Cookies problem (bug?)

Discussion in 'ASP General' started by Netanel, Mar 1, 2005.

  1. Netanel

    Netanel Guest

    Hi,
    I have a site that I developed in ASP / VBScript.

    Some of the visitors are complaining that they can't get in into the system
    (using the login form of-course).

    My login form includes e-mail and passwords fields, that I check within the
    e-mail and passwords fields written in the database.
    Then, if all is OK and the info the visitor enter is valid, I write it into
    a cookie that next time the user get into my site, the system will recognize
    him.

    As I mentioned before, the problem is that some of the visitors are able to
    connect/logon, and some are not. They are getting the regular screen.
    I checked with them and the cookies were enabled. I also tried to add a
    "Response.Buffer=TRUE" code in the first line of code there --- > NOTHING.

    Some people are able to connect just after they clear the cookies from their
    computer. For some it doesn't help...
    Some can't logout when they are connected :\

    I am attaching here some code.

    Please help me to solve this problem the persists for long time now.
    Thanks,
    Netanel.

    LOGGING IN CODE:
    -----------------------
    Rec.Open "SELECT [UserID] FROM Users WHERE
    (='"&ReplaceSTR(Request.Form("EMail"))&"' and
    StrComp([PassWord],'"&ReplaceSTR(Request.Form("PassWord"))&"',0)=0)",DB
    If (Rec.EOF) Then
    Rec.Close : DisposeConn()
    Response.Redirect("Default.asp?Err=LoginFailed")
    Else
    Rec.Close : DisposeConn()
    ExpireDate=Date()+365
    If (Request.Form("SaveDetails")="on") Then
    Response.Cookies("GDUser").Expires=ExpireDate
    CEMail=ReplaceSTR(Request.Form("EMail"))
    CPassword=ReplaceSTR(Request.Form("PassWord"))
    TempString="UD"
    Response.Cookies("GDUser")=TempString
    Response.Cookies("GDUser")("EMail")=CEMail
    Response.Cookies("GDUser")("PassWord")=CPassword
    Response.Redirect("Default.asp")
    End If


    VALIDATION CHECK ON EACH PAGE:
    ------------------------------------------
    MyEmail=Request.Cookies("GDUser")("EMail")
    MyPass=Request.Cookies("GDUser")("PassWord")
    MyLevel=2
    MyFullName=""
    MyID=0
    Connected=FALSE
    isAdmin=FALSE

    If (MyEmail<>"") Then
    Rec.Open "SELECT [UserID],[UserLevel],[FirstName],[LastName] FROM Users
    WHERE ([EMail]='"&MyEmail&"' and StrComp([PassWord],'"&MyPass&"',0)=0)"
    If (Rec.EOF) Then
    Response.Cookies("GDUser")="User Details"
    Response.Cookies("GDUser").expires=date()-1
    Else
    MyLevel=Rec("UserLevel")
    If (MyLevel=1) Then isAdmin=TRUE
    MyID=Rec("UserID")
    MyFullName=Rec("FirstName")&" "&Rec("LastName")
    Connected=TRUE
    End If
    Rec.Close
    End If
    Netanel, Mar 1, 2005
    #1
    1. Advertising

  2. Netanel

    Mark Schupp Guest

    in your check-login add some debug code to write out the values of all of
    the parameters and SQL statements if a login fails. Then have one of the
    "problem" clients test for you.

    --
    --Mark Schupp
    Head of Development
    Integrity eLearning
    www.ielearning.com


    "Netanel" <> wrote in message
    news:...
    > Hi,
    > I have a site that I developed in ASP / VBScript.
    >
    > Some of the visitors are complaining that they can't get in into the
    > system
    > (using the login form of-course).
    >
    > My login form includes e-mail and passwords fields, that I check within
    > the
    > e-mail and passwords fields written in the database.
    > Then, if all is OK and the info the visitor enter is valid, I write it
    > into
    > a cookie that next time the user get into my site, the system will
    > recognize
    > him.
    >
    > As I mentioned before, the problem is that some of the visitors are able
    > to
    > connect/logon, and some are not. They are getting the regular screen.
    > I checked with them and the cookies were enabled. I also tried to add a
    > "Response.Buffer=TRUE" code in the first line of code there --- > NOTHING.
    >
    > Some people are able to connect just after they clear the cookies from
    > their
    > computer. For some it doesn't help...
    > Some can't logout when they are connected :\
    >
    > I am attaching here some code.
    >
    > Please help me to solve this problem the persists for long time now.
    > Thanks,
    > Netanel.
    >
    > LOGGING IN CODE:
    > -----------------------
    > Rec.Open "SELECT [UserID] FROM Users WHERE
    > (='"&ReplaceSTR(Request.Form("EMail"))&"' and
    > StrComp([PassWord],'"&ReplaceSTR(Request.Form("PassWord"))&"',0)=0)",DB
    > If (Rec.EOF) Then
    > Rec.Close : DisposeConn()
    > Response.Redirect("Default.asp?Err=LoginFailed")
    > Else
    > Rec.Close : DisposeConn()
    > ExpireDate=Date()+365
    > If (Request.Form("SaveDetails")="on") Then
    > Response.Cookies("GDUser").Expires=ExpireDate
    > CEMail=ReplaceSTR(Request.Form("EMail"))
    > CPassword=ReplaceSTR(Request.Form("PassWord"))
    > TempString="UD"
    > Response.Cookies("GDUser")=TempString
    > Response.Cookies("GDUser")("EMail")=CEMail
    > Response.Cookies("GDUser")("PassWord")=CPassword
    > Response.Redirect("Default.asp")
    > End If
    >
    >
    > VALIDATION CHECK ON EACH PAGE:
    > ------------------------------------------
    > MyEmail=Request.Cookies("GDUser")("EMail")
    > MyPass=Request.Cookies("GDUser")("PassWord")
    > MyLevel=2
    > MyFullName=""
    > MyID=0
    > Connected=FALSE
    > isAdmin=FALSE
    >
    > If (MyEmail<>"") Then
    > Rec.Open "SELECT [UserID],[UserLevel],[FirstName],[LastName] FROM Users
    > WHERE ([EMail]='"&MyEmail&"' and StrComp([PassWord],'"&MyPass&"',0)=0)"
    > If (Rec.EOF) Then
    > Response.Cookies("GDUser")="User Details"
    > Response.Cookies("GDUser").expires=date()-1
    > Else
    > MyLevel=Rec("UserLevel")
    > If (MyLevel=1) Then isAdmin=TRUE
    > MyID=Rec("UserID")
    > MyFullName=Rec("FirstName")&" "&Rec("LastName")
    > Connected=TRUE
    > End If
    > Rec.Close
    > End If[/color]
    Mark Schupp, Mar 1, 2005
    #2
    1. Advertising

  3. check www.aspprotect.com


    "Netanel" <> wrote in message
    news:...
    > Hi,
    > I have a site that I developed in ASP / VBScript.
    >
    > Some of the visitors are complaining that they can't get in into the
    > system
    > (using the login form of-course).
    >
    > My login form includes e-mail and passwords fields, that I check within
    > the
    > e-mail and passwords fields written in the database.
    > Then, if all is OK and the info the visitor enter is valid, I write it
    > into
    > a cookie that next time the user get into my site, the system will
    > recognize
    > him.
    >
    > As I mentioned before, the problem is that some of the visitors are able
    > to
    > connect/logon, and some are not. They are getting the regular screen.
    > I checked with them and the cookies were enabled. I also tried to add a
    > "Response.Buffer=TRUE" code in the first line of code there --- > NOTHING.
    >
    > Some people are able to connect just after they clear the cookies from
    > their
    > computer. For some it doesn't help...
    > Some can't logout when they are connected :\
    >
    > I am attaching here some code.
    >
    > Please help me to solve this problem the persists for long time now.
    > Thanks,
    > Netanel.
    >
    > LOGGING IN CODE:
    > -----------------------
    > Rec.Open "SELECT [UserID] FROM Users WHERE
    > (='"&ReplaceSTR(Request.Form("EMail"))&"' and
    > StrComp([PassWord],'"&ReplaceSTR(Request.Form("PassWord"))&"',0)=0)",DB
    > If (Rec.EOF) Then
    > Rec.Close : DisposeConn()
    > Response.Redirect("Default.asp?Err=LoginFailed")
    > Else
    > Rec.Close : DisposeConn()
    > ExpireDate=Date()+365
    > If (Request.Form("SaveDetails")="on") Then
    > Response.Cookies("GDUser").Expires=ExpireDate
    > CEMail=ReplaceSTR(Request.Form("EMail"))
    > CPassword=ReplaceSTR(Request.Form("PassWord"))
    > TempString="UD"
    > Response.Cookies("GDUser")=TempString
    > Response.Cookies("GDUser")("EMail")=CEMail
    > Response.Cookies("GDUser")("PassWord")=CPassword
    > Response.Redirect("Default.asp")
    > End If
    >
    >
    > VALIDATION CHECK ON EACH PAGE:
    > ------------------------------------------
    > MyEmail=Request.Cookies("GDUser")("EMail")
    > MyPass=Request.Cookies("GDUser")("PassWord")
    > MyLevel=2
    > MyFullName=""
    > MyID=0
    > Connected=FALSE
    > isAdmin=FALSE
    >
    > If (MyEmail<>"") Then
    > Rec.Open "SELECT [UserID],[UserLevel],[FirstName],[LastName] FROM Users
    > WHERE ([EMail]='"&MyEmail&"' and StrComp([PassWord],'"&MyPass&"',0)=0)"
    > If (Rec.EOF) Then
    > Response.Cookies("GDUser")="User Details"
    > Response.Cookies("GDUser").expires=date()-1
    > Else
    > MyLevel=Rec("UserLevel")
    > If (MyLevel=1) Then isAdmin=TRUE
    > MyID=Rec("UserID")
    > MyFullName=Rec("FirstName")&" "&Rec("LastName")
    > Connected=TRUE
    > End If
    > Rec.Close
    > End If[/color]
    Kyle Peterson, Apr 30, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Nitulescu

    Response.Cookies vs Request.Cookies

    Alex Nitulescu, Feb 3, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    8,442
    Hans Kesting
    Feb 3, 2005
  2. Andy Fish
    Replies:
    3
    Views:
    6,489
    Fredrik Lindner
    Nov 6, 2003
  3. user
    Replies:
    3
    Views:
    642
    =?ISO-8859-1?Q?G=F6ran_Andersson?=
    Mar 31, 2007
  4. archana
    Replies:
    1
    Views:
    491
  5. _Who
    Replies:
    7
    Views:
    2,611
Loading...

Share This Page