Product: MapXtreme
Version: 2.5
Platform: Windows NT/2000
Category: Code Samples
Summary:
CreateUniqueFileName() in MiUtilities.ASP does not account for possibility of duplicate keys in cookie.
Question:
There seems to be a problem with CreateUniqueFileName(). It returns an invalid filename when used with a cookie like this:
MenuControl=setLevel%28%27PORT_TOP%27%2C%27PORT_300%27%2C%27PORT_310%27%29; UserName=ORACLE; DSN=%5Ctest%2Edsn; BigSession=sort2=+ORDER+BY+&ARCHIVE=FALSE&sort=&ENTRY=LEASE&COUNTER=10&SQL=+AND+UPPER%28LS%2EFILE%5FCLIENT%5FID%29+LIKE+%27%27%25069%25%27%27++AND+%28LS%2EPUBLISHED%5FFLAG+%3D+%27Y%27%29; ClientTime=7; AdjustTime=0; ASPSESSIONIDGGGGQUEY=HAFBNGHCHEOMFJNFLCFDFPBG; UserName=ORACLE; ASPSESSIONIDGQQQGJQQ=BDFHNGHCJFGKPANNKFEGJACD
For the above cookie, the filename returned is:
"HAFBNGHCHEOMFJNFLCFDFPBG; UserName=ORACLE; ASPSESSIONIDGQQQGJQQ=BDFHNGHCJFGKPANNKFEGJACD"
The relevant code in CreateUniqueFileName() is as follows:
' HTTP_COOKIE should contain "ASPSESSIONID=some_value".
strSesnID = Request.ServerVariables("HTTP_COOKIE")
i = InStr(1, strSesnID, "ASPSESSIONID")
If i <> 0 Then
j = InStr(i, strSesnID, "=")
If j <> 0 Then
strFileName = Right(strSesnID, Len(strSesnID) - j)
End If
End If
The duplicate parameter problem could be avoided by adding a line or so of code before the first End If to test for the existence of semi-colons in the first draft of strFileName (it looks as if it is assumed that the ASPSESSIONID parameter is the last parameter):
'add the following line to get rid of possible duplication and/or further semicolon-delimited parameters (?):
strFileName = Left(strFileName, instr(1, strFileName & ";", ";") -1)
However, this will return the first SessionID string instead of the second one -- maybe the final SessionID string is more likely to be valid?
Answer:
The fix to miUtilities.asp completed today fixes the problem reported above. Lines shown below in blue were added, starting around line 46 of the source file.
strSesnID = Request.ServerVariables("HTTP_COOKIE")
i = InStr(1, strSesnID, "ASPSESSIONID")
If i <> 0 Then
j = InStr(i, strSesnID, "=")
If j <> 0 Then
strFileName = Right(strSesnID, Len(strSesnID) - j)
j = InStr(1, strFileName, ";")
If j <> 0 Then
strFileName = Left(strFileName, j-1)
End If
End If
End If
This fix does strip off the first session ID in the cookie which may not be the latest but is adequate for the purposes of getting a session filename prefix (as the first session ID stripped off is or was a session ID for this user's session) and a suffix is appended containing the date/time plus a random number.
If this is not adequate for any reason, the last occurrence of the name/value pair may be obtained by looking for the last occurrence of the name ASPSESSIONID as follows (this is untested) :
i = InStr(1, strSesnID, "ASPSESSIONID")
If i <> 0 Then
Dim k
k = i
While k <> 0
i = k
k = InStr(i+12, strSesnID, "ASPSESSIONID")
Wend
j = InStr(i, strSesnID, "=")
If j <> 0 Then
strFileName = Right(strSesnID, Len(strSesnID) - j)
j = InStr(1, strFileName, ";")
If j <> 0 Then
strFileName = Left(strFileName, j-1)
End If
End If
End If
Last Modified: 10/10/2001 10:24:06 AM
|