locked
URL validation using Session & Cookie RRS feed

  • Question

  • User-331012720 posted

    Hi,

    I am creating a functionality in which I have to check that if user has changed the URL or not. I am creating a blog type functionality where I create subdomain for different blog. e.g. abc.mysite.com, xyz.mysite.com. I have implemented the sub domain functionality & its running fine. Now, my issue is, if someone open the page abc.mysite.com & then he change it to any other URL like aaa.mydomain.com then I have to check the validity of this URL & if it is not valid, I will again open the abc.mydomain.com url. I have implementd the validity section. But I have some doubt how to implement the redirection step.

    For this purpose, I save the URL in session & when someone enter the modified URl (aaa.mysite.com), I check the validity in Applicaion_AcquireRequestState event in global.asax. If this is not valid alias/sub domain (I have a list of my sub domains), I am to show the response according to previoulsy saved URL which I saved in Session (If session is not present, for first time request, then I will show mysite.com home page).

    Now I have two questions:

    1. How to force the previously saved URL response. Should I use Response.Redirect("My_Previous_URL")? I am performing this validation in Applicaion_AcquireRequestState event in global.asax.

    2. If user changes the abc.mydomain.com to www.mysite.com in in browser's address bar & press the enter, I have to show the response of abc.mydomain.com. Because he has changed the URL. But If I have given any link in my page for www.mysite.com & user press this link the he should go to www.mysite.com.

    I am thinking to implement three way validation, current URL, URL stored in Session & third one via cookies. If I save previos URL info in cookie & then retreive it to check the URL, How will I identify for "www" ? How can I identify that user has chnaged in address bar or he has pressed any link on my page.

    This is a bit complex, but I will appriciate if someone helps to find me correct way.

    --

    Anuj Rathi

    Sunday, December 30, 2012 7:30 AM

Answers

  • User1779161005 posted

    New tab, new window and even if user launch same bowser again all will run under same session. ( IE 6 is exception ).

    right -- the same session is the problem. he's using one session variable for the 2 different tabs then. if they navigate different places, then one will always be broken/wrong. this is a classic problem with session state and one of the *many* reasons session is a bad idea.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, December 31, 2012 1:15 PM

All replies

  • User1779161005 posted

    If the user opens two tabs/windows your scheme will break. Consider appending a hash on the URL (as a query string param) to validate it.

    Sunday, December 30, 2012 2:10 PM
  • User-1555788080 posted

    @BrockAllen : I think his scheme will not break if two tabs/windows are open.

    New tab, new window and even if user launch same bowser again all will run under same session. ( IE 6 is exception ).

    Monday, December 31, 2012 8:37 AM
  • User1779161005 posted

    New tab, new window and even if user launch same bowser again all will run under same session. ( IE 6 is exception ).

    right -- the same session is the problem. he's using one session variable for the 2 different tabs then. if they navigate different places, then one will always be broken/wrong. this is a classic problem with session state and one of the *many* reasons session is a bad idea.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, December 31, 2012 1:15 PM