For logging purposes i want to log the redirect target of the current request to a database. how can i read the readirect target of the current request. keep in mind that i do not want to log on every Response.Redirect. I want the logging to take place in a central location. this location might be Application_EndRequest. I have tried to read the Repsonse.Headers collection to read the location header but is is not there.
In your Application_EndRequest event, you can read the following two properties on your Response object:
Response.StatusCode will be set to 302 on redirects.
Response.RedirectLocation will be set to the URL where the browser will be redirecting.
Can you "invert" problem?
I mean property HttpRequest.UrlReferrer - can expose where you came from, so you could filter pages where UrlReferrer = 'login page' and log them to DB
Related
I have looked through many sites but I have yet to find the answer to this question:
I have a login page and after the user logs in I want to redirect to a completely different URL. But while redirecting it I want to pass the username with the http request. So for example:
request.setHeader(“test”,“testing.request) and then from the server side they can retrieve the header by request.getHeader(“test”).
I assume that with "redirect" you mean doing response.sendRedirect(newURL);. That means, that your login servlet, after a successful login, tells the browser, that it should send new request. The new request uses GET method, so the only way to add parameters is to add them directly to the new URL, e.g. response.sendRedirect("http://your.server/new/location?username=johndoe");.
If you want to use and modify the original request, I would suggest you to read http://www.javapractices.com/topic/TopicAction.do?Id=181 (Forward versus redirect).
I am trying to set a custom header variable after doing a lookup in SQL Server and then redirect the user while still having access to the variable. I have tried:
Response.Addheader "custvar", customvariable
Response.Redirect("http://example.com")
But when I get to example.com the header is not present. Is there another way to do this? I am using IIS and have tried the simple ASP above so far.
I don't think it is possible to do it with header.
What Response.Redirect effectively does is it sends the 302 result (Found or Moved Temporarily) to a browser. Then browser makes another call to the address which was provided in 302 result. This means that you are creating a response header for 302 result, but this header has no way to be used in subsequent result to example.com.
If you want to pass some information between requests and request is made to the same site you could set a cookie and it will be sent during your redirect. If you control the site where you redirect to you can also use query string to pass the required parameters. Of course you should not add sensitive information to either cookie or query string.
I agree with #dotnetom. I use response.redirects with variables passed in query string very successfully throughout my application to achieve this result along with variable i wish to pass. Non sensitive data caveat of course also.
Add the custom header as per instructed here
adding custom header with classic asp
and then add the redirect manually without the re-direct
eg.
Response.Addheader "custvar", customvariable
Response.Status="301 Moved Permanently"
Response.AddHeader "Location", "http://www.thenewpage.com"
How to maintain constant URL?
For example:
http:// test23232 /temp/temp.aspx?a=1&b=1
a,b,query string parameter name get differ dynamically page to page(want to use those parameter but not dispaly for users)
While redirecting ,whatever the value present after ? should be removed and final URL displayed to users:
http:// test23232 /temp/temp.aspx or http:// test23232 /temp
Or any constant url post login mentioned throughout entire application.
I can acheive this by iframe, but how can I do by doing web.config through rule or global ascx.
or
whatever page redirect
http : //localhost /test/security / login.aspx
http : //localhost /test/security / main.aspx
http : //localhost /test/security / details.aspx
I want to show to browser as
http :// localhost / reap/ security /
Is it possible?
Use Session to store the values of a and b and keep the url simple.
You can send the necessary parameter using post method instead of get method.
More secure way of passing them is to store them into session variable.
that might make it more "secure" since then the client cannot change the variables by editing the source.
It will depends on how you really want to do.
The session parameters will keep on changing dynamically for every request.We can go for cookies.
Yet this link might be useful for url rewriting
Is there a way to know if the request has been redirected or forwarded in the doGet method of a Servlet?
In my application, when a user (whose session has timed out) clicks on a file download link, they're shown the login page, which is good. When they login, they are immediately sent the file they requested, without updating the page they see, which is bad. Basically, they get stuck on the login screen (a refresh is required).
What I want to do is interrupt this and simply redirect to the page with the link, when a file is requested as a result of a redirect.
Perhaps there are better ways to solve this?
The redirect happens client-side. The browser is instructed by the previous request to send a new request, so to the server it does not make a difference. The Referer header might contain some useful information, but it's not certain.
When redirecting you can append some parameter, like ?targetPage=dowloadpage and then check if the parameter exists. You may have to put this in a hidden field on the login page if you want it to be transferred through multiple pages.
If you're using container managed authentication, then I don't believe you can detect this since the server will only involve your resource once authentication has been completed successfully.
If you're managing authentication differently, please explain.
So I read an article on Response.Redirect that say's "its like a suggestion" as compared to Server.Transfer which happens whether the client wants to or not. What does this mean? Is there some kind of event that we can offer a user to say "well nope nm I don't want to redirect to that page"?
Server.Transfer will execute the new page immediately and send its result to the client.
The client stays at the original URL doesn't see anything unusual.
Response.Redirect sends a special code, called an HTTP 302, that tells the client to send a new request to a different URL.
Response.Redirect
Response.Redirect will navigate to the url specified.
From MSDN
Any response body content such as displayed HTML text or Response.Write text in the page indicated by the original URL is ignored. However, this method does send other HTTP headers set by this page indicated by the original URL to the client. An automatic response body containing the redirect URL as a link is generated. The Redirect method sends the following explicit header, where URL is the value passed to the method, as shown in the following code:
Server.Transfer
Server.Transfer will execute the url passed in but maintain the url transfered from.
From MSDN
When you use the Transfer method, the state information for all the built-in objects are included in the transfer. This means that any variables or objects that have been assigned a value in session or application scope are maintained. In addition, all of the current contents for the Request collections are available to the .asp file that is receiving the transfer.
Here's an article discussing and comparing the two.
It's "like a suggestion" in the sense that when the client requests a url that's redirected, the server responds with "that object has moved...find it here." When you do Server.Transfer, you immediately respond with the output of the page to which you're transferring.
There's nothing in either process you could hook into to give the user any choice...you'd have to respond with a 200 and implement the choice to the user through logic.
Response.Redirect involves a "roundtrip" to the server whereas Server.Transfer conserves server resources by "avoiding the roundtrip". It just changes the focus of the webserver to a different page and transfers the page processing to a different page.