Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post

    HTA Login Script

    As far as i'm aware, HTA files will not run ASP code before they are sent to the client machine, so no ASP scripts will work. So far I have been using Ajax to run ASP code and just return the results.

    I'm making a page that needs the user to be logged in, but it seems that the session is being destroyed when the http response is returned, which means the user is no longer logged in.

    Can anyone suggest to me a login system for an HTA page?

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,561
    Thanks
    80
    Thanked 4,495 Times in 4,459 Posts
    I wonder if you could fool the system?

    Use web.config to specify that xxx.hta is actually processed via the page xxx.asp??

    From the browser's point of view, it would still be seen as ".hta".

    I've never mucked with HTA so can't help you with that, per se.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    martynball (06-04-2013)

  • #3
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    I thought of another way last night which I might use instead. Seeming as this "website" will only be used on local computers, I might simply use cookies to keep the user logged in as sessions don't seem to want to work.

    Then I will use the HTA file to use ajax and request the asp page, which in turn will run the ASP Server Code before it is returned to the HTA.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,561
    Thanks
    80
    Thanked 4,495 Times in 4,459 Posts
    Another way to do it, if you want a bit more security: Use a cookie *only* to hold an encrypted sessionid (string or number, whatever, but encrypted). This is, of course, how ASP does it already: Only the sessionid is encrypted and stored in a cookie.

    Then you manage your own "session variables" in one of two ways:
    (1) Use a database. Use the un-encrypted sessionid as the record identifier of the table that holds the session variables. Your table design could be as simple as
    Code:
    CREATE TABLE sessions (
        sessionid INT,
        name VARCHAR(50),
        value VARCHAR(255)
    )
    So to store a session "variable" you would do
    Code:
        INSERT INTO sessions VALUES( 3371, 'username', 'bob' );
        INSERT INTO sessions VALUES( 3371, 'password', 'zamboni' );
    where 3371 is the unencrypted session id.

    *******
    (2) The same thing, but you use application variables to hold the session info. You could keep each user's session info in a 2D array and then store the entire array in a single application variable. Thus:
    Code:
    Dim sessioninfo(19,1)
    sessioninfo(0,0) = "name" : sessioninfo(0,1) = "bob"
    sessioninfo(1,0) = "password" : sessioninfo(1,1) = "zamboni"
    application("3371") = sessioninfo
    Since each users application key (their sessionid) would be different, you wouldn't even need to worry about locking.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    martynball (06-04-2013)

  • #5
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,561
    Thanks
    80
    Thanked 4,495 Times in 4,459 Posts
    The "trick" with either of the above is that you need a way to expire a session so you can expunge the data from the DB or Application contents.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    martynball (06-04-2013)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •