Brian
Sat Aug 30 12:07:06 CDT 2003
Ok I just tried the following:
If Request.Form("login") <> "" then
Session("login") = Request.Form("login")
End if
The Session item gets set correctly as before, but is still reset to
'Empty' once the user clicks the link to another page... any ideas?
Thanks
-bB
On Sat, 30 Aug 2003 17:15:15 +0100, "jason kennedy" <jason@pinhut.com>
wrote:
>what is that advocacy doc about? and what exactly is underquoting?
>i've been posting in newsgroups via OE for a couple of years, and have never
>seen a thread advocating quoting below a post rather than above
>
>jason
>
>"Evertjan." <exjxw.hannivoort@interxnl.net> wrote in message
>news:Xns93E7A5F203126eejj99@194.109.133.29...
>> jason kennedy wrote on 30 aug 2003 in
>> microsoft.public.inetserver.asp.general:
>> >> On 30 Aug 2003 12:56:19 GMT, "Evertjan."
>> >> <exjxw.hannivoort@interxnl.net> wrote:
>> >> >Brian Burgess wrote on 30 aug 2003 in
>> >> >microsoft.public.inetserver.asp.general:
>> >> >
>> >> >> It IS in the same session! .. the user is linking .. in fact this
>> >> >> all WAS working .. until I changed the code to only set the value
>> >> >> of a Session collection item IF that item did not already have a
>> >> >> value.
>> >> >
>> >> >I think we would need to see that piece of code.
>> >>
>> > "Brian Burgess" <bburgess66@hotmail.com> wrote in message
>> >> Well I tried two ways...
>> >> 1st:
>> >> If (Session("login") = Empty) Then
>> >> Session("login") = Request.Form("login")
>> >> End If
>> >>
>> >> 2nd:
>> >> If (Session("login") = "") Then
>> >> Session("login") = Request.Form("login")
>> >> End If
>> >>
>> >>
>> >> I should also mention that the user could be transfered to this page
>> >> from some other pages .. in this case we would not have the
>> >> 'Request.Form("login")' available to us. HOWEVER, in this case we
>> >> should have already been through the login process, and therefore the
>> >> Session collection item(login) should already be set.
>> > looks like a logical flaw
>> > on your login page, it would be better to use this
>> >
>> > If Request.Form("login") <> "" then
>> > Session("login") = true
>> > End if
>> >
>> > if the user comes from another page having already logged in, to check
>> >
>> > if session("login") <> true then
>> >
>> > else
>> >
>> > end if
>>
>> [first I would like to stress, please do not underquote
>> <
http://www.xs4all.nl/%7ewijnands/nnq/nquote.html>]
>>
>> Brian is right, but do not accept the login confirmation from clientside,
>> that can be attacked.
>>
>> "If true = true then" is superfluous, so this is enough:
>>
>>
>> <%
>> If Session("loggedin") Then
>> Response.redirect "mainpage.asp"
>> End If
>>
>> If Lcase(Request.Form("loginname")) = "john" AND _
>> Request.Form("loginpassword") = "QWERty" then
>> Session("loggedin") = true
>> Response.redirect "mainpage.asp"
>> End If
>> Response.redirect "loginpage.asp"
>> %>
>>
>> ==========================
>>
>> And on mainpage.asp and all other pages:
>>
>> <%
>> If NOT Session("loggedin") Then
>> Response.redirect "loginpage.asp"
>> End If
>> %>
>>
>> If you have far more than one name/password combination,
>> a database becomes usefull.
>>
>> --
>> Evertjan.
>> The Netherlands.
>> (Please change the x'es to dots in my emailaddress)
>