|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
HEAD and GET requests
I have to write some asp pages that react to HEAD and GET requests. The scenario is this: This is going to be a WAP site. When someone goes to the main page, it is redirected to a payment server. The payment server then issues a HEAD request for which the IIS Server has to return some specific header fields. After this, the payment server takes care of how the client pays, etc. When everything is fine, it issues a GET request, for which the actual content must be returned. According to the documentation that I have, this can be quite simply achieved: pay_main.asp <%Response.AddHeader "Header1", "Value1"%> .... <wml> .... <!-- content --> </wml> This way for HEAD requests the server will send the appropriate header information and for GET requests it will return the whole content. Now what I want to do is set up a session variable that indicates if the payment already took place. I could do this in VBScript after adding the header fields to Response. But I don't know whether the server-side VBScript (apart from the Response.AddHeader... statements) gets executed when the server replies to HEAD requests, or only when it replies to GET requests. If it does, then I'll have to find some way to somehow determine whether the server is currently replying to a GET or a HEAD request (in the first case the payment has already taken place). Is there any way to do this? What you want to do is very possible with ASP -- part of what it was
designed to do. Remember, ASP is just as powerful as PHP and ASP.Net -- what distinguishes them is mainly available class libraries and design paradigm. In terms of raw functionality, they are pretty much equivalent. For example, it is ASP that popularized the notion of having server-side script execute to generate the response, which itself can contain client-side script. Of course, in the ASP file both client and server sid script looks like the same script, hence some obvious confusion (unless you follow a good design paradigm -- something ASP.Net later fixed). So, for all practical purposes, you should consider the server-side script executed to generate the response. It is ASP's job to figure out how to handle GET/HEAD correctly. Consider the following ASP page: <% Response.AddHeader "Header1", "Value1" Response.Write "Hello World" Response.AddHeader "Header2", "Value 2" %> If ASP works the way you are hypothesizing, how would ASP be able to execute statements sequentially, yet not send entity body but send both response headers for a HEAD request? Thus, you will need to use Request.ServerVariables("REQUEST_METHOD") to distinguish between HEAD/GET. FYI: Your payment/authorization model seems quite weird to me. Authorization is purely based on a property of the request (i.e. GET vs. HEAD). There is no verification on the WAP generation on IIS -- so why bother authorizing? You are going to have to prove that your custom scheme is able to deal with replay, spoofing, and man-in-the-middle security attacks if you ever plan to charge for services -- and the responsibility is squarely on you since it is your custom scheme. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Agoston Bejo" <gu***@freemail.hu> wrote in message I have to write some asp pages that react to HEAD and GET requests.news:e6HmxfILFHA.580@TK2MSFTNGP15.phx.gbl... Hello, The scenario is this: This is going to be a WAP site. When someone goes to the main page, it is redirected to a payment server. The payment server then issues a HEAD request for which the IIS Server has to return some specific header fields. After this, the payment server takes care of how the client pays, etc. When everything is fine, it issues a GET request, for which the actual content must be returned. According to the documentation that I have, this can be quite simply achieved: pay_main.asp <%Response.AddHeader "Header1", "Value1"%> .... <wml> .... <!-- content --> </wml> This way for HEAD requests the server will send the appropriate header information and for GET requests it will return the whole content. Now what I want to do is set up a session variable that indicates if the payment already took place. I could do this in VBScript after adding the header fields to Response. But I don't know whether the server-side VBScript (apart from the Response.AddHeader... statements) gets executed when the server replies to HEAD requests, or only when it replies to GET requests. If it does, then I'll have to find some way to somehow determine whether the server is currently replying to a GET or a HEAD request (in the first case the payment has already taken place). Is there any way to do this?  |
|||||||||||||||||||||||
Other interesting topics