Newbie: simple asp security form with CAPTCHA

Discussion in 'ASP General' started by blubberpuss@gmail.com, Feb 13, 2006.

  1. Guest

    I've created a simple form that creates a .csv and will generate an
    email (intro.asp).
    For some security, I've been asked to include CAPTCHA. I found Web Wiz
    CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
    A correct response redirects to the full form's page, with more text
    fields (survey.asp).
    There's no login/password, but I'm concerned that bots will circumvent
    the intro.asp page and go directly to the survey.asp page.
    I'm pretty sure that what I need is a session variable somewhere in
    survey.asp and following pages to prevent pages from being viewed out
    of sequence.
    Unfortunately, I don't know how that session variable is constructed.
    Help much appreciated.

    Scott
    , Feb 13, 2006
    #1
    1. Advertising

  2. wrote:
    > I've created a simple form that creates a .csv and will generate an
    > email (intro.asp).
    > For some security, I've been asked to include CAPTCHA. I found Web Wiz
    > CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
    > A correct response redirects to the full form's page, with more text
    > fields (survey.asp).
    > There's no login/password, but I'm concerned that bots will circumvent
    > the intro.asp page and go directly to the survey.asp page.
    > I'm pretty sure that what I need is a session variable somewhere in
    > survey.asp and following pages to prevent pages from being viewed out
    > of sequence.
    > Unfortunately, I don't know how that session variable is constructed.
    > Help much appreciated.
    >

    It's as simple as:
    <%
    Session("your_variable_name") = some_value
    %>

    Bob barrows
    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Feb 13, 2006
    #2
    1. Advertising

  3. Guest

    Bob Barrows [MVP] wrote:
    > wrote:
    > > I've created a simple form that creates a .csv and will generate an
    > > email (intro.asp).
    > > For some security, I've been asked to include CAPTCHA. I found Web Wiz
    > > CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
    > > A correct response redirects to the full form's page, with more text
    > > fields (survey.asp).
    > > There's no login/password, but I'm concerned that bots will circumvent
    > > the intro.asp page and go directly to the survey.asp page.
    > > I'm pretty sure that what I need is a session variable somewhere in
    > > survey.asp and following pages to prevent pages from being viewed out
    > > of sequence.
    > > Unfortunately, I don't know how that session variable is constructed.
    > > Help much appreciated.
    > >

    > It's as simple as:
    > <%
    > Session("your_variable_name") = some_value
    > %>
    >
    > Bob barrows
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.


    Sorry, should have asked the question better.
    What code needs to go on survey.asp to prevent bots from using it
    directly, avoiding intro.asp?
    Thanks again.

    Scott
    , Feb 13, 2006
    #3
  4. wrote:
    > Sorry, should have asked the question better.
    > What code needs to go on survey.asp to prevent bots from
    > using it directly, avoiding intro.asp?


    Upon successful negotiation of CAPTCHA challenge, set a session variable:

    Session("UserType") = "Human"

    Then check for that value in survey.asp:

    If Session("UserType") <> "Human" Then
    Response.Redirect("intro.asp")
    End If



    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms. Please do not contact
    me directly or ask me to contact you directly for assistance. If your
    question is worth asking, it's worth posting.
    Dave Anderson, Feb 13, 2006
    #4
  5. Guest

    Dave Anderson wrote:
    > wrote:
    > > Sorry, should have asked the question better.
    > > What code needs to go on survey.asp to prevent bots from
    > > using it directly, avoiding intro.asp?

    >
    > Upon successful negotiation of CAPTCHA challenge, set a session variable:
    >
    > Session("UserType") = "Human"
    >
    > Then check for that value in survey.asp:
    >
    > If Session("UserType") <> "Human" Then
    > Response.Redirect("intro.asp")
    > End If
    >
    >
    >
    > --
    > Dave Anderson
    >
    > Unsolicited commercial email will be read at a cost of $500 per message. Use
    > of this email address implies consent to these terms. Please do not contact
    > me directly or ask me to contact you directly for assistance. If your
    > question is worth asking, it's worth posting.


    Thanks very much. It works like a champ in IE, it slips through in
    Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
    redirects to http://yadayada.com/intro.asp, but pasting
    http://yadayada.com/survey.asp lets me right into the survey.asp page.
    Would modifications be necessary, or is it a caching thing?

    Again, much thanks.

    Scott
    , Feb 13, 2006
    #5
  6. wrote:
    > Thanks very much. It works like a champ in IE, it slips through in
    > Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
    > redirects to http://yadayada.com/intro.asp, but pasting
    > http://yadayada.com/survey.asp lets me right into the survey.asp page.
    > Would modifications be necessary, or is it a caching thing?


    Could be a caching thing. If you add this to survey.asp, does Firefox
    behavior change (you may have to clear cache in Firefox before testing)?

    Response.Expires = -1
    Response.AddHeader("pragma","no-cache")
    Response.AddHeader("cache-control","private")
    Response.CacheControl = "no-cache"


    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms. Please do not contact
    me directly or ask me to contact you directly for assistance. If your
    question is worth asking, it's worth posting.
    Dave Anderson, Feb 14, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    25
    Views:
    971
    Charlie
    Feb 27, 2007
  2. newbiegalore

    newbie craves captcha advice

    newbiegalore, Mar 18, 2008, in forum: HTML
    Replies:
    3
    Views:
    405
    newbiegalore
    Mar 18, 2008
  3. Scott Gordo
    Replies:
    1
    Views:
    159
    Kyle Peterson
    Mar 23, 2006
  4. sur

    Simple Captcha 1.0

    sur, Mar 24, 2007, in forum: Ruby
    Replies:
    0
    Views:
    96
  5. sur
    Replies:
    0
    Views:
    186
Loading...

Share This Page