expiring cookies - Dev Shed

Dev Shed Forums Sponsor:

Generate data entry and reporting .NET Web apps in minutes, straight from your database. Read our FREE whitepaper “Build Web 2.0 Applications Without Hand-Coding” Download now!

September 22nd, 2003, 12:24 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

expiring cookies

hi there i would just like to know.. can cookies be set to expire like the session.timeout?

thanks in advance

September 22nd, 2003, 01:48 AM

tomsn

Contributing User

Join Date: Aug 2003

Location: Dresden, Germany

Posts: 44

Time spent in forums: 3 h 13 m 9 sec
Reputation Power: 5

yes, that's possible...
if you don't set an expire-date, a cookie expires after the session...

Code:

Response.Cookies("myCookieID").Expires = "01.12.2003"

tomsn

September 22nd, 2003, 01:57 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

how do i set it to expire after 30 minutes?

September 22nd, 2003, 01:58 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

thanks in advance

September 22nd, 2003, 02:04 AM

tomsn

Contributing User

Join Date: Aug 2003

Location: Dresden, Germany

Posts: 44

Time spent in forums: 3 h 13 m 9 sec
Reputation Power: 5

Quote:

how do i set it to expire after 30 minutes?

Code:

Response.Cookies("myCookieID").Expires = Dateadd("n", 30, now())

September 22nd, 2003, 02:08 AM

OldJacques

Contributing User

Join Date: Jul 2003

Location: in Orbit mostly

Posts: 148

Time spent in forums: < 1 sec
Reputation Power: 6

You can use the DateAdd function to do this, like:
DateAdd("yyyy", 1, Now())
or for 30 minutes I think
Response.Cookies("Forum").Expires = DateAdd("n", 30, Now())
should work

September 22nd, 2003, 02:13 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

ok this is what i have done so far this part of code is to check if the user has logged in. If yes then it will expire in 30 minutes and the user will be redirected to the log in page. If no then the user will be directed to the index page

Dim login
login =Request.Cookies("LoggedIn")
IF login = " " THEN
Dim message
message = "You have not signed in yet!! Please sign in first."
Call Response.Redirect("index.asp?ErrMsg="& Server.HTMLEncode(message))
END IF
If login = true THen
login.Expires = Dateadd("n", 30, now())
Response.Redirect("notallowed.asp")
End If

September 22nd, 2003, 02:15 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

or do i add that part in the logInProcess.asp? :S

September 22nd, 2003, 02:26 AM

OldJacques

Contributing User

Join Date: Jul 2003

Location: in Orbit mostly

Posts: 148

Time spent in forums: < 1 sec
Reputation Power: 6

If you put the "expires" part in the verification section (which should be included in every "protected" page) each time it is accessed, it will extend the expiration by 30 minutes.

If you put it in the login page, it will allow 30 minutes from the original login, requiring a new login every 30 minutes.

Also, I think the verification script could be cleaned up a little bit easily, avoiding possible errors, like:

Code:

Dim login
login =Request.Cookies("LoggedIn")
If login = true Then
 Response.Cookies("LoggedIn").Expires = DateAdd("n", 30, Now())
Else
 Dim message
 message = "You have not signed in yet!! Please sign in first."
 Call Response.Redirect("index.asp?ErrMsg="& Server.HTMLEncode(message))
End If

#10

September 22nd, 2003, 02:35 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

yup this is what i want Jacques

Quote:

If you put it in the login page, it will allow 30 minutes from the original login, requiring a new login every 30 minutes.

so I have added this part in my login page and

Code:

      
Response.Cookies("LoggedIn") = true
Response.Cookies("LoggedIn").Expires()=Dateadd("n", 30, now())

this for verfication

Code:

Dim login
login =Request.Cookies("LoggedIn")
   IF login = " " THEN
   	 Dim message
	 message = "You have not signed in yet!! Please sign in first."
     Call Response.Redirect("index.asp?ErrMsg="& Server.HTMLEncode(message))
   END IF
   IF login.Expires THEN
     Call Response.Redirect("notallowed.asp")   
   END IF

#11

September 22nd, 2003, 02:40 AM

OldJacques

Contributing User

Join Date: Jul 2003

Location: in Orbit mostly

Posts: 148

Time spent in forums: < 1 sec
Reputation Power: 6

I may be mistaken, not seeing everything, but I think what you want is:

Code:

Dim login
login =Request.Cookies("LoggedIn")
IF login <> true THEN
   	 Dim message
	 message = "You have not signed in yet!! Please sign in first."
     Call Response.Redirect("index.asp?ErrMsg="& Server.HTMLEncode(message))
END IF

If this is an included ASP file at the beginning of every protected page (you can save it as a separate file and use one line of code to include it, to standardize things) then if the login is valid (Request.Cookies("LoggedIn") = true) you show the page, otherwise you get redirected before the page is loaded.

I am pretty sure login can't have an "expires" property or method (as in login.Expires) so that will probably throw an error.

#12

September 22nd, 2003, 02:43 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

hmm.. ok thanks OldJacques

just one more question about the expire part
is it correct?

Code:


   IF login.Expires THEN
     Call Response.Redirect("notallowed.asp")   
   END IF

#13

September 22nd, 2003, 03:11 AM

OldJacques

Contributing User

Join Date: Jul 2003

Location: in Orbit mostly

Posts: 148

Time spent in forums: < 1 sec
Reputation Power: 6

Quote:

Originally posted by OldJacques
I may be mistaken, not seeing everything, but I think what you want is:...
I am pretty sure login can't have an "expires" property or method (as in login.Expires) so that will probably throw an error.

I don't know offhand if you can use Request.Cookies("LoggedIn").Expires to get the expiration time/date or not, as I said i've been using sessions over cookies in the last few ASP projects.

In any case, I think the logic of checking if it is expired is inherently wrong. IMHO you should be checking if it is valid, and in any other case throwing them back to the log-in.
That way you can't go wrong, and in case someone doesn't support cookies, they have no way of sneaking through.

#14

September 22nd, 2003, 03:18 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

hmm.. okok thanks

#15

September 23rd, 2003, 03:39 AM

icepricessa

Contributing User

Join Date: Sep 2003

Posts: 199

Time spent in forums: 6 h 10 m 38 sec
Reputation Power: 5

hmm.. ok i've changed the code for the loginprocess.asp but i get an error... as in... the validation to check if the user has logged in or not is not working.. regardless of the right or wrong username and password.. i get my error message teeling me that i have not signed in yet.. below are the codes.. pls help me check what i forgot to add someone thanks in advance

loginprocess.asp

Dim query, data, message, s, username, fs, loginDate, loginTime,usertype

query = "SELECT * FROM Users WHERE Username = '" & CStr(Request("username")) & "' AND Password = '" & CStr(Request("password")) & "' AND UserType = '"&CStr(Request("userType")) & "'"

Set data = Server.CreateObject("ADODB.RecordSet")
Call data.Open(query, objConn)
On Error Resume Next

IF data.EOF THEN
Call data.Close()
Call objConn.Close()
message = "Username or Password invalid. Please Try again!"
Call Response.Redirect("LogIn.asp?ErrMsg=" & Server.HTMLEncode(message))
ELSE
While NOT data.EOF
username = CStr(Request("username"))
password = CStr(Request("password"))
userType = CStr(Request("userType"))
Call data.MoveNext()
Wend
Call data.Close()
Call objConn.Close()
Response.Cookies("LoggedIn") = true
Response.Cookies("username") = username
Response.Cookies("password") = password
Response.Cookies("UserType") = userType
Dim path2logfile, logMsg, textfile
path2logfile = server.mappath("user.log")
Set fs = server.CreateObject("scripting.FileSystemObject")
loginDate = date
loginTime = time
logMsg = "Login|" & Request.Cookies("username")&"|"& loginDate & "|" & loginTime
IF fs.FileExists(path2logfile) THEN
Set textFile = fs.OpenTextFile(path2logfile,8,true)
textFile.WriteLine(logMsg)
textFile.Close
Else
Set textFile = fs.CreateTextFile(path2logfile)
Set textFile = fs.OpenTextFile(path2logfile,8,true)
textFile.WriteLine(logMsg)
textFile.Close
End if
Call Response.Redirect("view.asp")
END IF

validate.asp

Dim login
login =Request.Cookies("LoggedIn")
IF login <> true THEN
Dim msg
msg = "You have not signed in yet!! Please sign in first."
Call Response.Redirect("Login.asp?ErrMsg="& Server.HTMLEncode(msg))
END IF

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: