I've implemented a security method where a user goes to a page, if they are are session authenticated, they redirect to a central login page, and then if they login correctly they are redirected back to the originating page with the session variable true. I'm basically using javascipt to accomplish this at the top of each file I want to protect:

if(Session("Authenticated") != "-1")
  {
	var curLoc = "http://" + Request.ServerVariables("SERVER_NAME") + Request.ServerVariables("URL");
	Response.Redirect("http://" + Request.ServerVariables("SERVER_NAME") + "/security/login.asp?destPage=" + curLoc);
  }

The destination page is passed in the querystring, and that's how it knows where to go back to. Our servers are set up so that we have a production server, and then the test server is a virtual directory off the main web, so our paths look like intranet.domain.com, and our test environment is test.domain.com, but they are technically in the same "website" under IIS.

My process works in the test environment, but doesn't in the production environment. It is the same code, so I don't know what else could be causing it to have problems. The redirects are working, and the login is passing, its just not getting the session variable in the prod setting - it just goes in an endless loop. What else can I look for that might be different between the two domains? Thanks!

shouldn't that be

if(Session("Authenticated") != "-1")
  {
	var curLoc = "http://" + Request.ServerVariables("SERVER_NAME") +"/"+ Request.ServerVariables("URL");
	Response.Redirect("http://" + Request.ServerVariables("SERVER_NAME") + "/security/login.asp?destPage=" + curLoc);
  }

shouldn't that be

if(Session("Authenticated") != "-1")
  {
	var curLoc = "http://" + Request.ServerVariables("SERVER_NAME") +"/"+ Request.ServerVariables("URL");
	Response.Redirect("http://" + Request.ServerVariables("SERVER_NAME") + "/security/login.asp?destPage=" + curLoc);
  }

Hmmm, for some reason it isn't, or at least your code puts an extra "/" in. The Request.ServerVariables("URL") is including the leading "/". I dunno, our setup is messed up, the test environment is different than the prod environment, no one knows whats all been done to each, and I'm trying to find a needle in a haystack to figure out what small difference is causing this problem!

This article has been dead for over six months. Start a new discussion instead.