Cincom VisualWorks Web Toolkit Tutorial : Using Query Strings

Using Query Strings

We can improve the login process, especially if the employee fails to login correctly.

In this lesson, we will use query strings to make the login page more friendly. However, in order to do that, the login page must now become an SSP instead of a plain HTML file because it must contain logic. Is the page is being displayed for the first time or did the employee fail to login correctly? The use of query strings will solve this question.

1. If VisualWorks is not already running, please start running it now, load the Web Toolkit parcel and start a Tiny HTTP server. You should also file in the code from Toyz Inc 1 and make sure the initialize method of the Filestuff class sets the correct location of the directory variable (i.e. the directory that contains the 3 data files).

2. Start with the file validate1.ssp from the previous lesson.

3. Modify the two lines that contain the redirectTo: method. The change would be as follows:

ifTrue: [ response redirectTo: 'home2.ssp'.]
ifFalse: [ response redirectTo: ('login2.ssp?msg=111').].

The line of interest is the second line. Note the question mark followed by msg=111. This is an example of how to pass data to an SSP page using query strings. The question mark informs the web server that what follows is a "named pair" - a variable (msg) and a value (111) separated by an equal sign. There can be no spaces bewteen the variable and the value. You can use "spaces" for the value by substituting a space with the characters %20 (as many as you have). The variable you use can be anything string of characters you want - it is completely arbitrary as to what you use.

4. Save the file as validate2.ssp in the teach directory.

5. It's possible that the employee bookmarked the home page after a successful login. We set the expiration of the cookie for 90 days. If the employee comes back to the home page via the bookmark after 90 days, it will not find the cookie. In this case, we should redirect the employee back to the login page with an appropriate message.

6. Start with the file home1.ssp from the previous lesson.

7. Insert logic to check for the presense of the cookie. If the cookie still exists, welcome the employee as usual and provide a link to the Cincom home page. If the cookie has expired, inform them of this and provide a link back to the login page. The code change would be as follows:

<%
employeeCookie := request cookieValueAt: 'employee'.
(employeeCookie size) = 0
ifTrue:
[
response write: '<h5>Your cookie has expired.</h5>'.
response write: '<a href=login2.ssp?msg=222>Please Login Again</a>'.
]
ifFalse:
[
response write: ('<h3>Hello ',employeeCookie,'</h3>').
response write: '<br><br>'.
response write: '<a href="http://www.cincom.com">Cincom Home Page</a>'.
].
%>

8. Save this file as home2.ssp.

9. Finally, the modification to the login page. Start with the file login1.htm from the previous lesson. Insert code to extract the value of the query string parameter and display an appropriate message based upon its value. Place the following code bewteen the <hr> line and the <form> line. The change would be as follows:

<hr width="75%" size=4>
<%
message := request anyParameterValueAt: 'msg'.
(message size) > 0
ifTrue:
[
response write: '<font color=red>'.
(message = '111')
ifTrue: [ response write: 'Login incorrect. Please try again'.].
(message = '222')
ifTrue: [ response write: 'Cookie has crumbled. Please login again'.].
response write: '</font>'.
]
ifFalse:
[ response write: 'Welcome to the TEACH login page.<br>'. ].
%>
<form action=validate2.ssp method=post name=form2>

10. Save this file as login2.ssp.

11. Test your changes.

Why can't we just redirect the user to the login page if their cookie has expired?

For example, the following code should work. However, to fully explain why it will not, the HTML that preceeds this code block is presented as well.

<html>
<head>
<title>Toyz Inc. Home Page</title>
<link rel="stylesheet" type="text/css" href="toyzinc.css">
</head>
<body bgcolor=white>
<center>
<hr width="75%" size=4>
<table border=0 cellpadding=2 cellspacing=2 width=75% bgcolor=#FFFFFF>
<tr>
<td width="40%" align=right>
<img src=images/toyzinc.gif>
</td>
<td width="50%" align=left>
<h3>
Toyz Inc.
<br>
Employee
<br>
Accreditation &
<br>
Course
<br>
History
</h3>
</td>
</tr>
</table>
<hr width="75%" size=4>
<%
employeeCookie := request cookieValueAt: 'employee'.
(employeeCookie size) = 0
ifTrue:
[
response redirectTo: ('login2.ssp?msg=222').
]
ifFalse:
[
response write: ('<h3>Hello ',employeeCookie,'</h3>').
response write: '<br><br>'.
response write: '<a href="http://www.cincom.com">Cincom Home Page</a>'.
].
%>

The problem here is where the redirect occurs. All of the HTML above the code block has already been sent out by the web server. The web server, at this point, has no clue that a redirect is going to occur. As soon as the web server sees its first HTML tag, it assumes this is a "normal" SSP page and starts pumping everything out to the data stream. All of a sudden, it gets a statement to redirect to another page.

This is not allowed!!

Once the web server starts outputting data to the HTML data stream, it cannot be given a redirect command. This must always be kept in mind when dealing with a redirect.

The solution would be to place the code block at the very beginning of the SSP and check for the presence of the cookie before any HTML is sent to the output buffer. However, this would require you to totally restructure the entire page. At this point in the tutorial, the solution is beyond the scope of what has been covered so far.

Congratulations! Phase 2 of the login process is complete

You now should be able to:

	Pass data to an SSP page via a query string
	Extract data from a query string
	Identify the limitation of a redirect statement