user information persists... is this a session thing? 1

[shaferbus]

OK, I guess this is beyond my newbie brain LOL

I have a workstation (Win2k on Win2k domain) that is used by employees to check their schedules. It sits in a common area and is logged in under a very restricted account I created as sort of a "general" account so everyone could see the ASP page that displays today's schedule.

Also on that page are links to a personal page for each user, which displays their upcoming schedule. These pages have domain security permissions set so that only the employee it's meant for has access. When they click on the link for their name a Windows Network Login box pops up and they have to enter their own login info to gain access to their personal schedule page. Then they are returned to the default "today's schedule" page. This way we can provide users with their own schedule without people whining about "who got what job"...

All of this works just fine. However, once the user has checked his/her schedule, ANYONE can access it after that by just clicking on the link for their name - the network login box is no longer displayed! Obviously their network accout permissions are persisting.

What I want to happen is that they will return to the default page, and only the "general" accout permissions would be in effect. Apparently what I'm getting is permissions in effect for general + user1 + user2 + whoever else checks their schedule.

I was hoping it would be something as simple as "session.abandon", but that doesn't seem to have any effect. Would it make any difference if the personal schedule page opened in a new browser window, so when the window was closed the user's network session was destroyed? Am I looking at a domain setting issue? Or perhaps using "session.abandon" incorrectly? (I put it at the very end of the ASP response page code)

Any thoughts would be appreciated

 

[YNOTU]

I'm going to take a shot in the dark but code would probably help

 

[shaferbus]

Well, OK - If code will help, here's the code. I didn't include it in the original post because the problem is with the network login info persisting (which I'm not certain is related to ASP at all), not with the functionality of the pages themselves...

Here's the ASP code for the form and response pages. Both reference the connection string strConnString in an include page: "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\drivers\Inetpub\

http://wwwroot\_private\fake

schedule.mdb;Persist Security Info=False"

Form Page Code:

<%Dim objCommand
set objCommand = server.createobject(&quot;adodb.command&quot;)

strSQL =             &quot;SELECT schedule.ID, &quot;
strSQL = strSQL &        &quot;schedule.driver, schedule.spot, &quot;
strSQL = strSQL &        &quot;schedule.charter, schedule.depart, schedule.pickup, &quot;
strSQL = strSQL &        &quot;[TimeStamp].[TimeStamp], &quot;
strSQL = strSQL &        &quot;schedule.[date], schedule.[off duty], &quot;
strSQL = strSQL &        &quot;schedule.destination, &quot;
strSQL = strSQL &        &quot;schedule.party, schedule.bus, schedule.[on duty] &quot;
strSQL = strSQL &    &quot;FROM [schedule] LEFT JOIN [TimeStamp] ON (schedule.driver = TimeStamp.Driver) &quot;
strSQL = strSQL &        &quot;AND (schedule.charter = TimeStamp.[Charter#]) &quot;
strSQL = strSQL &        &quot;AND (schedule.[date] = TimeStamp.CharterDate);&quot;

objCommand.ActiveConnection = strConnString
objCommand.CommandText = strSQL
objCommand.CommandType = adCmdText

set rs = objCommand.Execute
set objCommand = nothing
while not rs.EOF

	IF IsNull(rs(&quot;TimeStamp&quot;)) THEN
		strStamped = &quot;New&quot;
		strStampExist = &quot;<font color='#FF0000'><font face='Arial'><em><blink><b><marquee direction='right' width='30%'>New!!!</marquee></b></blink></em></font></font>&quot;
	Else
		strStamped = &quot;Old&quot;
		strStampExist = &quot;   (You last looked at this charter &quot; & rs(&quot;TimeStamp&quot;) & &quot;)&quot;
	End If
%>
	<INPUT TYPE=Checkbox NAME=&quot;stamp&quot; VALUE=<%=rs(&quot;ID&quot;) & &quot;,&quot; & strStamped%>><B>Check this box to select this charter</B> <%Response.Write strStampExist%><br>
<%
	Response.Write rs(&quot;driver&quot;) & &quot;      Bus:&quot; & rs(&quot;bus&quot;) & &quot;<br>Charter # &quot; & rs(&quot;charter&quot;) & &quot; taking &quot; & _
	rs(&quot;party&quot;) & &quot; to &quot; & rs(&quot;destination&quot;) & &quot;<br>Date: &quot; & rs(&quot;date&quot;) & &quot;      On Duty:&quot; & rs(&quot;on duty&quot;) & &quot;<br>&quot; & _
	&quot;Spot Time: &quot; & rs(&quot;spot&quot;) & &quot; at &quot; & rs(&quot;pickup&quot;) & &quot;<br>Depart Time: &quot; & rs(&quot;depart&quot;) & &quot;<br> Off-Duty Time: &quot; & _
	rs(&quot;off duty&quot;) & &quot;<br> <hr>&quot;
	rs.MoveNext
wend
%>
<hr>
<p>Click this submit button to update the timestamps</p>
<INPUT TYPE=&quot;SUBMIT&quot; VALUE=&quot;Click here to OK the selected charters&quot;>
</FORM>
<%
rs.close
set rs = nothing
%>

Response Page Code:

<%
Dim objConn, rsCharter, objInComm
Dim objWSC, strDriverName, strDisplayName, intNameLength
set objWSC = server.CreateObject(&quot;Wscript.Network&quot;)
strDriverName = objWSC.UserName
strDisplayName = Left(strDriverName, 1) & &quot; &quot;
intNameLength = Len(strDriverName)-1
strDisplayName = strDisplayName & Right(strDriverName, intNameLength)%>

<p align=&quot;left&quot;><font size=&quot;5&quot;><span style=&quot;text-transform: capitalize&quot;><%response.write strDisplayName%></span></font></p>

<%
'Open connection object
set objConn = server.createobject(&quot;adodb.connection&quot;)
objConn.open strConnString, &quot;Admin&quot;, &quot;&quot;

' *** TEST EACH RECORD AND UPDATE/CREATE THE TIMESTAMP FOR EACH ***
For i=1 to Request.Form(&quot;stamp&quot;).COUNT
	DriverArray = Split(Request.Form(&quot;stamp&quot;)(i),&quot;,&quot;)
	KeyNum = DriverArray(0)
	strAge = DriverArray(1)
	If strAge = &quot;New&quot; then 
	
			'*** CREATE A NEW TIMESTAMP RECORD FOR THIS CHARTER ***
		set rsCharter = Server.createobject(&quot;adodb.recordset&quot;)
		rsCharter.open &quot;select * from schedule WHERE ID LIKE &quot; & DriverArray(0), objConn,3,3
		
		TSsql = &quot;INSERT INTO [TimeStamp] (Driver, [Charter#], CharterDate, [TimeStamp]) &quot; & _
		&quot;VALUES ('&quot; & rsCharter(&quot;driver&quot;) & &quot;', '&quot; & rsCharter(&quot;charter&quot;) & &quot;', '&quot; & rsCharter(&quot;date&quot;) & &quot;', '&quot; & Now() & &quot;');&quot;
		
		response.write rsCharter(&quot;date&quot;) & &quot; to &quot; & rsCharter(&quot;destination&quot;) & &quot;<br>       Bus: &quot; & rsCharter(&quot;bus&quot;) & _
		&quot;    Spot: &quot; & rsCharter(&quot;spot&quot;) & &quot;    at &quot; & rsCharter(&quot;pickup&quot;) & &quot;<br><hr>&quot;
		
		rsCharter.close
		objConn.execute TSsql
		set rsCharter = nothing
		set objInComm = nothing
		
	Else
			'***UPDATE THE TIMESTAMP ON THE EXISTING RECORD***
			set rsOld = Server.createobject(&quot;adodb.recordset&quot;)
			
		
		strSQL =             &quot;SELECT * &quot;
		strSQL = strSQL &    &quot;FROM [schedule] LEFT JOIN [TimeStamp] ON (schedule.driver = TimeStamp.Driver) &quot;

		strSQL = strSQL &        &quot;AND (schedule.charter = TimeStamp.[Charter#]) &quot;
		strSQL = strSQL &        &quot;AND (schedule.date = TimeStamp.CharterDate) &quot;
		strSQL = strSQL &    &quot;WHERE (schedule.ID LIKE &quot; & DriverArray(0) & &quot;);&quot;
		
		rsOld.open strSQL, objConn, 3, adLockOptimistic, adCmdText 
		rsOld(&quot;TimeStamp&quot;).Value = Now()
		rsOld.update
		response.write rsOld(&quot;date&quot;) & &quot; to &quot; & rsOld(&quot;destination&quot;) & &quot;<br>       Bus: &quot; & rsOld(&quot;bus&quot;) & _
		&quot;     Spot: &quot; & rsOld(&quot;spot&quot;) & &quot;     at &quot; & rsOld(&quot;pickup&quot;) & &quot;<br><hr>&quot;
		rsOld.close
		set rsOld = nothing
	End If
Next

objConn.close
set objConn = nothing
session.abandon
%>

Any ideas?

 

[foxbox]

I recognize your problem...
Once the users has enetered the information in the Network Login window this is persisting. You can not 'logoff'. The only way to do that is to close all browser windows. After restarting Windows will ask you again a Network Login.
You could write a logoff page with a window.close, but -IMHO- you never are sure that the user is really closing...
Maybe you are familiar with Outlook Web Access? When you try to logoff you will see a page with tells you to close all windows....
Your source is not the problem.


hth,
Foxbox

 

[shaferbus]

AHA! So I have to close ALL browser windows... hmmmm...

Thanks for the info foxbox! You get a star!

Looks like I'm going to have to make a change in how the users get to their personal pages - at least from that central workstation. If you looked at the code, you probably gathered that they are drivers, so they don't use a workstation in the course of their daily jobs. That's why I'm trying to make it all "point and click". The central "today's schedule" page was a user suggestion, and a good one, but it looks like it I'll have to find another way to display that. In the meantime, I'll just put links to the individual pages on the desktop, and they'll just have to close the browsers when they're done - at least until I figure out how to do that programmatically!

Any suggestions on a non-browser method of displaying a self-refreshing page of data based on an Access db? (And I can't use Access itself, because if it's open in Access the ASP pages won't work)

 

[foxbox]

Thankx for the star! I must admit that i skipped your code because i knew it is not the source of your problem.
I'm doing ASP programming only [oke: i know Clipper too! ;-)].
Is the daily schedule so secret that it is eyes-only? Based on our central CRM activity database i wrote a calendar that is displaying all activities for one person in one month. First it was a 'My activities' page, but i changed that, and now you can inquiry any salesrep (<SELECT>)...


hth,
Foxbox

 

[shaferbus]

LOL - no, it's not Top Secret. In fact, currently the full schedule is posted on paper for all to see. Problem is, in the charter business things are changing all the time, and keeping the paper schedule up to date has been an unweildy task - hence the online version. The data is exported in one step from our charter software, and everything updates automatically.

There are two reasons for the individual schedules. There is some interaction on the user's part - there's a checkbox for each trip that they check to acknowledge they are aware of and accept the trip. Don't want driver A checking off driver B's runs, or we end up with 50 people standing in the cold with no bus! Plus, it seems that when everyone knows everyone's schedule there's a lot of the &quot;why does he get all the good trips?&quot; type of thing.

The way I have it set up now, the browser runs in &quot;kiosk&quot; mode, with &quot;Today's schedule&quot; as the home page. Every one seems to like that, because they can see at a glance what's supposed to be going on today (and it often catches problems like &quot;why isn't Joe here - he leaves in 10 minutes&quot. Works nicely, except for that permissions thing... which won't be a problem when I make the site available on the web for the drivers to access from home, so I haven't wasted my efforts!

Oh, and I was incorrect in what I stated about which permissions remain in effect - it's the &quot;general&quot; account + the last driver that checked his schedule, not ALL drivers that checked.

Well, now that you have pointed me in the right direction, I'll figure it out! Thanks again!

 

[YNOTU]

I did say &quot;a shot in the dark&quot;

Glad you found the problem

 

[shaferbus]

True enough

Actually, I'm really glad you asked! It forced me to clean up the code so I wouldn't look like a TOTAL rookie LOL.

 

[shaferbus]

For anyone who runs into the same problem, here's how I solved it. I'm sure it won't work for everyone, but in my situation it's workable.

As foxbox pointed out, the user login session does not end until all browser windows are closed - but what is not immediately apparent is that this only applies to instances of the browser application used to log in, NOT all browsers!

In my case, we were using IE 6.0 to view the ASP pages on the shared workstation, and as long as any IE browser window was open, the login persisted. After entertaining using Excel, Access, etc to display our &quot;always-on&quot; schedule page, it occurred to me to try using two different browsers for the two functions. I installed Netscape 7.1 on the workstation to display the schedule page, and left enough desktop showing to display IE shortcuts for the employee's personal pages. I modified the ASP code to close the IE browser when the user was finished (it prompts for an OK, but I can live with that). The Netscape browser remaining open has no effect on user login permissions for the IE pages.

Hope that helps someone