Rocket
Posts: 45
|
| Posted: 02/21/2011, 6:17 PM |
|
Good day to all, it's been a while. Anyway, I have been making great strides but have a slight problem.
I have a system that is developed outside of CCS and it uses a session variable to redirect users to the appropriate login page if null (empty or of ZERO length) among other things.
In a project that I am working on in CCS, we are not going to use the Login features (at this time) of CCS, but we want to check the session vaiable that is used in the existing system. The CCS system simply lists some tabular data that is grabbed for an MS SQL DB and simply uses the session var to see if a user logged into the xisting system..
So in the "After Init Event" I've placed this code (which is a snippet that is used throughout the existing app):
If Len(Session("USERID_NO"))= 0 Then
response.redirect ("/VirDir/login.asp")
end if
It always returns me to the login page, yet the session var is declared in the existing app.
So my question is, how can I continue to use the existing session variable in this CCS app.
Eventually, we are moving everything into CCS, but as I am still in the learning stage, it's a little premature to do so.
Any pointers would be appreciated.
Thanks,
Rocket...
|
 |
 |
datadoit
|
| Posted: 02/22/2011, 5:26 AM |
|
You'll want to go ahead and set up your Security settings in CCS, then
publish. In your other app, set the appropriate CCS security session
variables that you specified (defaults are UserID and GroupID) upon
successful login.
|
|
|
|
Rocket
Posts: 45
|
| Posted: 02/22/2011, 6:03 AM |
|
Thanks for the reply. However, as mentioned in my post:
1) the Session Var "is" defined in the other app and it works fine (we tried using CCS:UserID and our existing session var:USERID_NO - just no go),
2) We are "not" going to use (or need to) CCS security at this point. Eventually yes, but we are not at the point where we can comfortably move completely to CCS, we have too many projects to risk a simple issue like this causing problems.
We fought with this for hours and although we are learning tons and really love some of the features and benefits, hopefully we can start moving existing apps to CCS. We just couldn't beleive that a simple thing like a session variable is such a pain.
I did this in Dreamweaver which took about 20 minutes, it's a simple list grid of two tables with two buttons using one session variable to determine if a user is logged in. Quite a simple task we think.
So I think we can consider this post resolved (how would I mark it as resolved???).Again, thanks for the assist and I appolgize if I seem to be frustrated. A little I suppose, but to be sure, all replies and pointers I have gotten are execellent and appreciated. Just a little frustrated that such a simple issue took so long and ultimately had to use an existing tool to make it work.
Cheers and again thank you for your reply and time, I know it's voluntary  .
|
|
|
|
TheunisP
Posts: 342
|
| Posted: 02/22/2011, 6:10 AM |
|
start by seeing if the cookies is actually set - get a program via google I remember vaguely somthingf called Karen's Cookie something
ok run the DW part
now check for the cookie with name you are using
because if the cookie is set and you have the right name ASP should get it - CCS doesn't intercept the session call so it must be there
just for interest sake the 2 systems are on the same domain & sub-domain?
|
|
|
|
datadoit
|
| Posted: 02/22/2011, 6:41 AM |
|
If you want to use DIFFERENT security session variables for the two
applications, then each application will need to know about the other.
In your login function for your own non-CCS application, you'll need to
set the CCS security session variables at that point in order to be able
to use CCS security protected forms, records, grids, etc. Vice-versa
holds true if you want to use CCS as the primary security mechanism, but
be logged into other applications as well (ie: WordPress, Joomla,
MyApplication.com, etc.).
If you want to use THE SAME security session variables for the two
applications, then in CCS simply set the variables from the defaults of
UserID and GroupID to match those of your own application - in your case
"USERID_NO" replaces "UserID".
CodeCharge's security implementation merely sets and then checks the
value of session variables. See the CCLogin and CCLogout functions in
Common for details. Those session variables can be defined any way you
wish (Project Settings -> Security -> Advanced).
|
|
|
|
Rocket
Posts: 45
|
| Posted: 02/22/2011, 11:37 AM |
|
I can't seem to reply. it just stays in the reply form and submit... This is all I can send, am I banned or something??
|
|
|
|
andrewi
Posts: 162
|
| Posted: 02/22/2011, 12:17 PM |
|
Not banned. I've come across it before - you must have included something that this forum app prevents you from posting. It's happened to me, although I can't remember what the offending text was.
|
|
|
|
Rocket
Posts: 45
|
| Posted: 02/22/2011, 12:24 PM |
|
Quote datadoit:
If you want to use DIFFERENT security session variables for the two
applications, then each application will need to know about the other.
In your login function for your own non-CCS application, you'll need to
set the CCS security session variables at that point in order to be able
to use CCS security protected forms, records, grids, etc. Vice-versa
holds true if you want to use CCS as the primary security mechanism, but
be logged into other applications as well (ie: WordPress, Joomla,
MyApplication.com, etc.).
If you want to use THE SAME security session variables for the two
applications, then in CCS simply set the variables from the defaults of
UserID and GroupID to match those of your own application - in your case
"USERID_NO" replaces "UserID".
CodeCharge's security implementation merely sets and then checks the
value of session variables. See the CCLogin and CCLogout functions in
Common for details. Those session variables can be defined any way you
wish (Project Settings -> Security -> Advanced).
Sorry, don't mean to be a brick - but we are "not" using CCS security (in otther words - no login page). So to be clear, we are using a session variable called "UserId_no" in our app beacuse the app () uses sesison("UserID") to refer to the login name, not user_id. That is why we use a different session var to refer to the userid. IN any case, CCS just ignores it completely, I did a response.write before the page was displayed (before the Init and after the Init events) and CCS just completely ignores it and displays it as a ZERO value.
We know this works because we use ASPmaker ReportRunner to generate reports and it uses it just fine.
Aslo, we have a custom app pool (not using the Default one) with all the virdirs inside of this pool. I just spoke with three other MVP collegues to confirm that session vars are valid across an app pool so long as all the scripts and virdirs are in the ppol.
So this should work.
Again, no CCS4 security pages at all, simply using a session var to determine if a user has already logged into an app.
We did a test page (very basic one) that gets a user login, sets a session var and the we load the page from CCS into the browser and the session var is ignored. We placed another asp page in the same virdir as the ones from CCS and tried the same test, ir reported the value of the sesion var as "2184" - which is what we hard coded into the sample login page 9just straight html no code gens). If the value of the session var "UserId_N" = 2184, it the redirected to the CCS4 page succesffully, so that works just fine, but the CCS page (response.write) says 0.
The only other anomolly is that we are getting the infamous "Loading Fields: HY000"{MS OBDC...] Error. This is not a hihacked copy, I can certanily confirm with support, but we don't think this is the case, because we simply use a conneciton string (CCS seems to have problems with DSNs using Mars!).
I don't want to waste anyones time, but this seems to be such a simple task and issue. It's not like we're even doing any queries yet, just loading a page.
|
|
|
|
TheunisP
Posts: 342
|
| Posted: 02/22/2011, 2:30 PM |
|
please ignore my previous reply, I dont know why I thought yuo were using cookies - I must have cookies on the brain 
ok - just a quick few questions
1) the other system is written in what?
ok just that
seems like you are loosing session state
|
|
|
|
TheunisP
Posts: 342
|
| Posted: 02/22/2011, 2:41 PM |
|
I tried a quick test:
a non CCS asp page called setsession.asp has this:
<%
session("mes_v1")="hello"
%>
a ccs page getsession.asp has in the after init event:
response.Write("rq: "&session("mes_v1")&"<br>")
i run the getsession 1st and it is empty
open a new tab loaded setsession
open another tab and getsession and the value is there
|
|
|
|
Rocket
Posts: 45
|
| Posted: 02/22/2011, 6:12 PM |
|
Thanks TheunisP. I first added a piece of ASP script in the button from my other app ( ASPrunner as mentioned above is the codegen and it's ASP). Anyway, out of couriosity, I set the session var to the value it was, then called the CCS page and it worked. I did this:
session("UserID_NO") = session("UserID_NO") (I 1st set it to a temp var, then re-assigned it and that worked, so I then did this). I have no idea why and it's weird.
I spoke with another MS MVP buddy of mine and he suggested moving (copying) the directory that houses the CCS VIRDIR into a dir within the existing App Virdir and change the mapping. That worked as well. It's like so:
1) Existing app Virdir: "AppVirDir" - drive e:\customername\appdir
2) CCS virdir: "ppal" - drive e:\customername\ppal
3) If I copy the CCS virdir contens (#2) to the physical dir in step 1, change the virdir mapping, it works.
We can live with this for now, bu I'll dig deeper and see why we have to do this. We have 16 other virdirs for this application layed out as in step 2 above and they all work. BTW: this is done for security reasons amongst others.
Anyway, you little snippet seemed to work and the copying (moving as well). I think we'll go with your little snippet idea and the re-assigment.
If I find out why, I'll post.
Thanks...
|
|
|
|
TheunisP
Posts: 342
|
| Posted: 02/23/2011, 12:44 AM |
|
cool - I think the point being that CCS doesn't wrap or interecept the session statement - but that it is a straight ASP call - so unless the variable is cleared somewhere, it must be losing state along the way
|
|
|
|
solesz
Posts: 137
|
| Posted: 02/23/2011, 11:47 AM |
|
Maybe I do not catch exactly what you want, but here is my solution.
I have windows 2003 server with active directory, with users registered in it.
I put the authentication routine/function into common.asp.
I use CCS login page, but I authenticate the submitted data against Active Directory with the function in Common.asp
If authentication is O.K. then I set session("userid"), and session("groupid").
Also, in common.asp I always check, if the session is lost to run the appropiate code to prevent security issues.
The main point to put session validation system into common.asp, because this code is run every time, when CCS generated pages reqested. But be careful pages, which you added separatley.
|
|
|
|
Rocket
Posts: 45
|
| Posted: 02/23/2011, 6:46 PM |
|
Thanks solesz, putting the check in common.asp seems to have done the trick.
Since reading this post, we've 18 people perform the required taks, and the end of the task it redirects them to this CCS page and all is well.
As a safety step, I write the value out to a text file before heading to the CCS page, if in CCS it is Null (empty, zero) I load it from the text file. The file is created using the User Login ID and name, so there is no danger of sharing violations or overwriting. Once they leave the CCS page (the session expires or they log in again) I dispose of the file. Just a safety step.
You "Da Man..."
Thanks a lot.
the Rocket...
|
|
|
|
|
