Newbie: simple asp security form with CAPTCHA

B

blubberpuss

I've created a simple form that creates a .csv and will generate an
email (intro.asp).
For some security, I've been asked to include CAPTCHA. I found Web Wiz
CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
A correct response redirects to the full form's page, with more text
fields (survey.asp).
There's no login/password, but I'm concerned that bots will circumvent
the intro.asp page and go directly to the survey.asp page.
I'm pretty sure that what I need is a session variable somewhere in
survey.asp and following pages to prevent pages from being viewed out
of sequence.
Unfortunately, I don't know how that session variable is constructed.
Help much appreciated.

Scott
 
B

Bob Barrows [MVP]

I've created a simple form that creates a .csv and will generate an
email (intro.asp).
For some security, I've been asked to include CAPTCHA. I found Web Wiz
CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
A correct response redirects to the full form's page, with more text
fields (survey.asp).
There's no login/password, but I'm concerned that bots will circumvent
the intro.asp page and go directly to the survey.asp page.
I'm pretty sure that what I need is a session variable somewhere in
survey.asp and following pages to prevent pages from being viewed out
of sequence.
Unfortunately, I don't know how that session variable is constructed.
Help much appreciated.
Click to expand...
It's as simple as:
<%
Session("your_variable_name") = some_value
%>

Bob barrows
 
B

blubberpuss

Bob said:
It's as simple as:
<%
Session("your_variable_name") = some_value
%>

Bob barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Click to expand...

Sorry, should have asked the question better.
What code needs to go on survey.asp to prevent bots from using it
directly, avoiding intro.asp?
Thanks again.

Scott
 
D

Dave Anderson

Sorry, should have asked the question better.
What code needs to go on survey.asp to prevent bots from
using it directly, avoiding intro.asp?
Click to expand...

Upon successful negotiation of CAPTCHA challenge, set a session variable:

Session("UserType") = "Human"

Then check for that value in survey.asp:

If Session("UserType") <> "Human" Then
Response.Redirect("intro.asp")
End If



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
 
B

blubberpuss

Dave said:
Upon successful negotiation of CAPTCHA challenge, set a session variable:

Session("UserType") = "Human"

Then check for that value in survey.asp:

If Session("UserType") <> "Human" Then
Response.Redirect("intro.asp")
End If



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Click to expand...

Thanks very much. It works like a champ in IE, it slips through in
Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
redirects to http://yadayada.com/intro.asp, but pasting
http://yadayada.com/survey.asp lets me right into the survey.asp page.
Would modifications be necessary, or is it a caching thing?

Again, much thanks.

Scott
 
D

Dave Anderson

Thanks very much. It works like a champ in IE, it slips through in
Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
redirects to http://yadayada.com/intro.asp, but pasting
http://yadayada.com/survey.asp lets me right into the survey.asp page.
Would modifications be necessary, or is it a caching thing?
Click to expand...

Could be a caching thing. If you add this to survey.asp, does Firefox
behavior change (you may have to clear cache in Firefox before testing)?

Response.Expires = -1
Response.AddHeader("pragma","no-cache")
Response.AddHeader("cache-control","private")
Response.CacheControl = "no-cache"


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

newbie craves captcha advice 3
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Security issue with an HTA frame 10
Newbie with server side includes, please help 0
generating form on the fly 1
How can I sumit a form to a specific asp page based on a pulldownmenu value? 2
ASP/VBScript Form Help 3
Embedding Windows Form Control to ASP .NET Security Problem 2

Members online

Total: 29 (members: 1, guests: 28)
Robots: 472

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top