BASE64 Encoding and don't want to use session variables

Hello again all,

I've finished my whole application and now I don't like the whole
session variables that I am using.  I have a form, user fills in info
clicks submit and using CDOSYSMail an email link gets created with an
encoded query string. i.e
http://www.yahoo.ca?#$@%@&#%#$@&^@%# which translates into
http://www.yahoo.ca?userID=54&LocationID=Denver.

Now when the user get's this email and clicks on the link I have a
decode function(again using BASE64) that takes that url and decodes it
to http://www.yahoo.ca?userID=54&LocationID=Denver.  My app then
connects to the database and pulls info associated with that
querystring.  I am doing the passing from page to page using session
variables.  I do not want to do this?  Any ideas How I can take what
is encoded in the url link and decode it on the next page?  Let me
know if there is a simple solution to this. I love the encode/decoding
function.  Thanks very much.

Right now I have on one page i.e Page1.ASP
[code]
userID = oCmdInfo.Parameters("User_ID").value
LocationID = oCmdInfo.Parameters("Location_ID").value


SessionUserEncode = base64_encode("UserID=" & userID )
SessionLocationEncode = base64_encode("LocationID =" & LocationID)

[/code]

On the receiving page (Pagereceive.asp) I have
[code]
SessionUserDecode = base64_Decode(SessionUserEncode)
SessionLocationDecode = base64_decode(SessionHardwareEncode)
[/code]

This will work if I am the user who does all the inputting of the form
and my browser is still open when I receive the email link and click
on it.  If my browser is closed the session get's lost obviously.

BASE64 Encoding and don't want to use session variables

What does that mean?  You don't like session variables at all?
You don't like the set of session variables you are using?
Why don't you like them?


Why?  Without knowing that it's difficult to determine what is an
appropriate alternative.


In that case store session details in a DB.  You will need to manage session
lifetime yourself though.

BASE64 Encoding and don't want to use session variables

Anthony,

Thanks for the reply.  No, it does not mean that I do not like session
variables at all.  What it means is that session variables will not
work in this case.  What is happening is a user fills out a form and
an email link goes to someone else.  When the receiving user clicks
the link he/she is getting the error: record does not exist because
the session expires as soon as the user fills out the form, presses
submit and closes his/her browser.  So in this case I can't use
session variables because it does not work.  This is why I am looking
for an alternative.  Hope this is clearer.  Thanks Anthony.

BASE64 Encoding and don't want to use session variables

session

If the link is going to a different user then you could never have expect
the receiving user's session to be the same as the generating user even if
the original user didn't close their browser.  Each browser process will get
its own ASP session.

Since you are sending a link by email which has a potentially long delivery
time you need to persist the required data somewhere that will survive even
a server reboot.  IOW you need to store all the required info in a DB.

BASE64 Encoding and don't want to use session variables

Sorry not following your last part.  All the required info is in a
db(oracle).  My stored procedure pulls the last returned values for
UserID and LocationID and then I use those values to carry them to the
URL and once the URL is clicked the values are then searched for in
the DB.  Sorry am I missing something.

BASE64 Encoding and don't want to use session variables

an
decodes it
session
encode/decoding
form
click
expect
if
get
delivery
even
Hide quoted text -


Since A) the UserID and LocationID is encoded in the URL and B) all other
data is already in the DB what did you need the Session object for in the
first place??

Once the receiving user clicks the URL the requested page can decode the
UserID and LocationID (not sure why you're bothering with that step BTW) and
can then query the DB.

BASE64 Encoding and don't want to use session variables

most proficient with ASP.  You have basically just described what I
need but have no idea how to code that:)  You are right, I didn't need
session variables but I have no idea how to pass the data from page to
page except using the request.querystring.  But if I use this as well
as the encoding, for some reason I can't get it to decode the URL.
Your help would be appreciated just to start me off Anthony.  I have
one page that is a form, another page that receives the form
information and inserts into the database and send an emailed URL.
When the user clicks the URL, this is the page that I have no idea on
how to decode the contents of the URL because I need to pass the
encoded values from the last page to this page.  Sorry my explaination
is not the best.  This is what I tried to do with session variables
[code]
LastID = oCmdUserInfo.Parameters("User_ID").value
LocationID = oCmdUserInfo.Parameters("Location_ID").value

SessionUserID = base64_encode("UserID=" & LastID)
SessionLocationID = base64_encode("LocationID=" & LocationID)

----this code will then go on the next page
SessionDecode = base64_Decode(SessionUserID)
SessionLocationDecode = base64_decode(SessionLocationID)
[/code]

Your probably laughing at me right now:)

Lets put the base64 stuff to one side to make things a bit clearer (andbecause

Lets put the base64 stuff to one side to make things a bit clearer (and
because it isn't much use).

The key thing here is that you creating a URL that is sent to another person
via email and the querystring portion of the URL (some times known as the
search string) contains 'session data' you need to transfer.

http://yoursite.com/receivepage.asp?userID=54&locationID=Denver

The code in the receivepage needs to do the following:-

SessionUserID = Request.QueryString("userID")
SessionLocationID = Request.QueryString("locationID")

BASE64 Encoding and don't want to use session variables

O.k I got you on that and that is what I did on the receiving side.
What is next?

BASE64 Encoding and don't want to use session variables

person
the
text -

That depends on what you want to do next.  You've got your values in to
variables I thought that was the only thing you were having trouble with.

If you want to persist those values for other pages that the receiving user
may visit on your site now you can place them in the session object:-

Session("UserID") = SessionUserID
Session("LocationID") = SessionLocationID

Then in other pages you can do:-

SessionUserID = Session("UserID")
SessionLocationID = Session("LocationID")

BASE64 Encoding and don't want to use session variables

I believe he does not want to send these values in the clear. I think
what he needs is:

SessionUserID = Request.QueryString("userID")
SessionLocationID = Request.QueryString("locationID")
SessionUserDecode = base64_Decode(SessionUserID )
SessionLocationDecode = base64_decode(SessionLocationID )


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

BASE64 Encoding and don't want to use session variables

Base64 is in the clear.

A better mechanism would be to store the UserID and location in a DB table
along with a GUID base unique identifier and a expiry datetime.

Place the GUID in the URL.

The receiving page can then use the GUID retrieve the values.  That way the
actual values never leave the server.
The receiving page can delete the GUID record to enable a use once
behaviour.

BASE64 Encoding and don't want to use session variables

Anthony and Bob, thank for the suggestions.  I am going to try the
SessionUserID = Request.QueryString("userID")
SessionLocationID = Request.QueryString("locationID")
SessionUserDecode = base64_Decode(SessionUserID )
SessionLocationDecode = base64_decode(SessionLocationID )

If it is not what I need I will try the GUID in the url.  Thanks again
everyone.