Very strange page request problem

[Aaron Prohaska]

I have just run into a problem where I have a page that posts back to
itself to execute code, except when the page does the post back it
somehow executes code that is in our home page for the site. The only
reason I know that is happening is because I keep track of the pages
executed by the user to see how they have traversed the site. Has anyone
every seen anything like this before?

Regards,

Aaron Prohaska

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
Wrench Science Inc.
http://www.wrenchScience.com/
Phone: 510.841.4748 x206
Fax: 510.841.4708
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

 

[Ray at]

What are you using to keep track of pages executed by the user, and how does
this tell you that the home page is being executed?

Ray at work

 

[Paul Baker]

Is it posting using an HTML form? What is the exact <form> tag?

Paul

 

[Aaron Prohaska]

To keep track of the pages being executed I append
Request.ServerVariables("SCRIPT_NAME") to a session variable with a
delimiter in between each page so that I can convert it to an array and
write it out to the screen. It has helped me a lot in the past with
solving problems.

Regards,

Aaron Prohaska

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
Wrench Science Inc.
http://www.wrenchScience.com/
Phone: 510.841.4748 x206
Fax: 510.841.4708
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

 

[Aaron Prohaska]

Yes, I am using a form to post the page back to itself. Though the
action of the form tag is being changed just before the submit is called.

function checkForm() {
document.logic_form.action = '<%= webroot %>/Secure/SaveBuild.asp?cmd=1';
document.logic_form.submit();
}

The html <form> tag itself does not contain any action attribute.
Instead it looks like this.

<form name="logic_form" method="post" onSubmit="return checkForm();">

Regards,

Aaron Prohaska

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
Wrench Science Inc.
http://www.wrenchScience.com/
Phone: 510.841.4748 x206
Fax: 510.841.4708
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

 

[Paul Baker]

Aaron,

I don't understand why you are setting the action property of the form in
JavaScript. There are a few problems I see. This is JavaScript, executing on
the client, except the code enclosed in <% %>.

JavaScript compatibility issues:
1. JavaScript must be supported and enabled.
2. The JavaScript syntax won't work on some browsers. Old and new versions
of Internet Explorer, old and new versions of Netscape and Mozilla all have
different syntax. I don't think there's any syntax that works on all
browsers.

Relative URL issues:
3. What is the variable webroot set to? The root is /, which you already
have, as in /Secure. I can't imagine a value that the webroot variable would
be set to that would actually help. You can see what value it actually wrote
to the response using View/Source in Internet Explorer.

Finally, why is it necessary? You want it to post to the same ASP, right?
You can achieve this without any of that simply by not specifying an action
at all. In fact you don't need to specify a name or method parameter either,
as the default is to POST to the current page. Your form tag can be just
<form>. Why did you add all that other stuff?

I see you want "cmd=1" added to the URL. Is this so that you know if you are
showing the page for the first time or whether the form has been posted? If
so, there are a few ways to deal with this. If the form data is blank, the
form was not posted. This is sufficient in some cases if you don't need to
distinguish between no form posted and a blank form posted. If you really
need to know, you can check the verb in the ASP. If it is GET, it is the
first time. If it is POST, the form was posted. You can also put parameters
like this in hidden fields <input type="hidden" name="cmd" value="1">, that
will be added only when posted.

Paul

 

[Aaron Prohaska]

Hello Paul,

The reason that I'm using the JavaScript to change the form action is
because I've got links on my page that I want to use to execute specific
functions. The only way I have found to do this is to change the action
of the form using JavaScript which changes the parameters and I then
check the value of the parameter and execute the function that goes with
the parameter. I have been using JavaScript on the site like this for
years and have never had a problem. At the moment I don't believe that
the JavaScript is the problem, but then again I don't have a clue what
the problem could be.

I have also found that the problem is only happening when I browse
through the site in a specific path. The page where I see the problem
happening does work when a different path through the site is taken.

Regards,

Aaron Prohaska

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
Wrench Science Inc.
http://www.wrenchScience.com/
Phone: 510.841.4748 x206
Fax: 510.841.4708
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

 

[Paul Baker]

Aaron,

The problems I describe with JavaScript are not meant to imply that you
cannot use JavaScript without issue, indeed many web sites do. My point is
that it relies upon capabilities of the client that may be unsupported or
disabled. Therefore, *if* there is a way to avoid it by giving control to
the server over the client, it should be taken.

Whereas I believe you that you have never seen any problems, I am confident
that this is because you haven't *looked* for problems and that I could
break your web page in a number of ways:
- Disable JavaScript (as a paranoid user would).
- Use a browser that does not support JavaScript (as some users resistant to
change may still do).
- Use various versions of Internet Explorer and Netscape/Mozilla until I
find one that does not understand your DOM syntax.

Originally, you said that you "have a page that posts back to itself". That
is why I didn't understand the need to change the action. But now you say
"I've got links on my page that I want to use to execute specific
functions". I don't follow exactly what this means without seeing it, but I
imagine that you could avoid JavaScript by including hidden fields in forms
(as I described) and/or parameters in URLs used by links. The page would
always post to itself, but the parameters in the form or URL would dictate
where it should redirect to. All functions could be in the same ASP or in a
function from a file included in the ASP using #include. If you have IIS 5
or higher, you can transfer execution to another ASP using Server.Transfer
if you have a version of IIS that supports it, which you probably do. If you
don't, you can use Response.Redirect, which relies on the client too but to
a much lesser extent and in a way that is compatible with even the oldest of
browsers and that cannot be turned off with configuration in any browser
that I know of.

I don't feel I can give a proper balanced answer to your questions without
raising these issues with you. If you choose not to do anything about them,
that's your choice. As you imply, that is not the root cause of your
problem.

You didn't answer my question about this line. I think this line is the root
cause of the problem:

document.logic_form.action = '<%= webroot %>/Secure/SaveBuild.asp?cmd=1'

The value you are setting action to must be a URL, and may be a relative
URL. The value actually used will depend on the webroot variable. What is
the webroot variable and what is it set to? Look at the HTML source and see
what it says?

For example, if webroot is C:\inetpub\test then your HTML is:

document.logic_form.action = 'C:\inetpub\test/Secure/SaveBuild.asp?cmd=1'

Now suppose the URL was http://myserver.com/test.asp. Then the URL it is
posting to is
http://myserver.com/test.aspC:\inetpub\test/Secure/SaveBuild.asp?cmd=1. That
can't be right!

Paul