S/Web User Manual

Frequently Asked Questions (FAQ)

How do I set the content type of the HTTP Response?

Use the TYPE property of the RESPONSE object.

How do I dynamically change the SWEB_ procedure that is executed?

Use the PROCNAME property of the RESPONSE object.
e.g. - if you wanted to run SWEB_PROC2 then you could use:

newProc = "SWEB_PROC2"
call www_Set_Property( "REQUEST","PROCNAME",newProc )

Please be aware that this will ONLY work when executed from within a system Login Procedure, or a system Security procedure. If you try and set an invalid procname the system will return the infamous HTTP404 Page Not Found error!

Why can I only receive 48K of data when using IIS and SWEB.DLL?

By default IIS has a limit on how much data it will accept from a browser - this is set to 48K on installation. To receive more data you must either raise this limit or ask S/Web to get all the data for you.

To raise the limit you must set an IIS property called the UploadReadAheadSize. This is stored in the IIS Metabase ( basically an IIS-specific registry ) and may be accessed and modified by a simple Windows Script. We supply one with S/Web called setUploadSize.js which you may execute via the Windows Scripting Host ( wscript.exe or cscript.exe ) like so:

cscript setUploadSize.js -s 92000
or
wscript setUploadSize.js -s 92000

if you wanted to set the size to 92000 bytes. If you just want to see what the size is currently use:

cscript setUploadSize.js
or
wscript setUploadSize.js

If you want S/Web to get the data for you without raising the limit please follow this procedure:

Open the Control Panel and then open the 'S/Web' Control Panel Applet. On the 'IIS 4/5' tab you'll MUST set the current UploadReadAheadSize in bytes ( use the setUploadSize.js script mentioned above to find the current limit ) and make sure that the "Receive extra data" box is checked.

Now every time SWEB.DLL reaches this limit it will attempt to connect to the browser and retrieve the rest of the information. Please be aware however, that this process is somewhat slow and could leave you more vulnerable to a DOS attack, so use with care!

How do I set a custom HTTP response header value?

Use the RESPONSE object's SETCUSTOM method. This methods allows you to set a custom HTTP header string that the server will send back to the browser along with the document requested.

Custom HTTP Header strings always have the format:
name: value
e.g.
Cache-Control: no-cache Expires: Thu, 01 Dec 1994 16:00:00 GMT

So to set one we use the SETCONTENT method, passing it a dynamic array representing the header string to set. This array is a 2-part @fm delimited array; the first field is the name of the header, the second part is the value.

So to set the header:
Cache-Control: no-cache
We would do this
$insert www_Response_Equates
httpHeader = "" httpHeader<HTTP_RESPONSE_CUSTOM_HDR_NAME$> = "Cache-Control"
httpHeader<HTTP_RESPONSE_COOKIE_HDR_VALUE$> = "no-cache"
call www_Exec_Method( "RESPONSE", "SETCUSTOM", httpHeader )

How do I set a cookie on the client's browser in S/Web?

You use the SETCOOKIE method of the response object, passing it a dynamic array that represents the cookie's attributes. This array should be @fm delimited with the following structure ( as defined in the WWW_RESPONSE_EQUATES $insert record ):

equ HTTP_RESPONSE_COOKIE_NAME$ to 1 ; * // Name of the cookie
equ HTTP_RESPONSE_COOKIE_VALUE$ to 2 ; * // Value of the cookie
equ HTTP_RESPONSE_COOKIE_DOMAIN$ to 3 ; * // Domain that this cookie * // is allowed in
equ HTTP_RESPONSE_COOKIE_PATH$ to 4 ; * // Path in the domain that * // the cookie is returned to
equ HTTP_RESPONSE_COOKIE_EXPIRES$ to 5 ; * // Expiry date of cookie in ; * // internal format
equ HTTP_RESPONSE_COOKIE_SECURE$ to 6 ; * // TRUE if cookie is only sent * // with secure HTTPS connections

Example:

* // Set a cookie that is only returned to the
* // server over a secure connection that expires in
* // 30 days from now, but is passed back to the domain
* // and path from which it was set.
thisCookie = "" thisCookie<HTTP_RESPONSE_COOKIE_NAME$> = "userID"
thisCookie<HTTP_RESPONSE_COOKIE_VALUE$> = "BillyBadger"
thisCookie<HTTP_RESPONSE_COOKIE_DOMAIN$>= ""
thisCookie<HTTP_RESPONSE_COOKIE_PATH$> = ""
thisCookie<HTTP_RESPONSE_COOKIE_EXPIRES>= date() + 30
thisCookie<HTTP_RESPONSE_COOKIE_SECURE$>= TRUE$
call www_Set_Status( WWWSTATUS_CLEAR$ )
call www_Exec_Method( "RESPONSE", "SETCOOKIE", thisCookie )
if www_Get_Status( errorText ) then
   * // Handle the error
end else
   * // Cookie was set OK
end

You may use the GETCOOKIE method of the RESPONSE object to retrieve a cookie that you have already set.

Also see the RESPONSE object's COOKIES property.

For more information on cookies try this link: http://home.netscape.com/newsref/std/cookie_spec.html

How do get S/Web to call my own security function for every request?

Look at your S/Web configuration record ( WWW_CFG_yourappname in the WWW_ENV table ). On field 19 you may enter the name of a program you wish S/Web to execute before it begins to process a request.

The execution of this program takes place with the CREATE method of the CLIENT object. If you wish to deny the request via your security function make sure you set the CLIENT object's VALID property to 0. This will stop the request from processing any further. Note that if you have defined a login procedure this will be executed at this point to set the RESPONSE object's content, otherwise your security function MUST take responsibility for setting the contents of the RESPONSE object itself.

There is an example program, WWW_EXAMPLE_SECURITY_PROC, supplied with S/Web that illustrates how to write such a procedure.

[top]