Web App and XP
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Web App and XP

  1. #1
    Senior Member MadBeaver's Avatar
    Join Date
    Jul 2003
    Location
    Bath, Maine
    Posts
    252

    Web App and XP

    I have just install a new web app on an intranet. Ever time you log onto the the app it make you do it twice before accepting it.

    Web server Win2000
    Clients WinXP

    Thank for any info on this.
    let me know if you need any more info about my problem.
    Mad Beaver

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    What application is it?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member MadBeaver's Avatar
    Join Date
    Jul 2003
    Location
    Bath, Maine
    Posts
    252
    It is an invoice app I designed that inputs data into two different databases.
    When you log on it checks one of the databases for Uname and Password.
    The app works great on another network that has a win2000 server and win98 clients.
    So that make me think it has something to do with the XP Clients.

    Oh ya it mostly uses asp's
    Mad Beaver

  4. #4
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    So in other words, there is your login screen which you coded, then there is another login screen? Is it the same login screen you coded, or is the other login screen look a little different from yours?

    If so, my first guess is that there is something not quite right with the permissions on the server - I'm assuming that you are using IIS and Active Server Pages, correct?

    Let me know some more about these logins, then we can go from there...
    - Maverick

  5. #5
    Senior Member MadBeaver's Avatar
    Join Date
    Jul 2003
    Location
    Bath, Maine
    Posts
    252
    It is the same login screen that I coded, and it always goes through on the second try.
    Yes I am using IIS and Active Server Pages.
    when you login it sends you to an asp page at this point it verifies the info and stores the Uname and Pword in cookies then redirects to the appropreate page.
    Mad Beaver

  6. #6
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Storing the username and password in a cookie is a silly thing to do. I'd rethink your authentication code if I were you. You can fix your double login problem while you're at it.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  7. #7
    Senior Member MadBeaver's Avatar
    Join Date
    Jul 2003
    Location
    Bath, Maine
    Posts
    252
    ?
    Mad Beaver

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Storing the username and password in a cookie is indeed a very bad thing to do. There are numerous ways to steal cookies. If someone stole your cookie they have all the info they need to logon your site.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Senior Member MadBeaver's Avatar
    Join Date
    Jul 2003
    Location
    Bath, Maine
    Posts
    252
    It is on a intranet. The only way you can access the site is through a computer on the network. The password protection is only ment as a deterrentm, like locking your car (If someone really wants to get in they will find a way).

    Could you please tell me a better way to secure the site.

    Also any information about the original issue of having to login twice on the start page would be very helpful.
    Mad Beaver

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by MadBeaver
    It is on a intranet. The only way you can access the site is through a computer on the network. The password protection is only ment as a deterrentm, like locking your car (If someone really wants to get in they will find a way).

    Could you please tell me a better way to secure the site.
    There are numerous ways to do it. This is one way to do it.
    *Note: Only look at the way they've used global.asa. The authentication script is vulnerable to an SQL injection attack (just enter a' or 1=1 -- as a username and a bogus password )


    Also any information about the original issue of having to login twice on the start page would be very helpful.
    Perhaps you are redirecting to a different url? The users would start on webapp.my.domain and after logging on they may be redirected to servername.my.domain. Eventhough webapp.my.domain and servername.my.domain are actually the same machine the cookies will be different.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •