protect pages in favorites

stewart · Feb 9, 2004

Hi all
can anyone please tell me how to prevent pages that have been saved to favorites after entering through a password protected home page, can be stopped from being used to by pass the login over and over again
Best Regard
stewart
thanks very much.

Jon · Feb 9, 2004

Hi Stewart,
how are you protecting your pages - can you show us some code? Any password
protection system I've seen checks for access at the top of the page and
redirects if a user is not logged in. For example an asp system might do
this
<%
if session("LoggedIn") <> "yes" then
response.redirect "login.asp"
end if
%>

Jon
Microsoft MVP

stewart said:
Hi all,
can anyone please tell me how to prevent pages that have been saved to

favorites after entering through a password protected home page, can be
stopped from being used to by pass the login over and over again.

stewart · Feb 9, 2004

Hi Jon
I'm using websunlimited page protector, just to protect one page but its not using an access database just asp script
<
sLoginUserID = "example
sLoginPass = "example
If request.servervariables("REQUEST_METHOD") = "POST" The
sUserID = request.form("UserID"
sPass = request.form("Password"
If sUserID = sLoginUserID And sPass = sLoginPass The
session(sLoginUserID) = sLoginPas
End I
End I
If session(sLoginUserID) <> sLoginPass The
%
If I add the script you suggested to each html page, would that work or do I need to try something else
Thanks very much for your help
Best Regard
Stewart

----- Jon wrote: ----

Hi Stewart
how are you protecting your pages - can you show us some code? Any passwor
protection system I've seen checks for access at the top of the page an
redirects if a user is not logged in. For example an asp system might d
thi
<
if session("LoggedIn") <> "yes" the
response.redirect "login.asp
end i
%

Jo
Microsoft MV

stewart said:
Hi all
can anyone please tell me how to prevent pages that have been saved t

favorites after entering through a password protected home page, can b
stopped from being used to by pass the login over and over again

Jim Buyens · Feb 9, 2004

-----Original Message-----

Hi all,
Howdy.

can anyone please tell me how to prevent pages that have
been saved to favorites after entering through a password
protected home page, can be stopped from being used to by
pass the login over and over again.
Best Regards
stewart.

Adding a page to Favorites doesn't save the id and
password.

The browser *does* save the username and password
temporarily in memory; otherwise, you would have to re-
enter the username and password for each page, each
picture, and each other file you accessed from a protected
site. But this disappears when the visitor closes the last
browser window.

The Auto-Complete feature for form fields (the feature
whereby past entries reappear "by magic") has nothing to
do with Favorites. It works just as well on URLs you
haven't saved as favorites. In any event, this is a
browser feature that you generally can't control from a
Web site. However, on an intranet, you *can* use the
Internet Explorer Administration Kit to control this
setting at an organizational level.

As to storing usernames and passwords in URLs (as in
http://username/[email protected]/myuweb)/, an
upcoming patch to Internet Explorer will eliminate this
capability.

Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------

Jon · Feb 9, 2004

Hi,
I think you're missing a bit of the script here

If session(sLoginUserID) <> sLoginPass Then
' user is not authoried - what do we do?
%>

That would be true if the user has entered the wrong login or followed a
link from favourites so we'd want to deny access to the page. If I'm
following the logic of this script you would have something like this.
<%
sLoginUserID = "example"
sLoginPass = "example"
If request.servervariables("REQUEST_METHOD") = "POST" Then
sUserID = request.form("UserID")
sPass = request.form("Password")
If sUserID = sLoginUserID And sPass = sLoginPass Then
session(sLoginUserID) = sLoginPass
End If
End If
If session(sLoginUserID) <> sLoginPass Then
%>
<form method="post" action ="<%=request.servervariables("SCRIPT_NAME")%>">
Please login
User ID <input type="text" name="userid">
Password<input type="text" name="password">
<input type="submit" value="Log In">
</form>
<%else%>
....put your page content here.....
<%end if%>

You might want to contact Mike at websunlimited - I don't really want to
support his products

Jon
Microsoft MVP - FP

stewart said:
Hi Jon,
I'm using websunlimited page protector, just to protect one page but its

not using an access database just asp script.