Logged in - Session timeout

[Targa]

I use a database to authenticate users. Thier logon info is stored in a
session.
When the session times out it redirects the user back to the login page,
which, when logged in sends them to the secured homepage.

How can I return them to the page they were on when the session timed out,
rather than starting over on the homepage?

Thanks!

 

[Rob Meade]

...

How can I return them to the page they were on when the session timed out,
rather than starting over on the homepage?

Hi Targa,

We wrote something at work that would do this for exactly the same purpose -
dont have the code to hand, but basically you need to send a URL to your
login page - which then redirects the user to that URL...you need to also
take any querystring info with it that you may need....

ie..

Page you're on before time out occurs:

http://www.your-domain.com/surprise.asp?kbid=1234

Now the users times out and you redirect them to your login page, at this
point we created the URL and querystring and put it into a new querystring
value for the redirect, ie...

http://www.your-domain.com/login.asp?url=http://www.your-domain.com/surprise.asp?kbid1234

within your login code you'd need to check to see if URL in the querystring
existed, if it does, takes its value and use that as the redirect instead of
going to your home page.

Somethings we found were that you'll need to URL encode the URL you are
going to redirect to BEFORE you add it to the querystring returning to the
login page, this was because it will other wise take only the first part of
the querystring, and not anything which you may have after &'s etc...

ie..

http://www.your-domain.com/surprise.asp?kbid=1234&sid=5678

when it reads that it'll only use the first part,

ie.

http://www.your-domain.com/surprise.asp?kbid=1234

and assume that the &sid=5678 belonged to the login page (ie, it gets lost)

Use Server.URLEncode before adding the URL to the login pages redirect and
you'll be fine.

Incidentally, we built the URL and querystring from stratch to a new
variable as some of our websites use SSL (ie, https) and others dont (http)
so we wanted to ensure that we always took them to the correct place.

I trust this is of some use...

Regards

Rob

 

[Lord Merlin]

This raise a question though. Can't you use sessions instead of the
quesrystring method, ie, instead of doing
http://www.your-domain.com/login.asp?url=http://www.your-domain.com/surprise
..asp?kbid1234

You have that info in a session, and then simply send them to :
http://www.your-domain.com/login.asp

login.asp will check if that session'ed URL exists, else redirect them to
the homepage?
--

Kind Regards
Rudi Ahlers
+27 (82) 926 1689

Greater love has no one than this, that he lay down his life for his friends
(John 15:13).
...

How can I return them to the page they were on when the session timed out,
rather than starting over on the homepage?

Hi Targa,

We wrote something at work that would do this for exactly the same purpose -
dont have the code to hand, but basically you need to send a URL to your
login page - which then redirects the user to that URL...you need to also
take any querystring info with it that you may need....

ie..

Page you're on before time out occurs:

http://www.your-domain.com/surprise.asp?kbid=1234

Now the users times out and you redirect them to your login page, at this
point we created the URL and querystring and put it into a new querystring
value for the redirect, ie...

http://www.your-domain.com/login.asp?url=http://www.your-domain.com/surprise
..asp?kbid1234

within your login code you'd need to check to see if URL in the querystring
existed, if it does, takes its value and use that as the redirect instead of
going to your home page.

Somethings we found were that you'll need to URL encode the URL you are
going to redirect to BEFORE you add it to the querystring returning to the
login page, this was because it will other wise take only the first part of
the querystring, and not anything which you may have after &'s etc...

ie..

http://www.your-domain.com/surprise.asp?kbid=1234&sid=5678

when it reads that it'll only use the first part,

ie.

http://www.your-domain.com/surprise.asp?kbid=1234

and assume that the &sid=5678 belonged to the login page (ie, it gets lost)

Use Server.URLEncode before adding the URL to the login pages redirect and
you'll be fine.

Incidentally, we built the URL and querystring from stratch to a new
variable as some of our websites use SSL (ie, https) and others dont (http)
so we wanted to ensure that we always took them to the correct place.

I trust this is of some use...

Regards

Rob

 

[Rob Meade]

...

This raise a question though. Can't you use sessions instead of the
quesrystring method, ie, instead of doing
http://www.your-domain.com/login.asp?url=http://www.your-domain.com/surprise
.asp?kbid1234

I guess you could but then wouldn't that just cause exactly the same
problem?

If the users is being returned to the login page because they have timed
out - ie no session variable is now available, then putting the URL of the
page to return them to into a session variable would be pointless as this
would be lost at the same time as all of the other session variables
wouldn't it?

Regards

Rob