVariables("URL")
is pulling the url from the login page. Does anyone know how to send the user to the page that was originally requested?
Thanks in advance for any help/advice!
Soluzione
On your login form page add a hidden field for the referring page and populate the value like this:
<input name="referer" type="hidden" value="<%= Request.ServerVariables("HTTP_REFERER") %> />
Then redirect to this page once the form is submitted successfully:
Response.Redirect(Request.Form("referer"))
Altri suggerimenti
I don't know about "classic asp", nor VB script.
But what about the approach of adding the desired page (requiring login) in a querystring ?
forcing to land the user on login.aspx?redirectUrl=desiredPage.asp
then when login is done, you redirect to the page by retrieving it from the querystring ?
This page explains it better.
ASP.NET: directing user to login page, after login send user back to page requested originally?
Every secured page should have some header code like this:
If Not Session("LoggedIn") Then
Response.Redirect "login.asp?r=" & Server.UrlEncode(Request.ServerVariables("SCRIPT_NAME"))
End If
I typically put this into an include file called "private.asp" and make sure to include it at the top of every page that should be secured.
In your login page, after you've successfully logged in the user, check your querystring value to see if you should forward the user back to an originally requested page:
' After successful login...
strReturnURL = Request.QueryString("r")
If Len(strReturnURL) > 0 Then
Response.Redirect strReturnURL
Else
' Send them to your homepage...
Response.Redirect "/"
End If
your signin page URL should look like that:
http://domain.com/login.asp?urlstr=page2.asp
Response.Buffer = True
dim redirecturl
redirecturl = Request("urlstr")
If lcase(Request.Form("username")) = "foo" AND lcase(Request.Form("password")) = "bar" and len(redirecturl)>0 then
Session("Dealer") = "1"
Response.Redirect(redirecturl)
ElseIf lcase(Request.Form("username")) = "foo" AND lcase(Request.Form("password")) = "bar" and len(redirecturl)=0 then
Session("foo") = "1"
Response.Redirect("login.asp")
Else
Response.Redirect("failure.asp")
End If
